DDoS attacks are getting worse

Just a couple of days after a horrendous DDoS attack took down Pokemon GO servers for a day, Arbor releases its new report on the state of DDoS around the globe, which basically says things are only getting worse.

The reasons are still the same — DDoS attacks are simple to launch, cheap and easy to obtain, for anyone “with a grievance and an internet connection”.

Over the past 18 months, Arbor detected an average of 124,000 DDoS attacks a week. The peak size jumped a stunning 73 percent compared to 2015, up to 579Gbps. Just in the first six months of 2016, there have been 274 attacks over 100Gbps — in the whole of 2015 there have been 223 such attacks.

When it comes to attacks over 200Gbps, things are even worse — 46 such attacks in the first half of this year, compared to 16 in all of 2015. Great Britain, the US and France are the top three targets for attacks of over 10Gbps.

“The data demonstrates the need for hybrid, or multi-layer DDoS defense,”, said Darren Anstee, Arbor Networks’ chief security technologist. “High bandwidth attacks can only be mitigated in the cloud, away from the intended target.  However, despite massive growth in attack size at the top end, 80 percent of all attacks are still less than 1Gbps and 90 percent last less than one hour. On-premise protection provides the rapid reaction needed and is key against ‘low and slow’ application-layer attacks, as well as state exhaustion attacks targeting infrastructure such as firewalls and IPS”.

Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.

Source: http://betanews.com/2016/07/22/ddos-attacks/

US Congress websites recovering after three-day DDoS attack

Library of Congress among the victims to go temporarily offline.

Several websites owned and operated by the United States Congress are recovering from a three-day distributed denial-of-service (DDoS) attack.

The DDoS campaign began on July 17 when the websites for the Library of Congress (LoC) began experiencing technical difficulties. A day later, the websites went temporarily offline:

During the attack, Library of Congress employees were unable to access their work emails or visit any of the Library’s websites.

Softpedia reports the attackers ultimately overcame initial defense measures to escalate their campaign. Specifically, they brought down two additional targets: congress.gov, the online portal for the United States Congress; and copyright.gov, the website for the United States Copyright Office.

On Tuesday morning, things started to get back to normal. Some email accounts were functioning, writes FedScoop, but other online properties by the LoC remained offline.

As of this writing, the three government portals affected by the attack are back online.

Tod Beardsley, a senior research manager for Boston-based cybersecurity firm Rapid7, feels that denial-of-service attacks remain popular because of how difficult it is for a target to mitigate a campaign while it is still in progress.

As he told FedScoop:

“DoS attacks that leverage DNS as a transport is a common mechanism for flooding target sites with unwanted traffic for two reasons. [First,] DNS traffic is often passed through firewalls without traffic inspection, since timely responses to DNS are critical for many networked environments. [And] second, DNS nearly always uses User Datagram Protocol, or UDP, rather than Transmission Control Protocol, or TCP, and UDP-based protocols like DNS are connectionless. As a result of this design, it’s easier for attackers to forge data packets with many fake source addresses, making it difficult to filter good data over bad.”

Network filtering devices can help, but only if a company decides to buy one. Perhaps the Library of Congress didn’t own such a device or lacked a service provider with expertise in mitigating DoS/DDoS attacks.

There’s little companies can do to protect against DDoS attacks, as script kiddies with a few bucks can rent a botnet online to attack whichever target they choose. With that in mind, organizations should prepare for these attacks by investing in DDoS mitigation technologies that can in the event of an attack help accommodate and filter attack traffic.

Source: https://www.grahamcluley.com/2016/07/congress-website-ddos/

DDoS attack size up 73% from 2015

Distributed denial of service attacks continue to be popular with attackers, increasing in size, complexity and frequency in the first half of 2016, according to the latest global report by Arbor Networks

The most powerful distributed denial of service (DDoS) attack in the first half of 2016 was 579 gigabits per second (Gbps), according to the latest global report from Arbor Networks.

This represents a 73% increase from the largest attack recorded in 2015 by Arbor Networks, the security division of Netscout.

The report shows not only an increase in the size of DDoS attacks, but also an increase in frequency, based on data gathered from Atlas, a collaborative partnership with more than 330 service provider customers who share anonymous traffic data with Arbor to gain a comprehensive, aggregated view of global traffic and threats.

