One Million IP Addresses Used In Brute-Force Attack On A Bank

Cisco says in just one week in February they detected 1,127,818 different IP addresses being used to launch 744,361,093 login attempts on 220,758,340 different email addresses -- and that 93% of those attacks were directed at two financial institutions in a massive Account Takeover (ATO) campaign. An anonymous reader writes: Crooks used 993,547 distinct IPs to check login credentials for 427,444,261 accounts. For most of these attacks, the crooks used proxy servers, but also two botnets, one of compromised Arris cable modems, and one of ZyXel routers/modems. Most of these credentials have been acquired from public breaches or underground hacking forums. This happened before the recent huge data breaches such as MySpace, LinkedIn, Tumblr, and VK.com.
It's apparently similar to the stolen-credentials-from-other-sites attack that was launched against GitHub earlier this week.

Cloud Computing For The Win.

[zenlessyank]

What is the world record for cloud attacks? Cloud City needs some policing.

Re:Cloud Computing For The Win.

[h33t+l4x0r]

This might be the record but just wait until ipv6

Re:Cloud Computing For The Win.

[antdude]

Blame Lando!

Re:Cloud Computing For The Win.

the banks failed this one, even more than the people who use same password on multiple sites and got fucked over by these recent breaches..

by allowing (average) 430 login attempts (guessing most were invalid) to different accounts on a single ip address in that period of time... three in a day, 10 a week. that's what i'd shut it down at.. that would be enough to cover virtually all hotspot and other legitimate shared address scenarios.

the banks also should have done what some other online services have done, and that's comb through these leaked files themselves and force-reset any affected accounts.

Re: One Million is nothing

One million is more than you have and probably more than that orange condom is actually worth.

Re: One Million is nothing

Nothing to worry about. Money is about as real as bitcoins. We can either print more, or just set the debt column to zero in Microsoft Excel.

Internet of Thieves

[Black+Parrot]

Didn't realize what IoT actually stands for.

Re:Internet of Thieves

[DaMattster]

This is why self-driving vehicles are a bad idea! One good penetration could turn a 80,000 lb semi into a lethal weapon.

Re:Internet of Thieves

Self driving doesn't have to be connected.

If the vehicle is offline while operating, or always (yeah, I know it's not going to happen) and only updates over sneakernet, then the only fear is software bugs, not exploits.

Re:Internet of Thieves

[spire3661]

"Self driving doesn't have to be connected." For the most part yes it will be forced. Your vehicle will be connected to the road, other cars (V2V) and the internet, possibly on separate links. The vehicle will only operate once authenticated by the road. To be road authenticated you will have to running the most current version of software, which will be updated very frequently. The future of driving is bleak and glorious all at the same time.

Re:Internet of Thieves

Early prototypes are hardly the production vehicles of tomorrow. They only work under very narrow circumstances.

I have worked in automotive for over twenty years and I happen to think this prediction of spire's is pretty good. You _will_ be forced to run the latest software with updates to prevent the latest unforeseen circumstances not covered under earlier versions, updated maps, traffic rules, construction locations, etc.

You seem to have an attitude. Huh.

Re:One Million is nothing

we owe 19 TRILLION dollars, thats 19 million million. America has been DESTROYED under obama's rule.

So it's perfectly OK when Bush increased our national debt by 6 trillion, but not OK for Obama to increase it by 6.5 trillion ?

I'm surprised this isn't happening more often

[damn_registrars]

My own personal (as in, at home hosted on a cable modem) web server used to get these same kinds of distributed dictionary attacks, botnet attempts to gain access to whatever they can. There were times when I would see this type of thing almost once a month or so; then it started to taper off and I haven't seen it in some time. I figured the botnets were just doing other things (or had decomposed).

And yes, I acknowledge that there is nothing important about my web server. I figured the botnets just occasionally go through every IP address they can find that accepts ssh connections and my number comes up every so often. I've never seen an IP address come up in both my web and ssh logs.

And yes, I know I can do more to prevent this. People offer up plenty of suggestions. Frankly I don't care, and I actually enjoy seeing tons of blocked ssh traffic in my logs from time to time. As you might expect the vast overwhelming majority of traffic is Chinese script kiddies attempting dictionary attacks as root; I don't care about those as I don't allow remote root. I find the distributed, phone book, and distributed phone book attacks much more interesting. They even give me a chance to tune up my cron jobs that parse my server logs :)

Re:I'm surprised this isn't happening more often

[pepsikid]

Yeah, one of the perks of running servers on a residential line is seeing firsthand all of the exploits. I'm fond of decrypting those mime-encrypted javascripts embedded in urls and finding the patebin page or hostname which it tries to fetch more scripts from; getting that shiat reported. If I were evil, i could build quite a library of exploits to use on others. They just send me these things haha!

