WHAT IS A DDOS ATTACK, ANYWAY?

If you’ve tried to use Xbox Live or PlayStation Network this month, you’ve probably experienced the effect of a Distributed Denial of Service attack. But what exactly does that mean? And why can such major, (generally) secure services be impacted by these attacks?

Denial-of-service attacks have been around for the equivalent of eons in the internet age. Online video game services are no strangers to being targets of DDoS attacks; previous generations of gaming have experienced them, though there has been a frequent spate of successful attacks against multiple gaming networks over the past year that have included Battle.net and specific games in addition to XBL and PSN.

Why are they so difficult to defend against? We reached out to security experts to shed some light on the issue. (We also contacted several video game publishers, but they declined to comment.)

What is a DDoS Attack?

For a lot of us without a deep understanding of network security, it is easy to think about DDoS attacks as a single “thing” companies can simply solve. But the term DDoS covers a large class of malicious attacks on network or internet infrastructure, so while some defenses may be simple, others are not so easily constructed.

According to Michael McKinnon, security advisor at AVG Technologies, the range of DDoS attacks includes those that flood servers with traffic to bring them down, but also a selection of them that known as application denial-of-service attacks. “Most common DDoS attacks work at a network layer, blasting senseless traffic at target systems, hoping to overwhelm them and exhaust all available bandwidth—this is the common understanding of what a DDoS represents for most people,” says McKinnon. “However, other denial-of-service attacks can include locking other users out, [like] through multiple failed password reset attempts and other such actions, or wiping databases and disrupting services in more specific ways.”

Most of the malicious attacks on the internet, in terms of volume, are reflection and amplification DDoS attacks.  “These attacks can range from anywhere from a few tens of gigabits per second—[which is already] quite large—up to the largest attacks that [have] been confirmed so far [at] about 400 gigabits per second,” says Roland Dobbins, senior security engineering and response team (ASERT) analyst at Arbor Networks.

Dobbins adds that when troubleshooting and anticipating how to defend against attacks, there are a couple of considerations to take into account. “The first consideration is that they tend to fill up the last kilometer link between an ISP from whom a gaming provider is buying transit and that gaming providers internet data center. Another consideration is that the attacks which get into the dozens or hundreds of gigabits per second, can actually fill up the peering and the core links of all the ISPs in the path,” he explains. “And so they absolutely can consume the network capacity in multiple intervening networks between the reflectors, [the] amplifiers used in the attack, and the actual target.”

In other words, companies trying to protect themselves from ongoing or future DDoS attacks have several components of the network to monitor. Traffic can overwhelm the part of the pipeline between the ISP and the gaming service (be it Xbox Live or Battle.net), or it can flood the connections between the various ISPs and some big companies who’ve agreed to use each other’s network to channel traffic. Those waging the attack do so by sending requests to innocent computers while posing as the target; when those “reflectors” send a response, they direct them to the site or service that’s the intended victim.

Combined with amplifiers, or types of protocols used in conjunction with reflected attacks, the data being transmitted can be magnified by up to 179 times more. The servers used in the amplification attack ultimately flood the target site and the network it’s on with a huge amount of responses, meaning attackers don’t need a lot of network capacity themselves to increase the original amount of traffic by 6,000 to 9,000 times.

The end result: the attacking traffic ends up causing a shutdown of the overloaded target server(s), and/or squeezing out legitimate traffic to and from the target.

Why are DDoS Attacks so Difficult to Defend Against?

The mix of distributed attacking traffic and legitimate traffic during a DDoS attack is precisely why they’re so hard to defend against.  “Identifying your attacker against a backdrop of legitimate users to your online service can be quite an art, and when you have only one attacker (i.e. a traditional DoS attack), blocking them is quite easy,” McKinnon says. “But, when you’re being simultaneously bombarded by hundreds or thousands of attackers it takes valuable time that you don’t have—and often battling against dwindling bandwidth and access to stop the attack.”

Defending against a DDoS attack is also difficult because of the cost involved. As McKinnon explains, companies must “over-invest” in bandwidth, applications, or infrastructure for a possibility that might happen rarely. This causes many companies to choose to view DDoS attacks as an occasional inconvenience.

“However, the seriousness of DDoS attacks should not be underestimated,” he adds. “Sometimes a DDoS attack can cause unintended consequences that may expose new vulnerabilities under load, or create opportunities for unauthorised access leading to other breaches.”

