Tag Archives: ddos

Microsoft Confirmed June Outlook Outage Was Caused By DDoS Attacks

Earlier this month, a group known as Anonymous Sudan took credit for a service outage that disrupted access to Outlook, OneDrive and a handful of other Microsoft online services, Engadget reported.

After initially sharing little information about the incident, the company confirmed late Friday had been the target of a series of distributed denial-of-service attacks.

Microsoft posted information titled: “Microsoft Responds to Layer 7 Distributed Denial of Service (DDoS) Attacks”. From their post:

Beginning in early June 2023, Microsoft identified surges in traffic against some services that temporarily impacted availability. Microsoft promptly opened an investigation and subsequently began tracking ongoing DDoS activity by the threat actor that Microsoft tracks as Storm-1359.

These attacks likely rely on access to multiple virtual private servers (VPS) in conjunction with rented cloud infrastructure, open proxies, and DDoS tools.

We have seen no evidence that customer data has been accessed or compromised.

This recent DDoS attack targeted layer 7 rather than 3 or 4. Microsoft hardened layer 7 protection including tuning Azure Web Application Firewall (WAF) to better protect customers from the impact of similar DDoS attacks. While these tools and techniques are highly effective mitigating the majority of disruptions, Microsoft consistently reviews the performance of its hardening capabilities and incorporates learnings into refining and improving their effectiveness…

…Microsoft assessed that Storm-1359 has access to a collection of botnets and tools that could enable the threat actor to launch DDoS attacks from multiple cloud services and open proxy infrastructures. Storm-1359 appears to be focused on disruption and publicity.

Storm-1359 has been observed launching several types of layer 7 DDoS attack traffic:

HTTP(S) flood attack – This attack aims to exhaust the system resources with a high load of SSL/TLS handshakes and HTTP(S) requests processing. In this case, the attacker send a high load (in the millions) of HTTP(S) requests that are well distributed across the globe from different source IPs. This causes the application backend to run out of compute resources (CPU and memory).

Cache bypass – This attack attempts to bypass the CDN layer and can result in overloading the origin servers. In this case, the attacker sends a series of queries against generated URL’s that force the frontend layer to forward all the requests to the origin rather than serving from cached contents.

Slowloris – This attack is where the client opens a connection to a web server, requests a resource (e.g., an image), and then fails to acknowledge the download (or accepts it slowly). This forces the web server to keep the connection open and the requested resource in memory.

Bleeping Computer reported that while Microsoft tracks the threat actors as Storm-1359, they are more commonly known as Anonymous Sudan.

According to Bleeping Computer, Anonymous Sudan launched in January 2023, warning that they would conduct attacks against any country that opposes Sudan.

Since then, the group has targeted organizations and government agencies worldwide, taking them down in DDoS attacks or leaking stolen data…

…In June, Anonymous Sudan turned their attention to Microsoft, where they began DDoS attacks on web-accessible portals for Outlook, Azure, and OneDrive, demanding $1 million to stop the attacks.

In my opinion, people who engage in DDoS attacks against big companies because they are angry about something are misguided. Big companies like Microsoft tend to have the tools to put a stop to DDoS attacks.

Hacker Gets 27 Months in Prison for DDoS Attacks

A few years ago, a hacker decided to be a jerk right around Christmas time. He launched DDoS attacks against several gaming companies. The purpose seemed to be to prevent children (and adults) who received new video games and/or consoles as gifts from being able to use them. This mean-spirited hacker has now been sentenced to 27 months in prison.

Information about this case was posted on the U.S. Department of Justice website (more specifically, on the part for the U.S. Attorneys Southern District of California). The information was posted on July 2, 2019.

Austin Thompson of Utah was sentenced in federal court today to 27 months in prison for carrying out a series of so-called denial-of-service computer hacking attacks against multiple victims between 2013 and 2014. The defendant was also ordered to pay $95,000 in restitution to one of the victims – Daybreak Games, formerly Sony Online Entertainment.

Austin Thompson is free on bond, and must surrender to authorities on August 23, 2019.

ZDNet reported that Austin Thompson is 23 years old, and used the name @DerpTrolling on Twitter. He used that Twitter account to announce attacks and also to take requests for services that other Twitter users wanted him to take down.

According to ZDNet, Austin Thompson launched DDoS attacks against Sony’s PlayStation Network, Valve’s Steam, Microsoft’s Xbox, EA, Riot Games, Nintendo, Quake Live, DOTA2, and League of Legends Servers, among others.

Hopefully, this will be a warning to other “trolls” who think it would be funny to launch DDoS attacks “for the lulz”. There is now legal precedent that launching a DDoS attack can result in a huge fine and prison time.

PlayStation and Xbox Live Experiencing Outages

Sony PlayStation LogoThere’s a reason why you had difficulties accessing Sony’s online PlayStation store and Microsoft’s Xbox Live network during Christmas. Each has been experiencing disruptions from a DDoS attack that began on Christmas Eve, continued through Christmas Day, and is still ongoing.