DDoS remains a common attack type due to the easy availability of free tools and inexpensive online services that enable anyone with a grievance and an internet connection to launch an attack.

This has led to an increase in the frequency, size and complexity of attacks in recent years, the report said, with an average of 124,000 DDoS attacks a week in the past 18 months.

In the past six months, Atlas recorded 274 attacks over 100Gbps, compared with 223 in all of 2015, and 46 attacks over 200Gbps compared with 16 in all of 2015.

The UK, the US and France are the top targets for attacks over 10Gbps, the report said.

But as Arbor’s researchers reported in June, large DDoS attacks no longer require the use of reflection amplification techniques.

An internet of things (IoT) LizardStresser botnet was used to launch attacks as large as 400Gbps, targeting gaming sites worldwide, Brazilian financial institutions, ISPs and government institutions.

According to the researchers, the attack packets do not appear to be from spoofed source addresses, which means the traffic originates from the source addresses in the packets without amplification relying on the user datagram protocol (UDP), such as the network time protocol (NTP) or the simple network management protocol (SNMP).

However, reflection amplification allows an attacker to both magnify the amount of traffic they can generate, and obfuscate the original sources of that attack traffic. Consequently, most recent large attacks used this technique, exploiting domain name system (DNS) servers, NTP and simple service discovery protocol (SSDP), the report said.

As a result, in the past six months, DNS was the most prevalent protocol, taking over from NTP and SSDP in 2015. The average size of DNS reflection amplification attacks grew strongly, and the peak monitored reflection amplification attack size was 480Gbps.

The report also highlights the fact that even attacks that bombard targeted websites and networks at a rate of only 1Gbps can be enough to take most organisations completely off line.

In the first half of 2016, the average attack size was 986Mbps, a 30% increase over 2015, and the average attack size is projected to be 1.15Gbps by end of 2016.

“The data demonstrates the need for hybrid, or multi-layer DDoS defence,” said Darren Anstee, chief security technologist at Arbor Networks.

“High bandwidth attacks can only be mitigated in the cloud, away from the intended target,” he said. “However, despite massive growth in attack size at the top end, 80% of all attacks are still less than 1Gbps and 90% last less than one hour.”

According to Anstee, on-premise protection provides the rapid reaction needed and is key against “low and slow” application-layer attacks, as well as state exhaustion attacks targeting infrastructure such as firewalls.

Source: http://www.computerweekly.com/news/450300564/DDoS-attack-size-up-73-from-2015

Hackers claim responsibility for Pokémon Go DDoS attack

Hacker group OurMine has claimed credit for a DDoS attack on the Pokémon Go servers over the past weekend. Rumours of an attack were floating around on Saturday but Niantic didn’t comment on the reason the servers were down.

Talking to TechCrunch, a member of the group said that they were part of a trio of teenagers that uses these incidents to advertise their ‘security services’ and make people more aware of security issues.

“We don’t want other hackers attack their servers, so we should protect their servers,” the member said.

Apparently a message on their website says that they wouldn’t stop the attack until they were contacted by representatives from Niantic.

Another group called PoodleCorp also claimed responsibilty for the servers going down on their Twitter account.

The app has been crashing and experiencing server issues since release, so it’s entirely possible that it wasn’t a DDoS attack, but simply launch issues.

Either way, you can check the status of the server in your country at any time with the Pokémon Go outage map.

Source: https://www.vg247.com/2016/07/18/hackers-claim-responsibility-for-pokemon-go-ddos-attack/

68 gov’t websites attacked

Several Philippine government websites have been subjected to various forms of cyberattacks following the release of the ruling on the arbitration case filed by the Philippines against China.

The STAR learned yesterday that at least 68 websites have been subjected to attacks, which included attempts of hacking and defacement, slowdowns and distributed denial of service attacks.

Among those at the receiving end were agencies such as the Department of National Defense, the Philippine Coast Guard, Department of Foreign Affairs, Department of Health, the Presidential Management Staff and the gov.ph domain registry website.

The website of the Bangko Sentral ng Pilipinas was also subjected to a supposed hacking, although authorities were able to immediately foil it.