Why do DDoS Attacks Keep Happening?
Given that it’s in a company’s best interest to protect its customers, why would one keep allowing DDoS attacks to happen? Simply put, that stems from a juggling act that enables the very circumstances that permit DDoS attacks to be common.

“When you’re running a publicly accessible service online, you need to allow the public to have access—and that means you’re never sure when you have to close the front doors to your virtual space to stop people coming in,” McKinnon explains. “[Also,] DDoS attacks from a technical perspective are about the simplest and easiest form of online attack available.“

In other words, DDoS attacks are familiar events because companies want everyone to be able to access their service, and executing one requires almost no technical knowledge—just the right tools.

What are Companies Doing Wrong?

However, Dobbins notes that while the volume of attacks presents some unique challenges for companies, they can be overcome.

He believes many online gaming operators continue to suffer because they opt out of participating in the global operational security community. These are close, vetted communities where operators involved not only marshal their own resources when under attack, but can reach out and ask other operators to assist them.

Others have not implemented the most current defenses to protect their network infrastructure as well as their routers and Layer 3 switches from attack. “In many cases, the attackers will try to attack the routers and switches rather than servers directly because network operators may not have implemented the best current practices required to enable these devices to defend themselves,” Dobbins says.

The architecture of games also is a problem, since online games usually rely on one or two of the models well-known to attackers. “The first model is that shared game sessions and gaming matchmaking are instantiated on servers which are owned by the gaming operator,” he says, explaining that a centralized architecture makes it relatively easy for attackers to identify and attack the architecture directly.

“The second model is a pseudo-decentralized model where the matchmaking and directory servers, where players find one another, are centralized, but the actual games run locally. One of the participants in a particular gaming session their PC or the console hosts the session and the shared game world. Since DDoS attackers have become quite adept at identifying games of this nature, it’s relatively easy for them to attack the IP address of the consumer users who are hosting the session and knock it over.

What Can Companies Do?

While some developers have begun to use a more decentralized directory model, Dobbins believes that changes in the architecture of even more games need to take place. In this way, the directory information and the game sessions would be spread out among a sea of users, and not rely on a particular player’s computer or a specific host. Dobbins explains: “The directory itself is distributed and the games sessions themselves are distributed; one particular player’s PC or console doesn’t host the entire game, but instead the game is sharded even further, so that the composite shared gaming session is shared amongst many different users. No one PC, no one console is will be the “master,” so if one is knocked over by an attack, the shared session continues.”

Gaming companies can also take advantage of gaming intelligence gathered from player behaviours within the shared gaming environment, according to Dobbins. Tracking and analysis of player behaviour can help identify player accounts that may be associated with a DDoS attack and allow companies to start building predictive models to see attacks ahead of time.

“There are some game operators who have done these things and they’re the operators who don’t go down,” Dobbins says. “[They’re the ones] who have learned through experience [and] have taken these lessons to heart.”

Source: http://ca.ign.com/articles/2014/12/17/what-is-a-ddos-attack-anyway

Post-hack, is Sony Dishing Out Revenge DDoS?

The recent string of malicious attacks against Sony Pictures by hacker collective the Guardians of Peace has resulted in a range of personal and at times embarrassing information leaked to the public, from internal emails discussing Angelina Jolie and President Obama, to competitive secrets and upcoming movies like Annie. Supposedly, Sony hasn’t taken the situation lying down: some sources claim that the entertainment giant has conducted a retaliatory, large-scale DDoS attack against the websites hosting the leaked information.

According to unnamed sources speaking to Re|Code, Sony is “using hundreds of computers in Asia to execute what’s known as a denial-of-service attack on sites where its pilfered data is available,” via Amazon Web Services, which has data centers in Tokyo and Singapore. The idea is to disrupt downloads of sensitive information, the sources said.

Sony has declined to comment on the story. But what, if anything, would such an approach accomplish?

“If, in fact, Sony is planning retaliatory attacks against websites that are keeping their leaked information, this probably won’t stop hackers from attacking them; it may only spur them to greater action,” said Marc Gaffan, CEO and co-founder of Incapsula, in an email.

That said, there’s no doubt that DDoS attacks are also very costly to the victims. Incapsula found that just one hour under the gun of a DDoS attack can cost a company upwards of $40,000. And, thanks to the abundance of cloud infrastructure for hire, it’s not difficult to initiate the attacks.

