Massive DDOS Attacks Are Now Targeting Google, Amazon, and the NRA

PC Magazine reports: A new way to amplify DDoS attacks has been spotted harassing Google, Amazon, Pornhub and even the National Rifle Association's main website after striking Github last week. The attacks, which exploit vulnerable "memcached servers," have been trying to hose down scores of new targets with a flood of internet traffic, according to Chinese security firm Qihoo 360... Github was the first high-profile victim and suffered a 1.35 Tbps assault -- or what was then the biggest DDoS attack on record. But days later, an unnamed U.S. service provider fended off a separate assault, which measured at 1.7 Tbps. Unfortunately, the amplified DDoS attacks haven't stopped. They've gone on to strike over 7,000 unique IP addresses in the last seven days, Qihoo 360 said in a blog post... Gaming sites including Rockstargames.com, Minecraft.net, and Playstation.net have been among those hit...

The security community is also steadily addressing the linchpin to all the assaults: the vulnerable memcached servers. About 100,000 of these online storage systems were publicly exposed over a week ago. But the server owners have since patched or firewalled about 60,000 of them, Radware security researcher Daniel Smith said. That leaves 40,000 servers open to exploitation. Smith points to how the coding behind the attack technique has started to circulate online through free tools and scripts.
Meanwhile, Slashdot reader darthcamaro shares an article about "the so-call 'kill switch'" that some vendors have been debating: "The 'kill switch' was immediately obvious to everyone who worked on mitigating this DDoS attack," John Graham-Cumming, CTO of CloudFlare said. "We chose not to use or test this method because it would be unethical and likely illegal since it alters the state of a remote machine without authorization."

Wide-open memcached servers

There are enough moron administrators on the planet to make memcached ddos possible.
Jesus wept.

Re:Wide-open memcached servers

[MrL0G1C]

If admin's are too lazy to configure their servers correctly after it's been all over the news for weeks that their servers are being used to DDOS other servers then they really deserve to have those servers kicked off of the internet. 1 white hat hacker could stop all of them within an hour in this particular instance because they can all be stopped from ddos'ing with the 'flush command'.

Google, Amazon, and the NRA

[Patent+Lover]

The three pillars of society.

Re:Google, Amazon, and the NRA

[Patent+Lover]

You Russkie bots need to update your sarcasm algorithm.

Re:Google, Amazon, and the NRA

[Patent+Lover]

Well try not to use words like "cuck" (especially as a verb) and "leftist". Nobody in the U.S. uses them.

I already have an AR-15, thanks.

Re:Google, Amazon, and the NRA

[sheramil]

And Pornhub... the... fourth leg.. of society.

Re:Google, Amazon, and the NRA

[Maxo-Texas]

Well, that might actually be the "third" leg while one of the other services is the fourth leg.

Part of the Problem?

[Toad-san]

You then deserve what you get.

"Meanwhile, Slashdot reader darthcamaro shares an article about "the so-call 'kill switch'" that some vendors have been debating:
"The 'kill switch' was immediately obvious to everyone who worked on mitigating this DDoS attack," John Graham-Cumming, CTO of CloudFlare said. "We chose not to use or test this method because it would be unethical and likely illegal since it alters the state of a remote machine without authorization.""

Unethical my ass. Turn those suckers off.

Re: Part of the Problem?

Not vigilante justice; self defense. if your being hit by someone you don't ask them why. You defend yourself. if a out of control car is bering down on you; do you let it or do you stop it?

Re:Part of the Problem?

[140Mandak262Jamuna]

We can consider it simply self defense.

If a quarry nearby is storing large amount of dynamite without proper security, would we be worrying about the "possible impact on the legitimate activities of the quarry" or "punishing the quarry for the actions of the miscreants and the thieves"?

Your server is being used by vandals. Sucks to be you. Say bye to you buffers, we are flushing them all.

Go a step further. All public, open , unpatched servers should be given "flush all" command every six hour.

Re:Part of the Problem?

[jrumney]

We need to codify a right to self-defence in the laws that cover this. The kill switch as a standalone concept might be unethical and likely illegal, but when used in self defence from an attack of this magnitude it is entirely justified.

We need more Security by Design

[Aethedor]

We need more software that are secure by design. There is no reason to have a tool like memcached available for the entire internet. The memcached developers should have made it listen to localhost only by default. The setting to make it listen to other interfaces should be well explained in the manual, with all the risks and are-you-sure-you-want-this warnings.