The websites of these agencies were all accessible yesterday.

The source of the attacks has yet to be determined, although initial investigation supposedly pointed to an entity supposedly operating from the Netherlands.

The Permanent Court of Arbitration (PCA) that issued the ruling on the Philippine case is based in The Hague in the Netherlands.

The Information and Communications Technology Office, the precursor of the newly created Department of Information and Communications Technology, has yet to respond to request for comment regarding the cyberattacks.

The Department of Science and Technology earlier provided additional protection to Philippine government websites amid repeated incidents of defacements and denial of service attacks.

PCA website hacking

Earlier, a cyber-security company reported that the PCA website was infected with a malware by “someone from China” in July 2015.

Citing information from ThreatConnect Inc., Bloomberg Business reported the attack happened in the midst of the week-long hearing on the jurisdiction of the arbitration case filed by Manila against Beijing over the territorial dispute in the South China Sea.

Gaelle Chevalier, a case manager at the PCA, told Bloomberg that they “have no information about the cause of the problems.”

Source: http://www.philstar.com/headlines/2016/07/16/1603250/68-govt-websites-attacked

Are you a victim of DDoS attacks?

Distributed denial-of-service (DDoS) attacks have been around for a long time, and are increasing at an unprecedented rate. According to the VeriSign Distributed Denial of Service Trends Report, in fourth quarter of 2015, there was an 85% increase in DDoS attacks compared to 2014. Not only are they increasing in quantity, they are also becoming more sophisticated. Often DDoS attacks are tied to ransomware, hacktivism, and nation-state to nation-state cyberwarfare. Repeat attacks against the same organisation are also on the rise.

Every industry is at an increased risk of DDoS attacks. Industries like IT services, cloud face the most number of DDoS attacks. The latest DDoS attacks are much more difficult to detect than ever before. If you are a victim of DDoS attacks, you should be aware of these 7 myths on DDoS to help you be better prepared:

Myth 1: DDoS attacks only occur on a large scale—with hundreds of gigabits.

Reality: The truth is most modern DDoS attacks are not large at all, averaging only between 30 to 40 Gbps. The issue is that they are often difficult-to-detect, low-and-slow application attacks or volumetric attacks, which use multiple systems or botnets to flood network layers with traffic. These attacks, which can easily be launched with minimal resources, can still create significant impact.

Myth 2: Our network or service is not down, so we’re not being attacked.

Reality: Unusually slow network performance is likely due to a DDoS attack. Sophisticated DDoS attacks are designed to strike simultaneously at any time, slowing down response times, which can result in decreased customer satisfaction—a big cause for concern.

Myth 3: DDoS attacks are really not so bad. No one will notice the difference, so there is no need to worry about them.

Reality: Actually, the average downtime of a DDoS attack—which could include crashes, slowdowns, and denied customer access—is 17 hours and can stretch up to 36 hours long. All those hours translate to substantial revenue loss and diminished customer loyalty.

Myth 4: The best protection against multi-vector DDoS is cloud protection.

Reality: External cloud DDoS solutions work great for volumetric attacks, but not for application layer attacks. An advanced multi-vector DDoS protection is a hybrid solution, which gives complete control over data streams—with no delays—and reduces concerns about the safety of critical data.

Myth 5: DDoS is a network administration issue.

Reality: From a technical standpoint, that’s true. But, since DDoS attacks are by nature malicious and can potentially compromise an organisation’s operations, security teams, including the CSO, need to join forces with the network IT team to mitigate, respond, and remediate. An overwhelming 95% of respondents of a recent A10 Networks and IDG survey agreed that DDoS is a problem not driven by security teams and network teams.

Myth 6: Having a firewall and intrusion detection system (IDS) protects against DDoS.

Reality: Today’s complex DDoS attacks often leverage spoofed traffic that originates from multiple sources, and firewalls can’t scale up to handle that. Multi-vector DDoS attacks also quickly drain CPU resources of legacy devices, rendering firewalls and IDS ineffective. Today, firms must think about scalable solutions rather than simple firewalls because DDoS attacks have grown in volume and in sophistication (example: application layer attacks). This is confirmed by a recent A10 Networks and IDG survey —where respondents mentioned that they face all three types of DDoS attacks: network layer attacks (35%), volumetric attacks (34%), and application layer attacks (30%).