“However, launching DDoS attacks is illegal, regardless if it is in response to an attack or in self-defense,” Gaffan said. “While these types of attacks are effective in shutting down websites, it will also impact innocent parties that are caught in the line of fire. If Sony is fighting back, we hope that they are better prepared to thwart these attacks than they were two weeks ago.”

As we previously reported, it’s believed that North Korea is behind the incident, in retaliation for the release of the comedy The Interview, which features Seth Rogan and James Franco as hapless journalists recruited by the CIA to assassinate North Korean leader Kim Jong-un. Pyongyang has called the film “an act of war.”

Sony chiefs Michael Lynton and Amy Pascal have sent an email to employees noting that the company was still examining the full extent of the attack, which resulted in the leaking of upcoming movies like Fury and Annie online, as well as the lifting of various corporate data. It also wiped out data on a swath of its network.

Source: http://www.infosecurity-magazine.com/news/posthack-is-sony-dishing-out/

Toronto Police Service website down after DDoS attack

The Toronto Police Service website went down on Sunday evening after a Twitter user threatened to hack it.

According to police, the site was the subject of a Distributed Denial of Service (DDoS) attack.

Twitter user @AerithTOR claimed responsibility for the attack on the social networking site.

A DDoS attack floods a website with several requests and if the website’s server cannot handle the volume of requests, the website crashes.

@AerithTOR also suggested that they would be targeting the Conservative Party of Canada and Parliament of Canada websites. Both sites were online Sunday night.

The Ottawa Police Service and Supreme Court of Canada websites went down on Saturday evening. The Ottawa police website was still down as of Sunday night.

The City of Ottawa website was hacked Friday evening and replaced with a black screen and a dancing banana, along with a message attributed to @AerithXOR. @AerithTOR claimed this was his former account and said it had been suspended.

The message the hacker left on Ottawa’s police website contained the name of an area police officer. The officer was involved with the investigation of an Ottawa teen who is alleged to have made calls reporting fake emergencies to emergency services agencies across North America.

Toronto police were unavailable for further comment. The Toronto Police Services website remained offline on Sunday night.

Source: http://www.thestar.com/news/crime/2014/11/24/toronto_police_service_website_down_after_ddos_attack.html

Final Fantasy 14 servers currently experiencing DDoS attacks

Square Enix has revealed Final Fantasy XIV: A Realm Reborn is currently under a DDoS attack, which has resulted in log-in difficulties for players over the past few days.

“Currently we are experiencing DDoS attacks from an anonymous third-party targeting the Final Fantasy XIV game servers on the NA/EU data center,” Square Enix shared on the Final Fantasy XIV website. “Due to this attack, our game servers, network equipment and network connection are being hit with heavy load at an extensive level, which is causing a disconnection from the game and login difficulties.”

Square Enix claims both personal customer information and character data are in no danger of being exposed, which is true considering a DDoS attack wasn’t engineered to be used as a hacking tool. Instead, it just floods servers with requests to a point where they often become overwhelmed.

“Our technical staff is taking every possible measure to address this issue but the attack is still continuing to take place by changing their methods at every moment,” Square Enix adds. “We will continue to monitor and work on recovery from every possible angle.”

Just last week, Blizzard said World of Warcraft’s North American servers suffered a DDoS attack just days after its latest expansion, Warlords of Draenor, was released. Final Fantasy XIV’s first expansion was announced back in October and won’t release until spring 2015, which makes it difficult to even attempt to understand why this particular attack is happening.

Source: http://www.shacknews.com/article/87176/final-fantasy-14-servers-currently-experiencing-ddos-attacks

DDoS Explosion Imminent for Guy Fawkes Day

Guy Fawkes: famous for a plot to assassinate England’s King James in 1604 and for guarding copious amounts of gunpowder, is remembered every Nov. 5 in Britain with fireworks and bonfires. Researchers say that businesses should brace themselves for a different kind of plot: an influx of distributed denial of service (DDoS) attacks from hacktivist group Anonymous on Wednesday.