ALL

[Noishkel]

Well that's because the NRA is OBVIOUSLY responsible for EVERY SINGLE shooting that happens. Just like every Cloud Flair is responsible for every act of piracy that happens, Ford is responsible for every car crash, pharmaceutical manufacturers are responsible for every single OD, every single Mullah is responsible for every act of Islamist terror, and every single white male is reasonable for pretty much everything.

It's the [Current Year] and no one has any time for reasonable discussion. Just ban everything and you're a racist for not knowing this already.

Re:ALL

The reason the NRA is targeted is not because they are responsible for the massive slaughters we've seen lately, but unlike the other groups you mention they actively oppose ANY EFFORT TO FIX THE PROBLEM. As a matter of fact, they think the answer to the problem is more guns. This is basically like pharmaceutical companies telling you that the answer to opioid abuse is to try to get more opioids on the market to bring the prices down. If you're STILL having some cognitive dissonance here, you should try watching this.

Re: ALL

[ScentCone]

Ahh, yes, of course, it's the MEDIA'S fault for mass shootings in America, not the proliferation of guns!

Well, let's see. Guns have never been more difficult to buy. Despite that, millions and millions more people have gone through the hoops to buy them over the last couple of decades, even as the rate of murder by people who USE guns is down to almost half what it was before the big spike in gun buying over the last ten years. In other words, what you're implying is actually the bunch of bullshit. Millions more guns are legally owned, and gun violence is dramatically down. If you remove four or five specific urban areas in the US (all run for decades by liberal legislatures/councils and executives, and with the tightest gun restrictions and yet very high, very localized crime problems in those spots), the US is one of the lowest murder rate countries in the developed world. But sure, it's the guns.

Re: ALL

When the media stopped mentioning suicides in the news in the 1980s, they plummeted significantly.

The media turns the shooters into celebrities, from giving biographies about Cruz, to reading his manifesto, to fawning over the Smith & Wesson M&P 15 that he used for his massacre, to mentioning him as a red-carpet celebrity constantly, above all other news for weeks on end. What does this give kids who are already coked to the gills on Prozac or an anti-depressant, who are kicked around, and normally would be suicidal? Yep, they realize they will get adulation and praise like they are a war hero, go find themselves a firearm, by hook or crook, and go take out who they think are the bad guys, committing suicide by cop... because the press will give them their 15 minutes and a score, for other shooters after that to beat.

Of course, we will get the "assault weapons" ban. It won't stop anything. If an AR isn't available, a Mini 14 will be. If semi auto rifles are not available, then there are shotguns. If semi auto shotguns are banned, a sawed off pump. If all guns magically are banned, someone will drive a pickup truck into the school. The fact is, the press turns the murderers into celebrities, rolling out the red carpet, to the point where they will pay the criminal defense teams if the killer writes a book and sells it.

Stop turning these fuckheads into war veterans, and we will see the mass homicides go down. Gun bans are not going to stop it.

Re: ALL

[Brockmire]

False equivalence. Does Ford fight against driver's licence restrictions? If seniors were forced to get tested more often or prove competency, would Ford be actively fighting that?

Re: ALL

[ScentCone]

Maryland, likewise, as some of the toughest gun laws in the country. The city of Baltimore further tightens those, making gun ownership there extremely difficult. And yet, Baltimore is now the murder capital of the country. And ... shockingly, the overwhelming majority of those crimes are committed with: guns possessed by people not legally allowed to own them, guns which were procured usually through theft or fraud. Meanwhile, just miles away in almost every direction, guns are substantially easier to get and carry legally, are owned by FAR more people, and the rates (and hard numbers) of crimes involving guns are a small fraction of what they are in Baltimore. Why? Because criminals in Baltimore face very little in the way of consequence for being career criminals.

Shouldn't the rest of the nation be the same?

No. Because all of the places that most tighten down such laws see increases in murder and other crime. But nationally, such crime has been in a steady decline for thirty years, even as gun ownership has jumped by millions. Your narrative is exactly, precisely backwards.

Re: ALL

[nmb3000]

When the media stopped mentioning suicides in the news in the 1980s, they plummeted significantly.

Completely false. Even assuming you're right about reduced mention of suicides in the 80's, this chart shows a complete lack of "plummeting": At best it shows about 12 deaths per 100,000 in 1980, and about 10 deaths per 100,000 in 2005.