The group that has claimed responsibility for the disruptions is the same one that has a history of destroying other people’s fun by making it impossible for them to access online games. This is especially problematic during Christmas as people who received new games try to get online to play them. Some have noted that Sony’s decision to let people download the controversial movie The Interview through Xbox Video could be adding to the problem.

The PlayStation Knowledge Center has mentioned the issue. At the time I am writing this, the PSN Status is “Offline”. Further information says: “We are aware that some users are experiencing difficulty logging into the PSN. We will update this article with any changes that occur in regards to this issue. Thank you for your patience.”

Similarly, Microsoft has posted some information about the outage on their Xbox Live Support page. At the time I am writing this, the Xbox Live Core Services is “Limited”. Further information says: “Xbox members, are you experiencing issues when attempting to sign in? We’re aware of this issue, and we’re working to find a fix ASAP! We appreciate your patience in the meantime, and we encourage you to retry signing in when you get a chance. We’ll update you as soon as we know more”.

Blizzard Entertainment Hit by Another DDoS Attack

Blizzard GoldFriday nights are typically a great time to get online and play some video games. Unless, of course, you can’t play due to a DDoS attack destroying your fun. That’s exactly what happened to Blizzard Entertainment’s Battle.net the Friday night after Thanksgiving. Frustratingly, this is not the only DDoS Blizzard has experienced this month.

The Battle.net launcher is what players use to log in to any of Blizzard’s games. Those games include: World of Warcraft, Diablo III, Starcraft II, and Hearthstone. Players who were already logged in and playing noticed some big problems and mentioned their experiences on Twitter.

Many said that the World of Warcraft servers had crashed. Some lamented the loss of their hardcore characters as issues plagued the Diablo III game. If your hardcore character dies, for any reason, it stays dead. That character can’t be “resurrected” and keep going – you have to start all over again.

The @BlizzardCS account on Twitter later confirmed that they were experiencing a DDoS attack.

About 90 minutes later, the @BlizzardCS account tweeted that things had been resolved.

Earlier this month, Blizzard released Warlords of Draenor, the fifth and newest expansion to World of Warcraft. That same day, a DDoS attack prevented players from accessing the game.

DDoS Attacks Shut Down Online Gaming Servers

Sony Playstation LogoWas your favorite online video game difficult to access over the weekend? There is a reason for that. A group decided to use a DDoS attack against several of the big gaming companies servers. I’ve no idea what the motivation of this group was, and choose not to speculate as to what they may have been thinking. If you were on Twitter this weekend you may have seen a lot of confused and frustrated tweets from gamers who were just trying to have fun playing some online video games.

The group targeted Blizzard Entertainment’s servers. This caused difficulties for those trying to access Battle Net, World of Warcraft, Diablo III, Hearthstone and other Blizzard games. Riot Games’ League of Legends was attacked and so was Grinding Gear Game’s Path of Exile.

Blizzard was keeping people informed about the outage through their @BlizzardCS account on Twitter. They did not directly mention a DDos attack, and instead tweeted things like “We’re investigating issues where players are unable to connect or log into their characters.” Updates about the situation were provided through that Twitter account.

Sony’s PlayStation Network (PSN) was attacked, too. The PlayStation Blog has a post that gives some details.

The original post started with Like other major networks around the world, the PlayStation Network and Sony Entertainment Network have been impacted by an attempt to overwhelm our network with artificially high traffic. The blog was later updated to say: The PlayStation Network and Sony Entertainment Network are back online and people can now enjoy the services on their PlayStation devices. The networks were taken offline due to a distributed denial of service attack.

Grinding Gear Games sent out a Tweet on their @PathofExile Twitter account about it.

From what I saw via Twitter, it appeared that some of these gaming companies had their servers go down more than once. I am of the impression that stability has been restored to the affected servers now. Hopefully, that is the end of the problem.

Anonymous Plans November 5th Facebook Attack – Needs to be Stopped

The following message showed up on YouTube. I have transcribed:

Attention citizens of the world. We are anonymous. We wish to get your attention hoping you heed the warnings as follows. Your medium of communication that you all so dearly adore will be destroyed. If you are a willing activist, or a guy who just wants to protect the freedom of information, then join the cause and kill Facebook for the sake of your own privacy. Facebook has been selling information to government agencies and giving clandestine access to information security firms so they can spy on people from all around the world.

Some of these so-called “White hot infosec” firms are working for a formatarian governments such as those of Egypt and Seria. Everything you do on Facebook stays on Facebook regardless of your “Privacy” settings and deleting your account is impossible – even if you delete your account all your personal info stays on Facebook and can be recovered at any time.