“The forecast for the future looks dark, as we expect to see many DDoS attacks during Guy Fawkes Day on November 5, as the Anonymous collective has already announced various activities under the Operation Remember campaign,” said Candid Wueest, threat researcher at Symantec, in a blog. “However, hacktivists protesting for their ideological beliefs are not the only ones using DDoS attacks. We have also seen cases of extortion where targets have been financially blackmailed, as well as some targeted attacks using DDoS as a diversion to distract the local CERT team while the real attack was being carried out.”

DDoS attacks have grown in intensity as well as in number in the last two years, although the duration of an attack is often down to just a few hours. Amplification attacks especially are very popular at the moment as they allow relatively small botnets to take out large targets with amplification factors of up to 500. For such an attack, spoofed traffic is sent to a third-party service, which will reflect the answer to the spoofed target.

“Such attacks are simple to conduct for the attackers, but they can be devastating for the targeted companies,” said Wueest.

From January to August 2014, Symantec has seen a 183% increase in DNS amplification attacks, making it the most popular method seen by Symantec’s Global Intelligence Network. Multiple methods are often used by attackers in order to make mitigation difficult and, to make matters worse, DDoS attack services can be hired for less than $10 on underground forums.

“It is the distribution of hosts that attracts attackers — such as the group Anonymous — as it provides multiple advantages; undetectable location, multiple machines and identity anonymity,” said Alex Raistrick, director cybersecurity solutions at Palo Alto Networks. And all of that “which makes DDoS attacks an appealing instrument for destruction on Guy Fawkes Day,” he added.

As far as mitigation, Raistrick noted that some attacks simply exploit vulnerabilities that subsequently crash or severely destabilize the system so that it can’t be accessed or used.

“Segmentation helps to block attacks trying to spread from one area of the network to another,” he said. “Next-generation firewall will also directly contribute to a stronger overall security platform, starting with the endpoint and detecting attacks there as well as detecting when threats are attempting lateral moves within networks.”

He added, “Essentially, make your estate difficult and expensive to breach — and the bad actors will go elsewhere.”

Source: http://www.infosecurity-magazine.com/news/ddos-explosion-imminent-for-guy/

Register for DDoS Protection and Response Strategies Webinar!

As cyber-criminals innovate and develop new techniques to tackle defensive methods, it has never been more important for information security professionals to have strong, proactive defense and remediation strategies in place. During this webinar, the speakers will share insight on how to address the risks and respond to attacks.

  • Hear about the evolution of and motivations behind DDoS attacks and the attack vectors exploited
  • Discover how to implement multi-layered DDoS defense
  • Identify best practice detection and classification techniques

Discover how to implement resilient DDoS incident response practices

Date: November 12th 2014
Time: 10:00AM EST/15:00 GMT

Click here to register !

The DDoS Protections Services Landscape

As the Director of Sales for DOSarrest Internet Security I have the opportunity to speak with many prospects looking for DDoS protection service for their corporate website.

What I have learned is that there are many competitors offering what I would call a “bare bones vanilla offering”.

Some offer free service to service ranging in price from $200 – $300/month. These plans offer a very basic protection. They also advertise an Enterprise offering that has an expense starting point can really turn into being quite costly depending on your circumstances.

The Enterprise service is the offering that any company that is serious about protecting their website should consider. There are a few issues with each of these offerings that I’d like to point out.

These competitors claim they have a very large number of clients utilizing their services but fail to mention that 80-85% of them are using their free service. Roughly 10 -15% of their customers are using their $200-$300/month service which again is really just a basic protection with limited protection capabilities.

When a company witnesses a large attack, which is completely out of their control, they are told they should upgrade to their enterprise offering.  I hear from prospects quite often that this $200 – $300/month service does not offer adequate protection nor customer support.

In most cases there is no phone support included at all! Also they will charge the client based on the size of the attack? How can a client control the size of an attack they are experiencing! This uncertainty makes it virtually impossible for a company to budget costs. Let’s not be mistaken, their goal is to get you onto their Enterprise offering which will cost you in excess of a thousand dollars per month.

Alternately at DOSarrest Internet Security we offer a single Enterprise level service for all of our clients.

The service includes full telephone and email access to our 24/7 support team with our service. This provides you direct access to system experts. We do not operate a tiered support service given the criticality of the service.

Also we protect our clients from all DDoS attacks regardless of size without the need to pay us additional depending on the size of an attack.

We also include an external monitoring account with our service called DEMS which stands for our DOSarrest External Monitoring Service. This allows our 24/7 support team to monitor your website from 8 sensors in 4 geographical regions.

