Feedly buckles under DDoS but defies attackers’ extortion demands

News aggregator Feedly was made inaccessible by attackers who are demanding a ransom to stop their crippling assault. Two other cloud-based servers, Evernote and Deezer, have also buckled under distributed denial of service (DDoS) attacks in recent days.

Most or all of Feedly's 12 million or so users were unable to access its website early Wednesday morning. A few hours later, parts of the site gradually came back online. In an advisory, officials wrote:

2:04am PST – Criminals are attacking feedly with a distributed denial of service attack (DDoS). The attacker is trying to extort us money to make it stop. We refused to give in and are working with our network providers to mitigate the attack as best as we can.

We are working in parallel with other victims of the same group and with law enforcement.

We want to apologize for the inconvenience. Please know that your data is safe and you will be able to re-access your feedly as soon as the attack is neutralized.

On Tuesday, Evernote also experienced connectivity problems that it attributed to DDoS attacks. The service seemed to be working normally as of press time. Cloud-based music service Deezer suffered a DDoS attack over the weekend, according to The Inquirer, which cited e-mails company officials sent to subscribers.

Read 2 remaining paragraphs | Comments

Mt. Gox plans to resume Bitcoin transfers after fixing “phantom” weakness

Bitcoin exchange Mt. Gox plans to lift its suspension of external Bitcoin transfers soon after fixing a weakness in its accounting process that left it susceptible to denial-of-service attacks, company representatives said Monday.

As Ars reported last week, the Tokyo-based Mt. Gox was one of at least two Bitcoin exchanges that temporarily suspended withdrawals after coming under attacks that deliberately flooded it with malformed transaction records. The phantom transactions didn't allow attackers to steal money or permanently tamper with the central accounting system for the digital currency, but it had a noticeable effect on some exchanges. The malformed records created discrepancies in the effected exchange's accounting systems that caused them to fall out of sync with the network. The exchanges then experienced slow downs as they recalculated their account balances. The attack and the vulnerability it exploited came to public attention through the research of Bitcoin wallet developer Blockchain.info.

In a statement issued Monday, Mt. Gox representatives said:

Read 1 remaining paragraphs | Comments

DDoS-for-hire service works with blessing of FBI, operator says

A website that accepts payment in exchange for knocking other sites offline is perfectly legal, the proprietor of the DDoS-for-hire service says. Oh, it also contains a backdoor that's actively monitored by the FBI.

Ragebooter.net is one of several sites that openly accepts requests to flood sites with huge amounts of junk traffic, KrebsonSecurity reporter Brian Krebs said in a recent profile of the service. The site, which accepts payment by PayPal, uses so-called DNS reflection attacks to amplify the torrents of junk traffic. The technique requires the attacker to spoof the IP address of lookup requests and bounce them off open domain name system servers. This can generate data floods directed at a target that are 50 times bigger than the original request.

Krebs did some sleuthing and discovered the site was operated by Justin Poland of Memphis, Tennessee. The reporter eventually got an interview and found Poland was unapologetic.

Read 3 remaining paragraphs | Comments

Apple HQ also targeted by hackers, will release tool to protect customers

Apple says a "small number" of computers on its Cupertino campus were attacked by hackers, according to Reuters. The hack appears to exploit the same Java vulnerability that recently compromised computers at Facebook. “There is no evidence that any data left Apple," the company reportedly said.

According to the Reuters exclusive, Apple is currently working with law enforcement to identify the hackers. (The company has since also confirmed to Macworld the same details.) The company also said it planned to release software on Tuesday that would help Mac users keep their own machines safe. But assuming the exploit is indeed the same one used at Facebook, the attackers may not be able to get to many Mac users in the first place. Following last year's Flashback malware scare, many Mac users disabled or uninstalled Java on their machines. Apple has also removed the Java plugin from all Mac-compatible Web browsers and blacklisted Java browser plugins on OS X twice this year already in order to prevent critical exploits.

The incident follows a recent series of attacks targeting The New York Times, The Wall Street Journal, and other publications. Various attacks in the past months have also hit Twitter and Facebook (Facebook told Ars last week how the hack unfolded). Among other things, the hack used a compromised, third-party website for mobile developers to exploit a previously unknown vulnerability in Java, causing anyone who visited with Java enabled to become infected.

Read 3 remaining paragraphs | Comments