US websites buckle under sustained DDoS attacks

South Korea, too


Websites belonging to the federal government, regulatory agencies and private companies have been struggling against sustained online attacks that began on the Independence Day holiday, according to multiple published reports.

At time of writing, most of the targets appeared to be afloat. Nonetheless, several targets have buckled under the DDoS, or distributed denial of service, attacks, which try to bring down a website by bombarding it with more traffic than it can handle. FTC.gov was experiencing "technical issues" on Monday and Tuesday that prevented many people from reaching the site, spokesman Peter Kaplan said.

Other sites, including FAA.gov, Treas.gov and DOT.gov also experienced outages, a person said familiar with the attacks told The Register. DOT spokeswoman Sasha Johnson said late Tuesday: "The DOT has been experiencing network incidents since this past weekend. We are working with the US Computer Emergency Readiness Team at this time."

Both Kaplan and Johnson declined to say whether their agencies' sites were under attack.

The DDoS attacks appear to be originating from compromised computers located primarily in the Asia Pacific region and are being delivered as plain-vanilla floods of ping, syn and UDP packets, said the person, who asked not to be identified because he wasn't authorized to share the details.

The attacks came as South Korean websites operated by the government and private companies also were hit, the Associated Press reported here. In all, 26 websites, including those run by Nasdaq, the New York Stock Exchange and the Washington Post are being targeted, according to The Washington Post, which also covered the attacks.

There seems to be some confusion about just how powerful the attacks are. The person familiar with the attacks said they were relatively modest.

"Most are easy to mitigate," the person familiar with them said. "I'm surprised any of these attacks are as effective as they are."

But an unidentified person briefed by government investigators told IDG News the attacks directed as much as 20 gigabytes to 40 gigabytes of bandwidth per second during their height over the weekend. They have since settled down to about 1.2 gigabytes per second, IDG said. ®

Broader topics

Narrower topics


Other stories you might like

  • Cloudflare says it thwarted record-breaking HTTPS DDoS flood
    26m requests a second? Not legit traffic, not even Bill Gates doing $1m giveaways could manage that

    Cloudflare said it this month staved off another record-breaking HTTPS-based distributed denial-of-service attack, this one significantly larger than the previous largest DDoS attack that occurred only two months ago.

    In April, the biz said it mitigated an HTTPS DDoS attack that reached a peak of 15.3 million requests-per-second (rps). The flood last week hit a peak of 26 million rps, with the target being the website of a company using Cloudflare's free plan, according to Omer Yoachimik, product manager at Cloudflare.

    Like the attack in April, the most recent one not only was unusual because of its size, but also because it involved using junk HTTPS requests to overwhelm a website, preventing it from servicing legit visitors and thus effectively falling off the 'net.

    Continue reading
  • Man gets two years in prison for selling 200,000 DDoS hits
    Over 2,000 customers with malice on their minds

    A 33-year-old Illinois man has been sentenced to two years in prison for running websites that paying customers used to launch more than 200,000 distributed denial-of-services (DDoS) attacks.

    A US California Central District jury found the Prairie State's Matthew Gatrel guilty of one count each of conspiracy to commit wire fraud, unauthorized impairment of a protected computer and conspiracy to commit unauthorized impairment of a protected computer. He was initially charged in 2018 after the Feds shut down 15 websites offering DDoS for hire.

    Gatrel, was convicted of owning and operating two websites – DownThem.org and AmpNode.com – that sold DDoS attacks. The FBI said that DownThem sold subscriptions that allowed the more than 2,000 customers to run the attacks while AmpNode provided customers with the server hosting. AmpNode spoofed servers that could be pre-configured with DDoS attack scripts and attack amplifiers to launch simultaneous attacks on victims.

    Continue reading
  • International operation takes down Russian RSOCKS botnet
    $200 a day buys you 90,000 victims

    A Russian operated botnet known as RSOCKS has been shut down by the US Department of Justice acting with law enforcement partners in Germany, the Netherlands and the UK. It is believed to have compromised millions of computers and other devices around the globe.

    The RSOCKS botnet functioned as an IP proxy service, but instead of offering legitimate IP addresses leased from internet service providers, it was providing criminals with access to the IP addresses of devices that had been compromised by malware, according to a statement from the US Attorney’s Office in the Southern District of California.

    It seems that RSOCKS initially targeted a variety of Internet of Things (IoT) devices, such as industrial control systems, routers, audio/video streaming devices and various internet connected appliances, before expanding into other endpoints such as Android devices and computer systems.

    Continue reading

Biting the hand that feeds IT © 1998–2022