Myth 7: Not wanting to invest too much; so a “good-enough solution” will do the job.

Reality: The most dangerous multi-vector DDoS attacks include volumetric and application layer attacks, so a defense that only handles routine, easy-to-detect threats is not sufficient. To mitigate today’s and tomorrow’s DDoS attacks, an aggressive mitigation plan is needed.

Prepare for the Future

When it comes to DDoS attacks, it pays to prepare for the future. These threats will continue to evolve and become even more sophisticated and evasive. A system that incorporates protection against the full spectrum of multi-vector DDoS attacks is ideal which will block the attack before any harm occurs.

Source: http://tech.firstpost.com/biztech/are-you-a-victim-of-ddos-attacks-325162.html

When machines do the hacking

When it comes to cybersecurity, there’s only one thing worse than hackers: robot hackers. No, we’re not talking about Skynet – at least, not yet. But for IT managers, the next wave of cybersecurity threats is likely to be automated, targeted, and almost humanly impossible to predict.

That’s because of the technology phenomenon of machine learning, whereby a software platform analyses patterns in large volumes of data to find patterns in unfamiliar situations. Machine learning is already proving disruptive in a range of fields, from voice recognition (think Alexa & Siri) to financial services advice and even biomedical practices like diagnostic imaging. If cybersecurity pros aren’t careful, its most disruptive application could well be in cybercrime.

Beware the Bots

A typical sophisticated hack is tailored to bypass the target organisation’s unique configuration of defences, focusing on known vulnerabilities in technical systems or user behaviour that the hacker has identified. Human attackers, however, suffer from the same cognitive biases as all other people, and inevitably overlook or opt against using vulnerabilities which they’re not so comfortable at exploiting. Moreover, even large teams of human hackers can only coordinate attacks against a few vulnerabilities at any given time, before being overwhelmed by the speed and attention required.

Machine learning attacks will do away with these human limitations. The more data they absorb about the vulnerability or the target – from undefended ports to enterprise org-charts to reliably cataloguing new zero-day vulnerabilities – the more capable they’ll be of orchestrating a successful attack. Unlike human hackers, machine learning isn’t biased in using the data to develop incredibly novel attacks, combining multiple vectors and techniques in ways that even the most creative cybercriminals wouldn’t think of doing.

If one permutation of attacks fails, machine learning’s highly automated nature will mean that it can just cycle through more combinations at dizzying speed, with a randomness and persistence that will vex even the most diligent cybersecurity operators. And if that’s not worrying enough, most freely-available machine learning platforms are all hosted in the cloud – making them as elastically scalable as the very SaaS offerings their targets are using. Forget hiring more black-hat engineers: to ramp up the intensity of an assault, all a hacker needs to do is provision more cloud instances with a (stolen) credit card.

In other words, machine-learning hacks have far greater sophistication, scale, and ROI than traditional cyber attacks. We can assume that state-sponsored actors are already testing or even using machine learning in their arsenal – but if a nation-state is targeting your enterprise, there’s not much that even the best-resourced cybersecurity team can do. The more likely risk comes from commoditised machine-learning services – the sort that major cloud providers are now making openly available – being adapted by freelance cybercriminals. But fear not: in this war against the machines, resistance isn’t futile.

AI’s Achilles Heel

There are a few means by which enterprises will be able to protect themselves against the first wave of machine-learning attacks. As with any other cybersecurity threat, detection is of paramount importance. The first and most critical step is to determine you are under AI attack because you would take different precautions and even draconian measures to save your environment if under attack by AI than you would with a human-led attack. Machine-learning attacks can be identified by two traits: the novelty and the orchestration of their approaches, cyber security professionals should be develop skills for detecting novel multi-faceted attacks. If you see a range of SQL injections, probes, targeted email pishing and DDoS attacks being executed against your organisation at the same time, without any discernible pattern in intensity or sequence, you could be facing an AI rather than your typical mercenary or disgruntled software engineer.