That's a drop of 16%, which could just as easily be attributed to the reduction of leaded gasoline. Or the invention of Internet porn. Or any number of other things.

Re:ALL

[LaughingRadish]

The reason the NRA is targeted is not because they are responsible for the massive slaughters we've seen lately, but unlike the other groups you mention they actively oppose ANY EFFORT TO FIX THE PROBLEM. As a matter of fact, they think the answer to the problem is more guns. This is basically like pharmaceutical companies telling you that the answer to opioid abuse is to try to get more opioids on the market to bring the prices down. If you're STILL having some cognitive dissonance here, you should try watching this.

Here's a slight but very significant correction: The NRA actively opposes ineffective and counter-productive efforts to fix the problem. The talking heads either can't or won't offer any rational justification for gun control, so they resort to name-calling.

Re: ALL

[ScentCone]

Never been more difficult? I can go onto craigslist and find one tonight if I wanted.

Oh, you mean ILLEGALLY obtain. Right. That's the whole point. For years, we've been making it ever more difficult for law abiding citizens to purchase, transfer, possess, carry, or use firearms. This has absolutely no impact on people willing to break the law by transferring guns outside of the legal framework in place. Or did you mean ... using an online ad to begin a legal transaction, which is subject to current state and federal laws?

Re: ALL

[quenda]

If you remove four or five specific urban areas ... the US is one of the lowest murder rate countries in the developed world. But sure, it's the guns.

That is way overstating your case. Removing poor black urban areas with high homicide rates will help, but even New Hampshire, the state with the lowest homicide rate, is around 1 per 100,000, comparable to big cities with visible crime problems in Australia or Europe, and far from "the lowest murder rate countries".

Yes, fear of guns in the US is greatly exaggerated. I've tried to persuade people that the US is quite safe to visit. But twisting the truth like that to say there is no gun problem ... its just incomprehensible to us outsiders.

Re: ALL

[ScentCone]

Yes, fear of guns in the US is greatly exaggerated. I've tried to persuade people that the US is quite safe to visit. But twisting the truth like that to say there is no gun problem ... its just incomprehensible to us outsiders.

Well, it's incomprehensible to "outsiders" only if those outsiders are deliberately trying to confuse criminal acts with the existence of guns. The problems ARE concentrated in specific places. Not in "poor black urban areas" but in specific urban areas. There are plenty of places that are relatively poor, mostly black, have high gun ownership rates, and low murder rates. That's the norm, and specific murder-heavy neighborhoods in parts of Chicago, Baltimore, etc., are the exception. But the gang-bangers there are so busy killing each other over turf and enjoying their freedom because of local liberal government policies, that they throw the entire nation's stats way off. Mentioning that isn't "twisting the truth." It's simply telling the truth.

Re: ALL

[I75BJC]

Yes, they would. Seniors buy a LOT of Fords.

Re: ALL

[ArylAkamov]

. They also have gun laws that have been proven to be compliant with the 2A. Shouldn't the rest of the nation be the same?

You sure have a weird definition of 'shall not be infringed'.

Re: ALL

[ArylAkamov]

It's almost like the us and the uk are very different places, with different cultures.

Re: ALL

[quenda]

The problems ARE concentrated in specific places. ... that they throw the entire nation's stats way off.

The "If you remove four or five specific urban areas ... the US is one of the lowest murder rate countries" is a total fabrication.
Don't pat yourself on the back for being better than Mexico. Given that not a single state has a low homicide rate, you'd have to be removing an awful lot of "specific" areas.

And the mass-shootings are almost always in the US. Given this problem, it is crazy that a lone nutter can so easily obtain multiple semi-automatic weapons.
What is so wrong with background checks and waiting periods? Why should a gun license be easier to get than a driving license?

Re: ALL

[ScentCone]

What is so wrong with background checks

Nothing. Which is why we have a national instant background check system. Groups like the NRA have been pleading with state governments and other agencies to participate more fully in providing information to that system. Murderers like the man in Florida a couple weeks back would have been prevented from making that purchase if authorities weren't so paralyzed by political correctness and afraid of SJWs that they won't allow the system to actually work.

Re: ALL

[quenda]

paralyzed by political correctness and afraid of SJWs

I loathe those as much as the average NRA member, but what is the connection?

