Cryptopia Exchange Hacked, Investigations by New Zealand Authorities Ongoing

Cryptopia Clarifies it was a Security Breach and Investigations are Currently Ongoing
It is with the above background that the exchange has issued one more tweet explaining the crypto exchange had suffered a security breach that resulted in significant losses. The team at Cryptopia also informed its users that they have notified all relevant Government Law Agencies in New Zealand.

According to the tweet, the exchange suffered the attack on the 14th of January. All trading and movement of funds in and out of the exchange, has also been suspended. No additional information has been provided by the exchange at the moment of writing this. A copy of the message provided on twitter by the exchange can be found below.



Cryptocurrency Market Reaction To The Hack

Many keen crypto traders and enthusiasts are curious as to how the crypto markets will handle news of the hack that was carried out on Cryptopia. One needs to only remember the market after-effects when exchanges were hacked in 2018. News of exchanges being hacked were accompanied by flash selling.

Checking the crypto markets, we find that the total market capitalization is stable at $122.482 Billion with Bitcoin (BTC) trading at $3,673. A majority of the top 100 cryptocurrencies are also in the green and exhibiting moderate gains after the weekend bloodbath.

However, a full 24 hours might be necessary to gauge the effect of the Cryptopia hack on the general feel and mood of the crypto market.

What are your thoughts on news that Cryptopia has been hacked and significant losses incurred? Please let us know in the comment section below.



President Donald J. Trump is Strengthening America’s Cybersecurity

STRENGTHENING CYBERSECURITY: President Donald J. Trump is releasing a National Cyber Strategy that will strengthen our defenses against cyber threats.

President Trump’s National Cyber Strategy identifies bold new steps the Federal Government will take to protect America from cyber threats and strengthen our capabilities in cyberspace.
It is the first fully articulated National Cyber Strategy released in 15 years.
The strategy builds on President Trump’s Executive Order “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure,” signed in May 2017.
PROTECTING THE AMERICAN PEOPLE, THE HOMELAND, AND OUR WAY OF LIFE: Strengthening American cybersecurity is central to the National Cyber Strategy.



President Trump’s National Cyber Strategy will protect American networks by:

Securing Federal networks and information and our Nation’s critical infrastructure
Combatting cybercrime and improving incident reporting
PROMOTING AMERICAN PROSPERITY: President Trump’s National Cyber Strategy will help protect cyberspace as an engine of economic growth and innovation.

President Trump’s National Cyber Strategy will promote American prosperity by:

Fostering a vibrant and resilient digital economy
Protecting American ingenuity from threats such as intellectual property theft
Developing a superior cybersecurity workforce through education and recruitment
PRESERVING PEACE THROUGH STRENGTH: The National Cyber Strategy will strengthen efforts to deter destabilizing activity in cyberspace.



The National Cyber Strategy will stand up to destabilizing behavior in cyberspace by:

Promoting responsible behavior among nation states
Working to ensure there are consequences for irresponsible cyber behavior
Launching an international Cyber Deterrence Initiative
Exposing and countering online malign influence and information campaigns
ADVANCING AMERICAN INFLUENCE: The National Cyber Strategy will preserve the long-term openness of the internet, which supports and reinforces American interests.

President Trump’s National Cyber Strategy will promote an open and secure internet by:

Encouraging Nations to advance internet freedom

Advancing a multi-stakeholder model of internet governance

Promoting open, interoperable, reliable, and secure communications infrastructure

Opening overseas markets for American ingenuity

Building international cyber capacity

COMMITTED TO A SECURE CYBER FUTURE: President Trump is committed to protecting the cybersecurity of our Nation and is implementing policies that work to achieve that objective.

The President’s National Security Strategy prioritizes keeping America safe in the cyber era.
The Trump Administration has released a number of agency-specific strategies emphasizing the importance of cybersecurity.



February 28th DDoS Incident Report





DDoS Protection Powered by  DDos-GuarD
On Wednesday, February 28, 2018 GitHub.com was unavailable from 17:21 to 17:26 UTC and intermittently unavailable from 17:26 to 17:30 UTC due to a distributed denial-of-service (DDoS) attack. We understand how much you rely on GitHub and we know the availability of our service is of critical importance to our users. To note, at no point was the confidentiality or integrity of your data at risk. We are sorry for the impact of this incident and would like to describe the event, the efforts we’ve taken to drive availability, and how we aim to improve response and mitigation moving forward.

Background
Cloudflare described an amplification vector using memcached over UDP in their blog post this week, “Memcrashed – Major amplification attacks from UDP port 11211”. The attack works by abusing memcached instances that are inadvertently accessible on the public internet with UDP support enabled. Spoofing of IP addresses allows memcached’s responses to be targeted against another address, like ones used to serve GitHub.com, and send more data toward the target than needs to be sent by the unspoofed source. The vulnerability via misconfiguration described in the post is somewhat unique amongst that class of attacks because the amplification factor is up to 51,000, meaning that for each byte sent by the attacker, up to 51KB is sent toward the target.