Re:I'm surprised this isn't happening more often

[DaMattster]

I used to host my own web/email server but since the cost of protected virtual servers has come down significantly, I decided to move my hosting to the cloud. I actually save on my electric bill too. LOL

Re:I'm surprised this isn't happening more often

[pepsikid]

I have my own cloud. I save on electricity by packing multiple servers into one box which is on 24/7 anyway. Having the servers physically located beside me relieves me of further concern that my hardware, website or forum might be seized or MitM'd. Also, the HOA can't sweet-talk some meddling corporation into kindly muzzling "that scofflaw." :)

Re:I'm surprised this isn't happening more often

I used to get tons of ssh break in attempts. Switching port 22 to another completely stopped it. Seems that most script kiddies are doing the hacking.

Re:I'm surprised this isn't happening more often

Not necessarily. After all, the real people just know that people who take the effort to move it to a different port probably take other steps to secure it. An ssh daemon left on the default port has a higher chance of being unsecured and doesn't have best practices in place, such as disabling root access and public key encryption.

Re:I'm surprised this isn't happening more often

[bloodhawk]

why build a library, just download the kits like all the script kiddies are doing that are hitting you. They aren't hand crafting these against you they are just using the readily available exploit scanning kits.

Re:I'm surprised this isn't happening more often

SO lets see. You are not saving energy by keeping a system on 24/7, you are spending more money on power and cooling than you would if you put that computer in a colocated datacenter (I have ran the numbers more than enough times, I'm using typical residental power rates of 9cents/kWhr). Second, having physical access to your servers doesn't increase security. Your 5 pin tumbler lock is no match to an advanced lockpick set compared to the IDing, fingerprinting, and biometric scanning most datacenters put you through. Finally, the corporation can sweet talk the HOA, your local police, and ISP into redirecting, restricting, or rejecting packets destined to or from your server.

Do yourself a favor, either host in a datacenter somewhere or host at home. But don't fool yourself into thinking you are more secure, saving money, or run your own "cloud" on a single piece of hardware. You are doing none of the above.

Re:I'm surprised this isn't happening more often

[pepsikid]

Rather strong language there, AC stranger. Too bad you're wrong. I said the pc is on 24/7 ANYWAY. Instead of 4 of them on all the time. Also, I have attached a duct which vents its heat right out the window, lol. Physical access to the servers prevents others from seizing control and taking them over to operate as their own. As in the case of an asshole HOA that wants to boot me off my forum and neighborhood site, and run them their way. Which they did once last year. Someone very resourceful might mitm the external traffic, but I know I can always regain direct admin access even if I get hacked. You have no idea how good the security is here. Suffice to say it is excellent.

3 backdoors?

How incompetent do you have to be as a company to have THREE backdoors in your own router, intentional or accidental....

Re:3 backdoors?

If you're talking about Arris, it looks more like malice than incompetence. The backdoors were put there on purpose. Lots of cable modems at ISP's PavlovMedia.com and Hargray.com seem to be pwned. Tons and tons of spam is coming from their IP's, either all their customers got infected with the same Trojan or they all use the same cable modem and I know which is more likely. I wonder if those ISP's were a big part of the bank attack?

Re:3 backdoors?

[MrL0G1C]

And there's the fact that they allowed millions of attacks before shutting off the service (if they had the sense to actually shut it off).

Re:Where's the fucking Chekov article!?!?

Star Wars news never had a problem reaching the frontpage.... just saying

Re: Where's the fucking Chekov article!?!?

[Jack_the_Tripper]

Agreed, the editors have really been dropping the ball for years. It takes them days to report on recent events.

Well...them IP addresses, they had to count them all. Now they know how many IPs it takes to fill the Albert Hall.

Apparently I longer have the biggest list

[raymorris]

For long time, I had probably the largest database of active bots and open proxies. I haven't counted for a while, but I don't think I have a million. That's one hell of an attack. Typically we see hundreds to a few thousand used in each attack.

Link with leaks

[manu0601]

How documented is the link with MySpace, LinkedIn, Tumblr, and VK.com leaks? It is in Slashdot summary but not in referenced articles at Akamai and Softpedia.

Re:One Million is nothing

[Imrik]

First, you should recheck your numbers. Second, Obama called it treasonous when Bush did it.

Re: One Million is nothing

[Beeftopia]

Money is a measure of effort required to get a unit of it. It is also like a claim on goods and services. It is a logical construct, but it is not meaningless. The construct has persisted for millennia as a result of the benefits it provides to individuals.

