Monthly Archives: October 2015

Mafiaboy takes down eBay/ETRADE/Amazon and Yahoo at the same time – RATE THIS ATTACK

Michael Calce, who went by the online name Mafiaboy when he launched a massive cyberattack at highly publicized denial-of-service attacks in February 2000 against large commercial websites, including Yahoo!, Fifa.com, Amazon.com, Dell, Inc., E*TRADE, eBay, and CNN. He also launched a series of failed simultaneous attacks against 9 of the 13 root name servers. The impressive part is that the attacks were launched almost simultaneously and there was still enough bandwidth to go around to take down multiple high profile sites.

DDoS was a lot easier back in those days, I remember one of the attacks launched at an IRC user that lived in Romania that always made me laugh, instead of just DoS’n the user they DDoS’d the uplink that provided bandwidth to the entire country – YES – they took a country offline with a few servers and good old ./milk.c and ./stream.c

This was back in my hay-day on IRC when there was only a handful of gifted hackers out there, 0day exploits would remain 0day for months and even years. Virtually every single .edu, .gov, .mil, .kr, .jp that ran IRIX/SOLARIS/Linux*/*BSD or any other flavors of *nix were completely owned and were pulled into a DDoSnet using MSTREAM, Trinoo, TFN or Stacheldraht.

 

After serving jail time he wrote a few books, here is a great read for a few dollars on his adventures:
Mafiaboy: A Portrait of the Hacker as a Young Man

 

Share Button

China’s Great Cannon Man-on-the-Side DrDoS/DDoS TTP Attack – Rate this Attack

China’s Great Cannon DDoS/DrDoS attack on GITHUB and other targets, they were able to redirect legitimate user traffic originating from outside their country in one of the largest and longest sustained attacks. China used their largest search engine Baidu as a medium to conduct the attack. Just like webmasters put Google analytics on their websites, Baidu has a similar plugin to track user actions, China used sites with the analytics to redirect outside traffic to Github creating millions and millions of GET requests exhausting all resources on their servers, even with traffic shaping and load balancing they were helpless.

Share Button

eBay Hacked June 2014 – Rate this Hack for Rankings

Forbes.com report for eBay hack:

eBay went down in a blaze of embarrassment as it suffered this year’s biggest hack so far. In May, eBay revealed that hackers had managed to steal personal records of 233 million users. The hack took place between February and March, with usernames, passwords, phone numbers and physical addresses compromised.

Share Button

The Office of Personnel Management (OPM) Data Breach – RATE THIS HACK

opmThe Office of Personnel Management released a statement which underestimated the number of people whose fingerprints were stolen in a data breach that officials said originated in China. The federal agency said 5.6 million people’s fingerprints were compromised—not 1.1 million, as previously thought.

Some consider it to be the greatest hack of the United States government of all time.

Earlier this month, the Defense Department awarded
a $133 million contract to an identity-theft-protection-services company to monitor the hacked data.

Share Button

Hacking Team got Hacked – 400gb Data Dump – 3 0day Exploits – July 2015 – RATE THIS HACK

hackingteam

“unidentified hackers published a massive, 400 gigabyte trove on bittorrent of internal documents from the Milan-based Hacking Team, a firm long accused of unethical sales of tools that help governments break into target computers and phones. The breached trove includes executive emails, customer invoices and even source code; the company’s twitter feed was hacked, controlled by the intruders for nearly 12 hours, and used to distribute samples of the company’s hacked files. The security community spent Sunday night picking through the spy firm’s innards and in some cases finding what appear to be new confirmations that Hacking Team sold digital intrusion tools to authoritarian regimes. Those revelations may be well timed to influence an ongoing U.S. policy debate over how to control spying software, with a deadline for public debate on new regulations coming this month.” – Pulled from Wired.com

 

 

Share Button