Internet Crime Complaint Center reports DDoS attacks rising

As reported previously, LOIC is an open source network stress testing application, initially written in C++ and then ported to a JavaScript version to allow a web browser-driven attack to be launched.

The utility was originally developed Praetox Technologies, but was later released into the public domain, whereupon it was widely used by the Anonymous hacktivist group.

According to the IC3 report, gaming sites in particular have come under attack by multiple hacking groups using DDoS methodologies, with some reports suggesting that the attacks have been in response to the company's activities, whilst other attacks are in response to group rivalries.

"The IC3 continues to receive complaints reporting DDoS attacks, often to smaller e-commerce based businesses. One reported attack was DNS based", says the report.

"The company reportedly had 165 million hits over a three-day period, which overloaded their network and crashed their site. They stated their web hosting company attempted multiple solutions over the course of the attack, which lasted approximately ten days", it adds.

In another incident, three DDoS attacks in one week targeted a company, hitting the firm with high volumes of traffic, which saturated the uplinks of one of their ISPs.

"For more than 20 days in May 2011, a business's network and video same had been under DDoS attacks. The attacks targeted their master servers controlling access to all game servers and player logins", says the report.

"Through research, the company believed the attacker was in the United Kingdom and had also been extorting and threatening other individuals and committing credit card fraud. The company reported that their loss of revenue was approximately $50,000", the report adds.

The IC3 goes on to say that, since March of this year, one US firm has filed no less than six complaints about DDoS attacks, with the most recent involved two brute force attacks in May to the firm's FTP server using non-existent user name and various passwords.

Another company's site, meanwhile, was recently attacked on two occasions. The attacker, says the report, used at least 1,000 unique IP addresses to crash the site.

What’s Hot on Infosecurity Magazine?