Machine learning does have one weakness: the machine needs to learn before it can get to work. That learning process may give away an imminent attack to observant cybersecurity operators. Sometimes learning will take place through acquiring data. Persistent port scans, strangely personalised spam messages, and even random phone calls from “marketers” may all indicate that a cybercrime group is trying to gather the necessary data about your organisation to feed into the machine.

In other cases, learning happens through practical experience. So if you see an organisation in your industry go down to an inexplicable combination of sophisticated attacks, raise your threat level. It’s likely that if the attack is indeed AI-led, its human operators will use the experience to inform even more advanced attacks against similar organisations.

The matrix has you…protected

So what can enterprises do to repel the advance of the machines? Some AI platforms are already being applied to cybersecurity, but unless they can respond in a real-time manner they’re likely to be stuck playing catch-up to cybercrime first-movers. Machine learning can already supplement cybersecurity teams by automating responses based on simple protocols, but that’ll only prove effective against lower-level automated attacks like the ones we’re already seeing today.

The most effective solution is likely to be herd immunity. Since AI-led attacks will often go after similar organisations in order to keep learning, enterprises in the same industry can also adopt “security-as-a-service” clouds that roll out countermeasures across an entire matrix of organisations when one is hit. And unlike the cybercriminals, the defenders have one significant advantage: information sharing. By sharing anonymised information about breaches and vulnerabilities between members and encouraging a culture of collaboration rather than isolation, security clouds can gain far more intelligence than cybercrime AIs operating in isolation – putting them one step ahead.

Source: http://www.cso.com.au/article/603335/when-machines-do-hacking/

Be Properly Prepared to Minimize the Impact of DDoS Attacks

Reports of aggressive DDoS attacks, also known as cyberattacks or overload attacks, are recurring topics in the news. These attacks shake up businesses and organizations—and their customers who are impacted in the end. Some people say that you can avoid DDoS attacks. That is not true. But, you can be prepared for them to minimize the impact on your business and operations.

An increasing number of companies are being hit by repeated DDoS (denial of service) attacks, according to the latest statistics from Akamai. The number of attacks has increased by a whopping 125 percent from last year. Top global banks, online retail stores, gaming sites . . . No industry is spared and companies of all sizes are being affected, although software and technology companies are heavily targeted with 25 percent of observed attacks aimed at such companies.

Repeat attacks are increasing and DDoS attackers are becoming more skillful. Each targeted customer is attacked 29 times on average. Multi-vector attacks, the most complex type of DDoS attacks, are increasing—making defense more difficult. Multi-vector attacks combine different DDoS attack tools, striking the application layer and the network layer simultaneously, and often dragging on for days.

This paints a scary picture. It is not really a question about if you will be attacked, but rather when. And don’t let anybody fool you into believing that you somehow can prevent the attacks from happening. You can’t. What you can do, however, is be as well prepared as possible to quickly identify and assess the threat and take speedy and relevant action.

Ways to Prepare for a Possible Attack and Ways to Handle It

A DDoS attack can be constructed as a special type of load test. By combining network DDoS protocol abuse and aggressive volume tests, you can create an aggressive and abusive test of your environment and its ability to handle high load traffic in combination with malicious use of protocols.

We usually see two types of DDoS attacks:

  1. Illegal attacks performed with malicious intent and driven from botnets and or server farms:
    • Network layer, with basic application functionality
    • High volume traffic
    • Advanced application attacks
  2. Social media driven DDoS attacks

The difference lies in the method and means of the attack. Pure DDoS will traditionally attack on network layers, but we see a trend of including application layers and extreme volumes in combination with peak traffic, like Black Friday. They also typically have financial demands for stopping the attack.

If you have real users visiting your site(s) in super high volumes with no correlation to an event or service offering, you are experiencing a social media driven DDoS attack. An example is a tweet with links that cause millions of users to click the link. A Facebook campaign can also attract so much traffic that your website crashes.

DDoS attackers are enhancing their application integrations as that level is the hardest to provide protection against, especially under high volumes of traffic.

So, can you always protect yourself for all types of DDoS attacks? The straight answer is no, but you can always prepare your site and protection systems to match your business risk profile of lost business based on downtime.

