Wednesday, February 22, 2017

Botnet attack analysis of Deflect protected website

The money transfer startup TransferWise has launched a new chatbot that enables Facebook (FB, Tech30) users to move funds abroad using the social platform’s Messenger service.
The bot can be used to move money between the U.S., Canada, Australia and the European Union. It will also notify users via an alert when their regularly used currencies hit favorable rates.
Facebook users were previously able to transfer money within the U.S., but not between accounts in foreign countries.
Messenger is the creepy front-end of Facebook CEO Mark Zuckerberg’s creepy vision of the future


Local Edition: Why are you still a journalist?

Deflect Labs report #3. Seamus Tuohy and View the report with 3D rendering (5mb)

This report covers attacks between April 29th and October 15th, 2016. Over this seven-month period, we recorded more than a hundred separate denial-of-service incidents against the official Black Lives Matter website. Our analysis shows a variety of technical methods used in attempts to bring down this website and the characterization of these attacks point to a “mob” mentality of malicious actors jumping on board in response to callouts made on social media and covert channels. Our reporting highlights the usage of no-questions-asked-hosting and booter services used by malicious actors to carry out these attacks. We describe the ever growing trend of Internet vandals who, searching for a little bit of infamy, launch denial-of-service attacks against the Black Lives Matter (BLM) website. Our analysis documented attacks that could be accomplished for as little as $1 and, with access to public documentation and malicious software within easy reach, only required basic technical skill. Some of the larger attacks against BLM generated millions of connections without relying on huge infrastructure. Instead, traffic was “reflected” from legitimate WordPress and Joomla sites. We compare public attribution for some of the attacks with the data coming through our networks, and present the involvement of purported members of the Ghost Squad Hackers crew in these events.”