Changing the privacy settings to make your Facebook account more private is even a dilusion. Facebook knows more about you than your family. You cannot hide from the reality in which you – the people of the internet – live in facebook – is the opposite of the anti-sec cause.

You’re not safe from them nor any government.

One day you will look back on this and realize what we have done here is right. Think for a while and prepare for a day that will go down in history.
November 5th 2011. We are anonymous. We are legion. We do not forgive, we do not forget. Expect us.

Why Nov 5th, 2011?

Guy Fawkes Mask
Guy Fawkes Mask

This is Guy Fawkes Day, which commemorates when Fawkes and others placed explosives under the British House of Lords in 1605. Fawkes is the mask Anonymous wears. Therefore, they chose this date to bring a social network down.

Joke or Reality?

That is tough to say. Anonymous is an established group, so the attempt can be taken a little more serious. Since we don’t know who makes up this group, it makes this harder to determine. For all we know, several of the members used to work for Facebook. Possibly even a programmer that might have created a secure back door to initiate this attack.

Bottom Line: This Needs to be Stopped!

This is a terrorist action and Anonymous should be treated as such. There is a famous term that most of us take to heart – We shall not succumb to terrorist threat. Violence does not beget violence.

If Facebook is doing what Anonymous says, then they need to be prosecuted in a court of law. No one group gets to decide their fate.

What will be next? Google+? Twitter? Your website?

Zero Tollerance – FBI Needs to Get Involved.

Think about it – You take down a giant in Facebook like that and it has a major economic effect. People build business around Facebook and with the site forcefully taken down like that, people can literally lose millions. Bringing in a new financial crisis to an already unstable economy.

We do not know how this organization will bring Facebook down – and that is the most important part. We assume that it’s going to be something like a DDoS or major virus. What if it’s a physical attack on their server farms or offices?

Remember: Guy Fawkes Organization used explosives to take down the British House of Lords.

This is not the way to do it. With these actions, Anonymous might find that they are protecting the one thing they want to bring down. A threat is a threat, whether a joke or not.

Facebook has many protocols in place to prevent such an attack. I would suggest, however, that Facebook change some policy and review their systems just to make sure there is no back door. Then make sure they have security in place on November 5th.

This is never something you should joke about. I hope they take Anonymous down. Period.

GNC-2011-03-03 #652 We have a Winner

A winner is announced in the show today congrats to Anthony Y for winning and Apple TV. Big thank you to the 32 people that participated in this round of contributions and the 14 new insiders that are now supporting the show. We will giveaway another cool product in the next couple of weeks. As an insider you are automatically entered in all of our contest here at GNC. I am very excited about our PowerPress update coming tomorrow and you get an inside look at what is coming plus a whole bunch of Tech news!

The following Sponsors keep GNC running your support of them is greatly appreciated!
GoDaddy services saves you lot’s of money, check out my Promo Codes Today.
Sponsor: Get your 14 day Free Trial of Audible Gold to start Listening

Subscribe Today: Audio | Video | iTunes | Zune
Download the Show File

Follow @geeknews on Twitter
Geek News Central Facebook Page
Purchase GNC gear from the Ohana Store!
Show Hotline 24/7 1-619-342-7365 or e-mail geeknews@gmail.com

Listener Links
Secret Scanning of your Body by Home Land Security?
3TB Drive is Shipping.
Robotics Shutdown in Space.

Show Notes:
Post PC World Non Sense.
Trade In Prices drop like a Rock!
Bloggers in Australia get more Protections.
Antitrust Investigation on H.264 Consortium!
Print with your Droid.
10 PC gaming Emulators from 80’s
Is a Site Safe or Not?
Airplay Expanding!
HBO Expanding Media.
Android Set Top Boxes?
Blu-Ray versus DVD
Easier to Use Bit Torrent Client.
iPad 2 Accessory.
Roku iPhone App Updated.
P2P lawsuits and Real People’s Lives.
Illegal TV Streamers feel arm of Federal Gov’t.
New Tablet Plans from AT&T.
New Hotspot Plans AT&T.
Malware + Android = Easy Victims.
Stop Snooping on Email.
Beam me up Scotty.
Twitter Battle with Police and Party Animals.
Carbon Credit Legislation under Fire.
Do FCC Fee’s help Poor?
ICE in Antarctica.
Timezone Database Keeper?
Groupon Class Action Suit.
Recording Police in Conn, about to get easier.
X-37 Sister Ship?
Facebook Comments on Blogs?
Techmeme and Hacker News head to head.
Angry Bird 30 Million Downloads?
Wordpress.com DDOS Today.
Twitter App update hammers you with Ads.
Chrome + Hardware Acceleration = Faster Images on Web.
Latest UFO Scam Video.
VW Parody
Google Self Driving Car not American Made?
Netflix iPad Update.
Ford Sync in 19 Languages!
Gmail Fixed.
iPad Apple Smart Covers?
A Windows Journey.