Over the past year we have deployed additional transit to our facilities. We’ve more than doubled our transit capacity during that time, which has allowed us to withstand certain volumetric attacks without impact to users. We’re continuing to deploy additional transit capacity and develop robust peering relationships across a diverse set of exchanges. Even still, attacks like this sometimes require the help of partners with larger transit networks to provide blocking and filtering.


DDoS Protection Powered by  DDos-GuarD

The incident
Between 17:21 and 17:30 UTC on February 28th we identified and mitigated a significant volumetric DDoS attack. The attack originated from over a thousand different autonomous systems (ASNs) across tens of thousands of unique endpoints. It was an amplification attack using the memcached-based approach described above that peaked at 1.35Tbps via 126.9 million packets per second.

Given the increase in inbound transit bandwidth to over 100Gbps in one of our facilities, the decision was made to move traffic to Akamai, who could help provide additional edge network capacity. At 17:26 UTC the command was initiated via our ChatOps tooling to withdraw BGP announcements over transit providers and announce AS36459 exclusively over our links to Akamai. Routes reconverged in the next few minutes and access control lists mitigated the attack at their border. Monitoring of transit bandwidth levels and load balancer response codes indicated a full recovery at 17:30 UTC. At 17:34 UTC routes to internet exchanges were withdrawn as a follow-up to shift an additional 40Gbps away from our edge.

Next steps
Making GitHub’s edge infrastructure more resilient to current and future conditions of the internet and less dependent upon human involvement requires better automated intervention. We’re investigating the use of our monitoring infrastructure to automate enabling DDoS mitigation providers and will continue to measure our response times to incidents like this with a goal of reducing mean time to recovery (MTTR).



We’re going to continue to expand our edge network and strive to identify and mitigate new attack vectors before they affect your workflow on GitHub.com.

We know how much you rely on GitHub for your projects and businesses to succeed. We will continue to analyze this and other events that impact our availability, build better detection systems, and streamline response.


DDoS Protection Powered by  DDos-GuarD



A Frightening New Kind Of DDoS Attack Is Breaking Records





DDoS Protection Powered by  DDos-GuarD

Back in October of 2016, a denial-of-service attack against a service provider called Dyn crippled Americans’ Internet access on the east coast. Its servers were bombarded with a jaw-dropping amount of traffic. Some estimates believed the data rate of the attack peaked at around 1.2Tbps, which was unheard of at the time.

Last week hackers unleashed a new breed of DDoS attack. Security researchers tracked one that was nearly 50% more powerful than the one against Dyn.

At its peak, this next-gen DDoS attack was blasting a record-breaking 1.7 Tbps at its target. To put that into perspective, that’s roughly the same amount of bandwidth that flows through 13,600 gigabit high-speed Internet connections. With the average American’s high-speed link sitting at more like 18 or 19Mbps, that would translate to around 680,000 Americans using the full capabilities of their connection to flood the same website at the same time.

How did these new attacks become so powerful? Hackers have figured out how to exploit a bit of software called Memcached. It’s designed to speed up web page load times by caching big chunks of the data they need to access — which is often served up from remote database servers.


DDoS Protection Powered by  DDos-GuarD

As ZDNet’s Liam Tung notes, servers that run Memcached should never be exposed to the Internet. In reality, however, there can be more than 100,000 left vulnerable at any given time.

Hacker use those exposed Memcached servers to amplify their attacks. A small amount of garbage data sent to the Memcached server results in a massive flood of data being directed at the hackers’ targets. It’s much more dangerous than, say, forcing an army of connected security cameras to bombard a website directly. Bouncing traffic off a Memcached can amplify an attack by more than 51,000 times.

The good guys are already on the case, fortunately. The Department of Homeland Security has been searching for ways to protect Americans against DDoS attacks and private companies like Alphabet and Akamai are doing everything they can, too.



Significant progress has already been made. GitHub recently faced a Memcached attack against its servers, which were only downed for around five minutes. Service was spotty for another 5 before normal functionality was restored.

Not everyone is as prepared to deal with an attack as GitHub, however. The next victim of these DDoS attacks could see significant downtime — and financial losses — as a result of hacker’s new firepower.

DDoS Protection Powered by  DDos-GuarD



Cops Take Down World’s Biggest ‘DDoS-For-Hire’ Site They Claim Launched 6 Million Attacks





DDoS Protection Powered by  DDos-GuarD

European law enforcement are today celebrating the dismantling of a website police claim sold Distributed Denial of Service (DDoS) attacks and helped launch up to 6 million of them for as many as 136,000 registered users. Four alleged administrators of the webstresser.org service were arrested on Tuesday in the U.K., Canada, Croatia and Serbia, whilst the site was shut down and its infrastructure seized in Germany and the U.S., Europol announced Wednesday.