Do your homework on capacity and security planning. Capacity and load weakness is the most overlooked corner stone in all defense techniques. Everyone has a theoretical idea of what needs to be done if you are attacked, but until an attack actually occurs, there is no actual way to know what works and what doesn’t work. The most common problem today, when it comes to capacity planning, is between front-end web applications and back-end databases—a discrepancy which can make you vulnerable to an attack.

Plan Countermeasures Like Massive Simulated Attacks

With this said, the first insight in preparing for an attack is to have the right countermeasures in place. The other insight is knowing how your surroundings will react to this scenario. You like to avoid easy wins for you opponent. The best thing you can do is recreate and attack in a controlled environment. One recommendation is to mobilize a third party’s load test organization to actually simulate an attack. This way you can understand the consequences and eliminate all the “ifs” from your action plan.

The burning question is: How do you prepare for, respond to, and mitigate a DDoS attack when it occurs? Have you set aside resources and engaged Internet suppliers in order to create black holes in the traffic? Black holing is a common defense against junk mail, where an ISP blocks packages from a domain or an IP address—a technique which can be used against DDoS attacks. Or, are you hoping your IDS, firewall, or router can filtrate the traffic? There are many methods and strategies that are used, but normally they are not tested in advance. You need a regular fire drill to have the readiness and systems in order for the real thing!

It is a good idea to externally test your selected DDoS protection and also suggest and validate offload solutions based on load balancing and cloud capacity. Mitigating the effects of a DDoS attack is complex and challenging. The techniques are constantly improving and more IDS solutions have the ability to identify DDoS attacks and eliminate them, either on a firewall level or outside the network before it penetrates the servers and makes them crash. This technique is fairly effective against smaller DDoS attacks—correctly setup, we might add.

Validate that your protection system is configured and working vs your application. Many organizations today invest in protection systems, but few really validate what kind the protection against more advanced attacks. What kind of tests do you need? Just basic load tests will not cut it, but normal traffic mixed with network layers attacks and application tweaks such as Slowloris will put your protection system to a test. DDoS stress tests should be carried out by test clusters that are deployed in a multitude of locations, around the world, to make the identification and blacklist a real challenge. Attack volumes today are high, so load traffic of up to 500 Gbps bandwidth and a million concurrent virtual users is a good starting point. Loads should be generated to your breaking point, and fast!

Protect Your Investment and Business

The sum of it all is that there is always a risk when you do business on the Internet. But that doesn’t mean you should retract from creating and maintaining a large website or a mobile application. Instead, you should take appropriate measures to protect this investment and the revenue generated by your business.

My rule of thumb is that at least ten percent of a company’s IT budget should be set aside for test and capacity planning. And, believe me, if you ever find yourself in the situation after a crash from either peak load or DDoS attacks, you will be convinced this money is well invested.

In Conclusion

Anticipate DDoS attacks. Prepare yourself. Do regular professional tests. Test your protection. Just because you have purchased protection doesn’t mean that it protects all your specific applications. Testing must not be overlooked.

Source: http://virtual-strategy.com/2016/07/11/properly-prepared-minimize-impact-ddos-attacks/

Mike McNeill’s Diary for Monday, July 11, 2016: Fighting off the DDoS

magnoliareporter.com experienced some technical issues on Friday. Our website is hosted by a service known as TownNews.com , which hosts and provides technical assistance to thousands of media-oriented websites across the country. TownNews.com was hit by a directed denial of service (DDoS) attack on Friday afternoon. This mainly manifested itself by making it difficult for us — and hundreds of other websites — to access our servers and make changes. People may have had difficulty accessing our website during that time. We do not think that our thousands of daily visitors have anything to worry about as TownNews.com technology responded immediately.

That said, it is probably a good thing that we are not president of the United States. To us, hackers present a clear and present danger to the security of the United States, which has our permission to deal with them with extreme prejudice.

North Korea is bent out of shape over the pending deployment by South Korea of the U.S.-made Terminal High Altitude Defense System, or THAAD. THAAD launchers and fire control systems are made in East Camden. North Korea’s military said in a statement that, “There will be physical response measures from us as soon as the location and time that the invasionary tool for U.S. world supremacy, THAAD, will be brought into South Korea are confirmed. It is the unwavering will of our army to deal a ruthless retaliatory strike and turn (the South) into a sea of fire and a pile of ashes the moment we have an order to carry it out.” Ohhhhhhh. We’re scared.

