Cryptopia Exchange Hacked, Investigations by New Zealand Authorities Ongoing

Cryptopia Clarifies it was a Security Breach and Investigations are Currently Ongoing
It is with the above background that the exchange has issued one more tweet explaining the crypto exchange had suffered a security breach that resulted in significant losses. The team at Cryptopia also informed its users that they have notified all relevant Government Law Agencies in New Zealand.

According to the tweet, the exchange suffered the attack on the 14th of January. All trading and movement of funds in and out of the exchange, has also been suspended. No additional information has been provided by the exchange at the moment of writing this. A copy of the message provided on twitter by the exchange can be found below.

Cryptocurrency Market Reaction To The Hack

Many keen crypto traders and enthusiasts are curious as to how the crypto markets will handle news of the hack that was carried out on Cryptopia. One needs to only remember the market after-effects when exchanges were hacked in 2018. News of exchanges being hacked were accompanied by flash selling.

Checking the crypto markets, we find that the total market capitalization is stable at $122.482 Billion with Bitcoin (BTC) trading at $3,673. A majority of the top 100 cryptocurrencies are also in the green and exhibiting moderate gains after the weekend bloodbath.

However, a full 24 hours might be necessary to gauge the effect of the Cryptopia hack on the general feel and mood of the crypto market.

What are your thoughts on news that Cryptopia has been hacked and significant losses incurred? Please let us know in the comment section below.

President Donald J. Trump is Strengthening America’s Cybersecurity

STRENGTHENING CYBERSECURITY: President Donald J. Trump is releasing a National Cyber Strategy that will strengthen our defenses against cyber threats.

President Trump’s National Cyber Strategy identifies bold new steps the Federal Government will take to protect America from cyber threats and strengthen our capabilities in cyberspace.
It is the first fully articulated National Cyber Strategy released in 15 years.
The strategy builds on President Trump’s Executive Order “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure,” signed in May 2017.
PROTECTING THE AMERICAN PEOPLE, THE HOMELAND, AND OUR WAY OF LIFE: Strengthening American cybersecurity is central to the National Cyber Strategy.

President Trump’s National Cyber Strategy will protect American networks by:

Securing Federal networks and information and our Nation’s critical infrastructure
Combatting cybercrime and improving incident reporting
PROMOTING AMERICAN PROSPERITY: President Trump’s National Cyber Strategy will help protect cyberspace as an engine of economic growth and innovation.

President Trump’s National Cyber Strategy will promote American prosperity by:

Fostering a vibrant and resilient digital economy
Protecting American ingenuity from threats such as intellectual property theft
Developing a superior cybersecurity workforce through education and recruitment
PRESERVING PEACE THROUGH STRENGTH: The National Cyber Strategy will strengthen efforts to deter destabilizing activity in cyberspace.

The National Cyber Strategy will stand up to destabilizing behavior in cyberspace by:

Promoting responsible behavior among nation states
Working to ensure there are consequences for irresponsible cyber behavior
Launching an international Cyber Deterrence Initiative
Exposing and countering online malign influence and information campaigns
ADVANCING AMERICAN INFLUENCE: The National Cyber Strategy will preserve the long-term openness of the internet, which supports and reinforces American interests.

President Trump’s National Cyber Strategy will promote an open and secure internet by:

Encouraging Nations to advance internet freedom

Advancing a multi-stakeholder model of internet governance

Promoting open, interoperable, reliable, and secure communications infrastructure

Opening overseas markets for American ingenuity

Building international cyber capacity

COMMITTED TO A SECURE CYBER FUTURE: President Trump is committed to protecting the cybersecurity of our Nation and is implementing policies that work to achieve that objective.

The President’s National Security Strategy prioritizes keeping America safe in the cyber era.
The Trump Administration has released a number of agency-specific strategies emphasizing the importance of cybersecurity.

Is Donald Trump is a danger to national security?

An open letter signed by 50 Republican national security experts has warned that nominee Donald Trump “would be the most reckless president” in US history.

General Michael Hayden, director of the CIA between 2006 and 2009 and one of the signatories, told World at One’s Martha Kearney that the presidential nominee would be “very dangerous indeed” for national security.

Dr Michael Scheuer, a CIA officer for 22 years who has endorsed Donald Trump, said the group behind the letter “deserved to be ignored”.

February 28th DDoS Incident Report

DDoS Protection Powered by  DDos-GuarD
On Wednesday, February 28, 2018 was unavailable from 17:21 to 17:26 UTC and intermittently unavailable from 17:26 to 17:30 UTC due to a distributed denial-of-service (DDoS) attack. We understand how much you rely on GitHub and we know the availability of our service is of critical importance to our users. To note, at no point was the confidentiality or integrity of your data at risk. We are sorry for the impact of this incident and would like to describe the event, the efforts we’ve taken to drive availability, and how we aim to improve response and mitigation moving forward.