Re: ALL

[ScentCone]

What's the connection? The handful of urban areas that account for so much of the bad-guys-used-guns violence statistics are, not surprisingly, also places that have a particular problem with not handling career criminals - on the books - in a way that would see them out of action. Both in terms of their gun-buying rights specifically, and their liberty generally. In Baltimore, for example, some 85% of the guns seized from those arrested in connection with violent crimes are already people with long criminal histories. They'd already fail the background check and would be undeterred by ANY law that would limit their access to guns (because they've already made the decision to criminally acquire and carry and use them). So in their case, the problem is the local political climate as it relates to catch-and-release prosecutors who are more interested in cultural pandering than actually reducing violence. So instead they tell law-abiding people that the solution is to make it ever harder to legally own a gun, or that reducing the capacity of a law abiding owner's pistol magazine will somehow prevent a criminal from shooting somebody.

Re: ALL

[quenda]

They'd already fail the background check and would be undeterred by ANY law that would limit their access to guns (because they've already made the decision to criminally acquire and carry and use them)

Sorry, you'll have to explain this. Are you trying to say that it is impossible to implement gun-control in Baltimore?
The point of gun control is to make it harder for people to get guns, not just tell them they are not allowed. That would be silly.
    Especially, make it hard to obtain the most deadly weapons in the heat of the moment. It is not going to stop organised gangs, but that doesn't mean we give up.
    Are you thinking that this is not possible in Baltimore? Too many illegal guns in circulation already? Too easy to steal them? Why could it not be enforced?

We had a lone-nutter Islamic terrorist take hostages in Sydney a while back. The best he could obtain was an ordinary shotgun. If it was the US, he would have had an assault rifle, semi-automatic pistol, pump-action shot gun, and a lot more people would have died.

Re: ALL

[ScentCone]

Sorry, you'll have to explain this. Are you trying to say that it is impossible to implement gun-control in Baltimore?

No, I'm saying that they've already implemented very stringent gun control in Baltimore. As a result, it has long since been very difficult for people to legally possess (let alone use, for self defense) guns there. Needless to say, the rampant problem they have with crime there involves life-long criminals that really don't care, at all, about legally owning or using guns. Such laws only impact the law-abiding. As a result, virtually all of the guns confiscated from criminals and collected from crime scenes are - of course - not legally owned, possessed, or transported. Because criminals are criminals.

The best he could obtain was an ordinary shotgun.

Or, he could have spent $50 on stuff from the kitchen and hardware stores, and easily killed dozens of people if he could read. Not sure what your point is. Terrorists using cars and trucks have killed dozens and dozens of people multiple times, by simply running them down. I'm guessing you're thinking it was all about the cars and trucks, though.

Re: ALL

[quenda]

No, I'm saying that they've already implemented very stringent gun control in Baltimore.

Isn't the problem with local control totally obvious? They just drive to the next town. Its embarrassing having to say that.

Such laws only impact the law-abiding.

Catchy slogan, but simply is empirically not true. Take a look at the world.

Or, he could have spent $50 on stuff from the kitchen and hardware stores, and easily killed dozens of people if he could read.

You really think so? And yet, that does not happen.

Re:NRA

[PolygamousRanchKid+]

Why would anyone target The NRA? Seems really suspicious.

It stokes up conflict among the pro-Second Amendment camps and ant-Second Amendment camps internally in the USA, and generally weakens democracy there. The right will blame it on the left, and they will all get into a massive huff over it.

International shits & giggles.

Why would anyone target Amazon, Google or Pornhub . . . ?

Why not, if someone else is footing the bill to disrupt the Internet.

Now who could that someone be . . . ?

Re:NRA

[BeerCat]

Why would anyone target The NRA? Seems really suspicious.

Maybe because they oppose net neutrality?
https://www.reuters.com/articl...

Put it to some good use?

[Vektuz]

unsecured Memcached servers could store data - par2'd data chunks, for example, similar to a newsgroup - along with indices / torrent tracker data / etc. And since they will store keys from spoofed UDP packets, there is no good way to figure out who put the data there.

Just saying. Better than ddoses :(

I can see ignoring option before, but after time?

[SuperKendall]

That's great they managed to patch 60k out of 100k vulnerable systems...

But as the rest of the systems continue to degrade the internet - at some point don't you have to say, for the public good these servers have to be shut down externally?

It's fine and dandy to say it's not justified to disable someone else's system that is unknowingly taking part in an attack. But that ignores that all companies and people that put systems on the internet have a responsibility to monitor and keep them up to date, and if they abuse that responsibility they lose the right to complain about external kill switches being activated.