We proactively inform our clients if we notice any issues with their website. Most of our competitors do not offer this service and if they do it is not included free of charge to their clients.

DOSarrest has been providing DDoS protection services since 2007. Globally we were one of the very first DDoS protection providers and have successfully mitigated thousands of real world attacks. This is a not an “add on product” for us. Our team has the experience and the protection of a client’s website is our #1 priority. Please visit our newly revamped website and take a look at the testimonials page to see what some of our current customers are saying about their experience with us.

 

Please feel free to reach out to me directly or anyone on our sales team at sales@dosarrest.com for further information on our service.

Brian Mohammed

Director of Sales for DOSarrest Internet Security LTD.

HUGE DDOS ATTACKS ON THE RISE

Anonymous attacks predicted as Guy Fawkes Day approaches. 

Hackers are increasingly using domain name serves (DNS) amplification to deliver huge amounts of traffic in distributed denial of service (DDoS) attacks, according to a white paper from security company Symantec.

Between January and August of this year the firm observed an 183% increase in the use of such attacks, in which hackers deliver requests to DNSs prompting floods of traffic to the target.

Candid Wueest, threat researcher at Symantec, said: “Distributed denial of service attacks are not a new concept, but they have proven to be effective. In the last few years they have grown in intensity as well as in number, whereas the duration of an attack is often down to just a few hours.

“Such attacks are simple to conduct for the attackers, but they can be devastating for the targeted companies. Amplification attacks especially are very popular at the moment as they allow relatively small botnets to take out large targets.”

Attack patterns employed by hackers can move over time as companies seek to defend themselves against popular attacking strategies, in what is often compared to an arms race.

Many hackers now sell DDoS attacks for as little as $5 online, although denial of service continues to popular among so-called hacktivists such as Anonymous, who engage in cyber attacks as a means of political protest, or what some may consider terrorism.

Wueest added that Shellshock bug earlier this year which affected the command lines of Unix, Linux and Mac had allowed hackers “to install DDoS scripts on a variety of servers”, with some building “a powerful DDoS botnet”.

“The forecast for the future looks dark, as we expect to see many DDoS attacks during Guy Fawkes Day on November 5, as the Anonymous collective has already announced various activities under the Operation Remember campaign,” he said.

“We have also seen cases of extortion where targets have been financially blackmailed, as well as some targeted attacks using DDoS as a diversion to distract the local CERT team while the real attack was being carried out.”

This year saw a DDoS attack measuring 400Gbps, the fastest on record, with many attacks said by Symantec to be in excess of 100Gbps. India was found to be the most common source for the attacks at 26%, with the US accounting for 17%.

Source: http://www.cbronline.com/news/security/huge-ddos-attacks-on-the-rise-4412905

Thought you knew about DDoS? Think again

Twitch.tv is just the latest distributed denial-of-service (DDoS) victim in a seemingly never-ending stream of attacks. Shortly after Amazon announced that it had acquired the streaming gaming service, Twitch.tv experienced a coordinated DDoS attack that completely shut it down. For those who make their livelihood through the service, this attack was more than a nuisance. Failing to understand how DDoS attacks work and how dangerous they can be leaves your network open to risk. Below is a compilation of myths that you need to overcome if you hope to protect your assets.

Myth 1: Hackers launch DDoS attacks to consume network bandwidth.

In the news, the seriousness of a DDoS attack is typically measured by the size or amount of attack traffic (e.g. number of Gigabits per second). By using only this measure, the media leads many people to mistakenly believe that all DDoS attacks are targeting bandwidth resources. In fact, DDoS attacks can also be designed to consume system and application resources as well. Thus, the size of the attack traffic is only one of several aspects that determine the severity of an attack.

That’s because the same amount of attack traffic can produce a greater or lesser impact depending on the method employed. Sometimes, people mistakenly assume that SYN flood attacks are a type of DDoS attack that targets network bandwidth resources. In fact, the primary threat posed by SYN flood attacks is their consumption of connection table resources. Even with exactly the same level of attack traffic, a SYN flood attack is more dangerous than a UDP flood attack.

Myth 2: DDoS attacks are always flood attacks.