Cloudflare described an amplification vector using memcached over UDP in their blog post this week, “Memcrashed – Major amplification attacks from UDP port 11211”. The attack works by abusing memcached instances that are inadvertently accessible on the public internet with UDP support enabled. Spoofing of IP addresses allows memcached’s responses to be targeted against another address, like ones used to serve, and send more data toward the target than needs to be sent by the unspoofed source. The vulnerability via misconfiguration described in the post is somewhat unique amongst that class of attacks because the amplification factor is up to 51,000, meaning that for each byte sent by the attacker, up to 51KB is sent toward the target.

Over the past year we have deployed additional transit to our facilities. We’ve more than doubled our transit capacity during that time, which has allowed us to withstand certain volumetric attacks without impact to users. We’re continuing to deploy additional transit capacity and develop robust peering relationships across a diverse set of exchanges. Even still, attacks like this sometimes require the help of partners with larger transit networks to provide blocking and filtering.

DDoS Protection Powered by  DDos-GuarD

The incident
Between 17:21 and 17:30 UTC on February 28th we identified and mitigated a significant volumetric DDoS attack. The attack originated from over a thousand different autonomous systems (ASNs) across tens of thousands of unique endpoints. It was an amplification attack using the memcached-based approach described above that peaked at 1.35Tbps via 126.9 million packets per second.

Given the increase in inbound transit bandwidth to over 100Gbps in one of our facilities, the decision was made to move traffic to Akamai, who could help provide additional edge network capacity. At 17:26 UTC the command was initiated via our ChatOps tooling to withdraw BGP announcements over transit providers and announce AS36459 exclusively over our links to Akamai. Routes reconverged in the next few minutes and access control lists mitigated the attack at their border. Monitoring of transit bandwidth levels and load balancer response codes indicated a full recovery at 17:30 UTC. At 17:34 UTC routes to internet exchanges were withdrawn as a follow-up to shift an additional 40Gbps away from our edge.

Next steps
Making GitHub’s edge infrastructure more resilient to current and future conditions of the internet and less dependent upon human involvement requires better automated intervention. We’re investigating the use of our monitoring infrastructure to automate enabling DDoS mitigation providers and will continue to measure our response times to incidents like this with a goal of reducing mean time to recovery (MTTR).

We’re going to continue to expand our edge network and strive to identify and mitigate new attack vectors before they affect your workflow on

We know how much you rely on GitHub for your projects and businesses to succeed. We will continue to analyze this and other events that impact our availability, build better detection systems, and streamline response.

DDoS Protection Powered by  DDos-GuarD

A Frightening New Kind Of DDoS Attack Is Breaking Records

DDoS Protection Powered by  DDos-GuarD

Back in October of 2016, a denial-of-service attack against a service provider called Dyn crippled Americans’ Internet access on the east coast. Its servers were bombarded with a jaw-dropping amount of traffic. Some estimates believed the data rate of the attack peaked at around 1.2Tbps, which was unheard of at the time.

Last week hackers unleashed a new breed of DDoS attack. Security researchers tracked one that was nearly 50% more powerful than the one against Dyn.

At its peak, this next-gen DDoS attack was blasting a record-breaking 1.7 Tbps at its target. To put that into perspective, that’s roughly the same amount of bandwidth that flows through 13,600 gigabit high-speed Internet connections. With the average American’s high-speed link sitting at more like 18 or 19Mbps, that would translate to around 680,000 Americans using the full capabilities of their connection to flood the same website at the same time.

How did these new attacks become so powerful? Hackers have figured out how to exploit a bit of software called Memcached. It’s designed to speed up web page load times by caching big chunks of the data they need to access — which is often served up from remote database servers.

DDoS Protection Powered by  DDos-GuarD

As ZDNet’s Liam Tung notes, servers that run Memcached should never be exposed to the Internet. In reality, however, there can be more than 100,000 left vulnerable at any given time.

Hacker use those exposed Memcached servers to amplify their attacks. A small amount of garbage data sent to the Memcached server results in a massive flood of data being directed at the hackers’ targets. It’s much more dangerous than, say, forcing an army of connected security cameras to bombard a website directly. Bouncing traffic off a Memcached can amplify an attack by more than 51,000 times.

The good guys are already on the case, fortunately. The Department of Homeland Security has been searching for ways to protect Americans against DDoS attacks and private companies like Alphabet and Akamai are doing everything they can, too.

Significant progress has already been made. GitHub recently faced a Memcached attack against its servers, which were only downed for around five minutes. Service was spotty for another 5 before normal functionality was restored.

Not everyone is as prepared to deal with an attack as GitHub, however. The next victim of these DDoS attacks could see significant downtime — and financial losses — as a result of hacker’s new firepower.

DDoS Protection Powered by  DDos-GuarD