Hackers Suck! Twitter Overwhelmed by Attack

About a week ago one of my clients was subject to a Hacker Attack! Why? Because Hackers suck. Evidently they have nothing better to do with their time except break, distrupt and destroy…

It actually seemed very automated but very clever too.

The Hackbot found its way into the shopping cart admin – a bug that has now been fixed – in and of itself not a huge deal – but here is the clever  part (sort of, except in this case it didn’t actually work, it just broke part of the site – which is how I discovered it).

In theory, the would have created links (about a dozen) that led to different profiles in a online forum (for real estate in Mexico – I alerted them about the bogus profiles). Those profiles all had links to “Canadian Pharmacy” sites (read about them on Wikipedia: http://spamtrackers.eu/wiki/index.php/My_Canadian_Pharmacy & http://spamtrackers.eu/wiki/index.php/Canadian_Health&Care_Mall). Here’s what spanwiki says about “My Canadian Pharmacy:

My Canadian Pharmacy (referred to in this document as MCP) is a longstanding Russian or possibly Ukrainian spam operation which has been relentlessly spamming email users around the world since at least the spring of 2004. The operators are currently wanted by numerous international law enforcement groups including Interpol and the FBI. They largely appear to be tied to credit card fraud and identity theft. There have been reports of consumers actually receiving a shipment in response to an order, but none known to us of a shipment containing active medications rather than placebo.

Numerous pharmacy oversight organizations have fielded several thousand complaints per year regarding this illegal operation. They and numerous law enforcement agencies continue to investigate as much as possible regarding the spamming, website setup, DNS setup and (alleged) order processing of this spam gang. This investigation is ongoing.

Spamhaus claims that this group of websites (and their other web operations including International Legal RX and US Drugs) may be linked to the illegal spam group Yambo Financials, who they allege also have direct ties to Alex Polyakov, currently the #1 spammer in the known world. Subsequent research has uncovered that this spam-promoted property is actually a part of the affiliate program known as “Bulker.biz”, whose public forum was at bulkerforum.biz prior to being shut down.

My Canadian Pharmacy is part of an umbrella group of websites which purport to offer discounted pharmaceuticals to an unwitting public. They are notable in that literally every single word, every single claim are 100% false. They lie in the spam messages they send, they lie in telling you their site is secure, they lie when they say your order is on its way. Even the name itself – My Canadian Pharmacy – is a fallacy. No known connection to the country of Canada is present in anything this group has done.

Wow, right!? So these guys not only inject code into unsuspecting sites but the also take over other servers to serve all the site images etc. Then when they are done they erase all trace of themselves.

So again – Hackers suck!

Twitter was shut down for hours Thursday morning by what it described as an “ongoing” denial-of-service attack, silencing millions of Tweeters. It was the first major outage the service has suffered in months and possibly the first ever due to sabotage.

Now this morning Twitter was shut down by what is known as a denial-of-service attack, silencing millions of Tweeters. It was the first major outage the service has suffered in months and possibly the first ever due to sabotage. So, what is a denial-of-service attack? In essence, the hackers overwhelm a site (in this case, Twitter) with so much inbound traffic that it disrupts or completely shuts down the network. Here’s what Wikipedia says:

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or persons to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers.

One common method of attack involves saturating the target (victim) machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.

Here’s the definition from US-CERT (United States Computer Emergency Readiness Team – I didn’t even know we had one):

In a denial-of-service (DoS) attack, an attacker attempts to prevent legitimate users from accessing information or services. By targeting your computer and its network connection, or the computers and network of the sites you are trying to use, an attacker may be able to prevent you from accessing email, web sites, online accounts (banking, etc.), or other services that rely on the affected computer.

The most common and obvious type of DoS attack occurs when an attacker “floods” a network with information. When you type a URL for a particular web site into your browser, you are sending a request to that site’s computer server to view the page. The server can only process a certain number of requests at once, so if an attacker overloads the server with requests, it can’t process your request. This is a “denial of service” because you can’t access that site.

This episode seems almost over, as Twitter is back up. However, their status blog still says:

The lesson here for all of us is – stay diligent, be smart, especially if you are running your own site. Understand what is happening on your site. If you suddenly were missing money from your checking account – my guess is that you would notice… The same holds true for you own site. Chances are that us “small fries” won’t ever be subject to a concentrated attack but the automated ones can be just as bad…