It seems like after some time if you cannot get people to be responsible, you do what you have to and maybe next time they will be more proactive about fixes.

I can see ignoring option before, but after DNS.

Well I remember when I had misconfigured my DNS server. The one's I were connected to didn't "kill me", they just sent a message telling me to fix it.

Re:We need to ban computers and the Internet!

Dude, Computers don't DDoS. People DDoS. We have got to ban people from using computers.

Kill switch

[GrahamJ]

I haven’t seen it described but I assume the kill switch would be to point the servers at themselves or other open servers?

Re:Kill switch

[Zocalo]

It's not really a kill-switch in the sense of turning the service off, so much as a temporary reset button. What it does is to send a command to memcached to drop the contents of its cache, at which point the spoofed packets of the DDoS will not actually stop outright but be considerably be reduced in size and thus reduce the effective amplification factor of the attack. Unfortunately, the server would then immediately start to repopulate its cache and the amplification factor would gradually recover back to its former levels, something that could happen quite quickly for some cached databases if the underlying query rate is high enough. To effectively shutdown a server, you'd need to keep sending the flush command at regular intervals - in effect launching a DoS at the server to prevent it launching a DoS at another server, so sinking to the same level as those trying to launch the DDoS.

Re: Kill switch

[GrahamJ]

Great explanation, thank you!

Re:Kill switch

[jabuzz]

Well to be fair if you have an memcached server that is in need of patching and you are getting your cache flushed on a regular basis as a result of your server participating in a DDOS then frankly fix your server and STFU in the meantime.

Re:Kill switch

[sl149q]

Memcached implements a key-value store. The DDOS first put a large value with a known key into the server to be exploited, then sends spoofed UDP packets to it requesting the key.

Once you clear the cache, the server cannot be exploited again until a new key-value is stored. The exploit cannot use other data that might be on the server because it does not know what the keys are.

A possibly safer kill-switch would simply upload a new small value for the key to any server sending you data. It will continue to send you that value instead of the much larger one loaded for the exploit. A very small (under 50 bytes?) UDP packet is better than the very large amount of data currently being sent (I think 700kbytes?) Reduces the amplification factor to close to zero.

Re:Kill switch

[Vektuz]

DOesn't that mean that there's basically a giant free cache available to anyone who wants to store data out there? And because UDP is spoofable, people could store data in said cache without betraying where it came from?

Why won't someone think of the...

[karolgajewski]

What? They're harassing PornHub?
Why won't someone think of the ... uh... nevermind...

Re:Kill switch ... make them attack each other?

[bd580slashdot]

Why not use the same technique to make these servers attack each other?

That would get the attention of the admins responsible for configuring and firewalling these servers.
(Same for spoofed origin BGP and other amplification attacks too)

I wonder if admins get paid to leave these servers misconfigured / accessible for these attacks. Plausible deniability and all that. Maybe you could slow certain fiber links enough to profit when doing High Frequency Trading on the worldwide stock exchanges? That would be worth paying for. These attacks could be a test run for something like that. Whether this is the case or not, making them attack each other might help.

This would be a lot closer to "sinking to their level" than simply sending the flush command over and over again.

I haven't thought this through very well but since this is slashdot I'll just spout off anyway.

Thoughts?

Re:Kill switch ... mod parent up!

[bd580slashdot]

Just ran out of mod points. Mod parent up!

Re:ALL Bullshit

[I75BJC]

You neither know nor have read ANYTHING about the NRA if you truly believe "they actively oppose ANY EFFORT TO FIX THE PROBLEM". The NRA supports denial or restriction of gun ownership to specific classes of people -- convicted felons, mentally ill, etc. Just go an look. I dare You! The NRA supports educational pursuits with children, adolescents, and adults with courses that deal with gun awareness, safety, safety use and proficient use. The NRA is a gigantic educational and training entity that provides training for potential soldiers and LEOs, training for current soldiers and LEOs, training for instructors, range officers, etc. for shooting ranges, etc. If someone knows what a gun can do, how to respect (use and handle) a gun, and how to avoid situations where improper gun use can take place, that someone has the NRA to thank. The NRA teaches this now. The NRA has taught this since its inceptions. The NRA will continue to teach this. If someone knows the above, that someone knows when to leave many potential dangerous situations before a prep starts shooting. Wouldn't it better for someone to know all the above so that they could avoid a dangerous situation? BINGO, you're in sympathy with the NRA!