To a central bank which can have it printed, it can seem meaningless. And the effort required to obtain a unit of it by an agricultural field hand versus the CEO of a financial services company are obviously very different. Central banks can distribute it to desired companies via bond purchases and other enticements.

Re: Where's the fucking Chekov article!?!?

I'd love to turn you on

oh boy

better crack down on spoofing or better yet patent numbers.

ipv6 is worse yet because it's as hard to read the firewall logs as it is systemd's binary shit

Re: One Million is nothing

You do know Congress sets spending...

Re:One Million is nothing

Damn, but you really are one special kinda retard.

Re:One Million is nothing

Conservative bullshit. You really are a special kind of idiot.

Re:One Million is nothing

I would say it was a moronic act by both. Evnetually it is going to bite the US on the arse in a big way, their is only so far you can keep kicking the debt down the road as the higher it goes the less money the government has (as it has to spend an ever increasing portion on interest repayments) and hence the more debt it needs. eventually just like any household debt it will quickly spiral out of control till something has to give.

Re: One Million is nothing

[bloodhawk]

what a load of bullshit, you have been reading too much of the crap printed by those that put their faith in bitcoin or those that think it is a Zero sum game. money depending on country is backed by various securities or comodities and is a unit of effort or goods and is simply a substitute for having to directly barter goods or labour, you can think of money as an note or I Owe You, except being tied to an individual it is tied to any unit within a given economy that utilises that note.

Tell us again, there is a shortage of IP addresses

a million alone for a brute force. Now think about the dangers of IPv6!!!

Re:One Million is nothing

[Archangel+Michael]

https://www.youtube.com/watch?...

Name Calling vs Facts: Facts always win.

Millions? Why not shut off at three?

[AlanObject]

Most sites that I use that have risk associated with them will shut down an account if more than three attempts are made with bad logins. It sounds like these banks' systems allowed unlimited login attempts. I have a hard time believing that they would have security that lax.

My only question

"For most of these attacks, the crooks used proxy servers, but also two botnets, one of compromised Arris cable modems, and one of ZyXel routers/modems."

Why are banks using bot nets & proxy servers??

Re:One Million is nothing

[slashdotwannabe]

Here's a fact: Congress, and only Congress sets the spending of the country. While the Executive suggests a budget, Congress makes whatever changes they like to it, and is who passes it into law.

Here's another: recessions cause Federal deficits to rise as tax revenues decrease while spending must remain relatively constant so as not to cause a much worse recession. If you're the type to look for someone to blame, blame the guy that started the recession through a complete failure to regulate risky bank activity, not the guy who inherited it.

Here's another: starting two wars without the funding to pay for them and adding a huge new Medicare entitlement program without the funding to pay for it is "unpatriotic". Not gutting the Federal budget and sending the economy into a tailspin because you inherited a recession and the attendant deficit that comes with it is "prudent".

Re:One Million is nothing

[Archangel+Michael]

1) Recession started just after Bush got into office (less than one year) can we blame it on Clinton?
2) Recession has continued for nearly 14 years straight, more or less. Can we blame Obama?
3) The deficit was called Unpatriotic when Obama as criticizing GWB, and was half its current size
4) Obama has ended all the wars, cut military spending, and yet the deficit has more than doubled in size under him
5) While you can blame congress, you can blame the (D) and (R) parties both of whom don't give a rat's ass about spending, the (D) more so than the little (d) Republicans.
6) Risky bank activity thanks to the Mandates of Frank(D)-Dodd (D)

BTW, Risky Bank activity has happened under both (D) and (R) Presidents because greedy bastards in the bank have an "out" in FDIC and similar insurance. All the regulations designed to protect banking consumers have ended up only screwing banking consumers via Bank bailouts on Taxpayer dimes.

And yes, I hate the (R) party for saying one thing, and never having the guts to actually do it. And now, with Obama's sequestration, he is blaming the (R) for allowing the budget to be punted every year down the road.

To fix the problem we have to get rid of baseline budgeting and justify EVERY penny spent. There is a whole slew of budget items that while a minor droplet in the firehose of the budget, that should be gone. And you kill enough of those, and eventually you'll affect the firehose stream. And since the Federal Budget, including ALL "Entitlements" is mostly (over 1/2) off the table for cuts (as in cut in growth, not actual cuts), we're doomed to never reigning in the problem. Let it go long enough, and we'll end up like Greece, Venezuela or North Korea.

There are sensible alternatives to "gutting" (or minor cuts in increases as I call them) spending. But as long as claim others want dead grannies and starvign children, we'll never actually address the problem.

As for the recession, I have a fix. Lets have ONE year where congress reviews each and every regulation to see if it has had the desired effect and justify whatever is renewed.