Seriously, how many submarines, cruisers, aircraft carriers, bombers and drones are circling offshore North Korea, ready to unleash hell at any given moment? And that’s just the U.S. military. That sea of fire and pile of ashes looks a lot like future downtown Pyougyang to us.

The Magnolia School District website is having a makeover. We’ll let you know when the site is up and running.

Looking for more widely spread drought conditions when the new report comes out later this week. We’re expecting more abnormally dry conditions in South Arkansas.

Patrick Posey died Saturday at his home near Benton, LA. Posey and his wife, Susan, performed much of the mural restoration work around the square a few years ago.

Some fool vandalized highway signs in the Walkerville area on during the weekend, but the hate speech written on them was cleaned up.

Our new online poll asks for your opinion about the state of race relations in Columbia County – whether they are better, worse or about the same as a decade ago. Another question might be what each of us, as individuals, is doing to make things better.

Five years ago, we reported that Walkerville Cumberland Presbyterian Church was dedicating a new manse. A year ago, we reported that Betsy Production was drilling an oil well on the SAU campus. Vice President Aaron Burr shot and mortally wounded former Treasury Secretary Alexander Hamilton in a duel on this date in 1804. Author E.B. White was born on this date in 1899. George Gershwin died on this date in 1937.

Source: http://www.magnoliareporter.com/news_and_business/mike_mcneills_diary/article_733b45f8-4720-11e6-9e2d-97f7f136ad46.html

WikiLeaks’ website was taken offline with a DDoS attack amid an ongoing hacker feud.

As a long-time feud between rival hacking groups boiled over, the WikiLeaks website was caught in the crossfire and brought offline by a distributed-denial-of-service (DDoS) attack on 5 June. However, rather than react with anger, leaked chat logs show how WikiLeaks’ Twitter account engaged the group responsible, called OurMine, and even offered hacking tips for the future.

Direct messages leaked to Buzzfeed show how WikiLeaks’ account, rumoured to be helmed by the website’s founder Julian Assange, told the group – which has become known for hacking the online profiles of high-profile figures – their talents could be put to better use.

OurMine has recently hacked a slew of celebrities and technology executives including Facebook’s Mark Zuckerberg, Google’s Sundar Pichai and Spotify founder Daniel Ek.

Every time, they leave a message telling the victim how weak their security is and leave a link to their website. Indeed the group claims to be a security firm rather than a hacking outfit.

In any case, as far as ‘hacks’ go, OurMine’s activity is fairly tame. Until WikiLeaks’ website was taken down – thanks to an ongoing head-to-head with the Anonymous collective – there was little real damage caused to victims other than embarrassment.

The DDoS attack took down the famous whistleblowing website by sending waves of traffic towards its servers, a common tactic used in hacktivist circles as a means of protest. After the incident, WikiLeaks got in touch and said the group was wasting its time by not making the most of the chances received by infiltrating profiles of the rich and famous.

“If you support us and want to show you’re skills, then don’t waste your time with DDoS etc,” the account wrote. “Find us interesting mail spools or docs and send them to [WikiLeaks]. That’ll have a much greater impact.”

After OurMine replied with “We never change their passwords we are just testing their accounts’ security” WikiLeaks said it was a “huge waste.”

The message continued: “There’s a lot more than (sic) could have been done with those accounts. Sending DM’s as Zuckerberg to further access elsewhere. Same with Google CEO. You could have used these accounts to gain access to much more significant information, revealing corrupt behaviour elsewhere.” Based on the chats, OurMine appeared to agree with the new direction. “Great idea,” it said.

One the hackers, speaking with Wired, previously said: “We don’t need money, but we are selling security services because there is a lot [of] people [who] want to check their security. We are not blackhat hackers, we are just a security group…we are just trying to tell people that nobody is safe.”

Source: http://www.ibtimes.co.uk/wikileaks-tells-ourmine-hackers-impersonate-high-profile-victims-reveal-corrupt-behaviour-1569499