A DDoS attack connotes the idea of speed. Many people think of UDP flood attacks, SYN flood-type attacks, RST flood-type attacks and the like when they hear the phrase “DDoS attack.” In fact, although flood-type attacks account for a large proportion of DDoS attacks, not all of them are. There are also low-and-slow attack methods. Essentially, a DDoS attack consumes a large number of resources or occupies them for a long period of time in order to deny services to other users. Flood-type attacks rapidly send a large amount of data and requests to the target, but low-and-slow attacks are different. They slowly but persistently send requests to the target and thus occupy resources for a long time, eating away at the target’s resources bit by bit. If we view a DDoS attack as an assassination, a flood-type attack is like an assassin who uses a machine gun. A low-and-slow attack is akin to death by a thousand cuts.

Myth 3: Botnets of hijacked PCs are the source of all DDoS attacks.

Internet security professionals adhere to the tenet that all DDoS attacks are launched from botnets. However, not all attacks are carried out by botnets composed of personal computers that have been hijacked by hackers. As technology has advanced, the processing performance and bandwidth of high-performance servers used by service providers have rapidly increased. Correspondingly, the development and use of traditional botnets composed of PCs have slowed. Besides the processing capability factor, PCs normally have very limited bandwidth resources, and their in-use periods fluctuate. Therefore, some hackers have begun to look to high-performance servers; these were used during Operation Ababil’s attacks on U.S. banks. In addition, attacks are not always carried out by commandeering sources; the hacktivist group Anonymousprefers to launch attacks using large numbers of real participants. We call this a “voluntary botnet.”

Myth 4: Vandalism and mischief are the only goals of DDoS attacks.

People don’t understand the motives of hackers; why use all that brainpower for no purpose? DDoS attacks take some technical skill and directly result in the destruction of network service availability. This doesn’t seem to benefit hackers, but hiding behind this simplistic stereotype are hackers who know the value of a bitcoin. The current generation of hackers are much more sensitive to benefit calculations than average people. They use destructive power in exchange for profit, they use destructive deterrents to avoid losses to themselves and they use destruction as leverage to shift the playing field to their advantage. Destruction is only one part of DDoS attack motivation; the true goal is almost always profit of some sort.

Myth 5: DDoS attacks are not a concern for small websites and businesses.

If you operate a website, even if you derive little income from it or engage in non-profit activities, you are still not exempt. Any site can be considered fair game for profit. When cybercriminals are choosing extortion targets, they know that attacks on major websites may be more profitable, but at the same time the costs and risks are usually also greater. However, with smaller sites, their defenses are usually weaker and an attack is more likely to succeed. Furthermore, competition is one of the major reasons that spurs DDoS attacks. Newcomer businesses may attack established businesses to steal customers, and established businesses may attack newcomers to remove potential competition. Malicious retaliatory attacks might not be concerned with size and scale; they may just want to prove a point. As long as a website is vulnerable, it may suffer a DDoS attack.

Source: http://www.scmagazine.com/understanding-the-ddos-threat/article/376191/

Drone Incident Followed By A Massive Hackers’ Attack On Serbian Media

BELGRADE – After the termination of the football match Serbia – Albania, because of a drone with a flag of the so-called “Greater Albania”, a massive hackers’ attack folowed on Serbian media websites, organized by the Albanians, said the president of the Association for Information Security of Serbia Zoran Zivkovic.

“On Tuesday, after 9 pm, websites of all relevant media in our country were targeted by a massive organized hackers’ attack, and only one remained intact,” said Zivkovic for “Vecernje Novosti”. He said that the so-called DDoS attack on Serbian media’s websites was performed with approximately 1.5 million computers around the world, and the Albanians were not able to do it independently, but were able to pay for help. Speaking of the price that the Albanian side had to pay to “someone,” Zivkovic said that the average value of a DDoS attack is 100,000 dollars per hour. He is convinced that the attack was paid to some major hacker organizations, which controll “bots” on millions of computers, whose owners do not know [that their computers are “zombies”], and that the precision of attacks and the selection of targets point that everything was carefully planned. He said the attack lasted several hours and was stronger than 35 gigabits per second, which is unprecedented in our region. Peak of the attack, according to an analysis made by Zivkovic, took place at 9.30 pm, when the “attackers” bombed Serbian media servers with 40 gigabits per second, and only one well-protected site remained intact, while others were blocked, over-flooded.

Source: http://inserbia.info/today/2014/10/drone-incident-followed-by-a-massive-hackers-attack-on-serbian-media/