DDoS attacks typically flood web servers with traffic to take them down. So-called stressers sell those attacks as a service, offering to take down customers’ selected targets for a small fee or providing direct access to a simple DDoS tool. According to investigators working on Operation Power Off, webstresser.org appeared to be the biggest of all such services.


DDoS Protection Powered by  DDos-GuarD



DDoS hits emanating from webstresser.org targeted banks, government institutions, police forces, schools and the gaming industry, investigators said. And Americans made up the majority of both targets and customers on webstresser.org, according to Europol’s lead case coordinator, who asked to remain anonymous in speaking with Forbes exclusively ahead of today’s announcement. “It’s become one of the most important [DDoS stressers] on the market,” he said.

“It is significant,” added Gert Ras, head of the Netherlands National High Tech Crime Unit, speaking of the takedown. “It is a really big one.”

Boastful DDoSers

A Google cache of the webstresser.org site reveals a boastful set of admins, but they appeared to be advertising their DDoS stresser as a testing service to see how well websites could stand up to attacks rather than anything illegal. They claimed to provide “the strongest and most reliable server stress testing” and promised “24/7 customer support spread on over three different continents.” They sold in packages, ranging from $18.99 per month for the “bronze” membership to $49.99 for the “platinum” service.


DDoS Protection Powered by  DDos-GuarD



The team members all went by pseudonyms, including Admin the CEO, backend developer m1rk, head of support Mixerioza and “support agent” Tyrone. They ran a Facebook page too, where they encouraged customer engagement, recently asking for help with YouTube marketing. Whoever managed the Facebook page also reported some problems with the site on April 9. “Deutscher Commercial Internet Exchange is currently experiencing outages so we remain offline until their network is fixed,” one message read. Investigators said they didn’t believe that downtime was related to the law enforcement action, however.

How the investigation went down

Led by the Dutch National High Tech Crime Unit and the UK National Crime Agency (NCA), and assisted by Europol, the investigation into webstresser.org started in October last year, according to the lead case coordinator at Europol.

That month, following a DDoS on an unnamed UK bank, a tip from the NCA landed at the Dutch agency, informing them the web infrastructure for webstresser.org was hosted in the Netherlands. Forbes reviewed domain registration information for the site and found it was registered in October 2015 by someone with a Hotmail email address and who claimed to be based in the small Netherlands village of Gulpen. Forbes emailed the user but had not received a response at the time of publication.


DDoS Protection Powered by  DDos-GuarD



In November, the Dutch police were able to take “snapshots” of the site’s server, from which they recreated their own version of webstresser.org, according to Ras. That allowed them to determine how it worked and eventually led them to the identities of the alleged administrators, though Ras couldn’t say just how as the investigation continues. Even an attempt by the site’s owners to move infrastructure to Germany didn’t stymie the cops, Ras added, as American authorities took down the site today.

Investigators were also able to gather some remarkable statistics from the site, which made apparent the unprecedented scale of the DDoS market. Europol said the total time of persistent DDoS attacks launched via webstresser.org reached 15.5 years. The longest single attack reached around 10 hours, with the average around 20 minutes per target. And the admins made hundreds of thousands of dollars in the process, Ras added, as they accepted payments over PayPal and Bitcoin. Paying via Bitcoin got users a 15% discount too.”The service was professional, the most professional I’ve seen,” said Europol’s investigator. He noted the controllers of the service were using techniques to “amplify” their attacks. One involved the use of the Domain Name Service (DNS), the telephone book of the internet that connects people searching up a web address like Google.com to the relevant server. The attack relies on the fact that the computers used to deal with such requests – open DNS servers – respond to a small question with a large response. With this so-called DNS amplification, it’s possible to make a large number of small requests to the DNS server and pass on the significant returned traffic to a target website. Webstresser.org offered attacks up to 350Gbps, a sizeable hit.


DDoS Protection Powered by  DDos-GuarD

A warning

Not only were alleged administrators arrested (their names have not yet been released and so Forbes has not been able to contact their legal representation) but police across the world have also paid visits to users of webstresser.org, either arresting them or warning about their continued use of such DDoS products. The NCA said an arrest in Netherlands and another in Hong Kong had taken place today. “The message here is that people who use these services will not stay anonymous,” Ras said. “We will bring them to court.”



Whilst webstresser.org was the biggest fish in the DDoS stresser pond to fall to date, others have been dismantled in recent months. In August, the vDOS service that launched more than two million DDoS attacks over four years was closed and the alleged owners arrested in Israel. Their lawyers said the vDOS operators were simply running a legitimate tool to help businesses test the cybersecurity of their website.

It would appear cops across the world aren’t buying such claims.