Raspberry Pi Foundation DDoS Attack

razz Pi tail D commonwealth AttackE CrimeThe perfective gose E Crime The shit Pi FoundationAssessment The perfect E Crime The Raspberry Pi FoundationTable of limit1 Introduction1.1 Aim1.2 Methodology1.3 Justification2 What is E-Crime?2.1 Types of E-Crime?3 The Raspberry Pi Foundation4 The Attack5 land round offs5.1 D commonwealth eruptions5.2 Botnets5.3 Protocol Attack5.4 SYN Flood6 Tools6.1 High orbit ion carom6.1.1 High orbital cavity Ion hit Capabilities6.2 Apache sea wolf7 Defending D make7.1 D res publica defense organisation7.2 D res publica Defence outline Benefits8 utilisation of a res publica feeler8.1 countrying a website8.1.1 The Result9 Possible Perpetrators9.1 Threat Agents9.2 Who atomic number 18 the perpetrators?10 Conclusion11 References view 1 D state of matter Attack get in 2 High domain Ion carom phase 3 Apache Killer externalize 4 DDoS Defence SystemFigure 5 verify PromptFigure 6 outset study Ion hit touch onFigure 7 little Orb it Ion Cannon contendingFigure 8 petty(a) Orbit Ion Cannon URLFigure 9 Result of a successful DoS on a website1 IntroductionIn this idea the information result be base around a case study of an e crime against a SME (small-medium enterprise) that has grapplen place during the past 10 years. The story that has been chosen is the Raspberry Pi Foundation that was hit by DDoS onslaught on the seventh march 2013. The report will hence explain how a cyber-criminal cogency hold back conducted this particular crime and try to assess the method and processes they top executive have accustomd, including the legal documents, both(prenominal) hardw ar and softw be. While discussing tools, the report will tell an example of how the tools are used to commit the crimes used from the story. The report will overly show how you crowd out defend transcriptions from the attack that was chosen.1.1 AimThe presence of this report is to demonstrate an understanding of cyber-attacks t hat are used against small, medium enterprises, and the tools (software and hardware) they use to be able to carry out these attacks.1.2 MethodologyThis report was compiled utilising supplementary resources, including a variety of books obtained from the library, as well as internet sources a good deal(prenominal) as websites and PDFs.1.3 JustificationE-Crime Wales have documented that a Denial of aid attack is one of the most common lawsuits of E-crime. (E-Crime Wales, 2012)Denial of service attack was chosen because its one of the most common e-Crimes out thither, it is in addition probably one of the easiest attacks to perform, the tools used for this type of are attack are freely available to find and download, lightsome to use and very powerful.The fraternity chosen was a SME and the attack was done in the last ten years.2 What is E-Crime?E-Crime is a criminal activity where a calculating machine or calculator ne iirk is the source, tool, target, or place of a crime. E-Crime is not unavoidably in force(p) for computing purposes E-Crimes muckle in addition be crimes such(prenominal) as fraud, stealth, blackmail, forgery and embezzlement. E-Crime is quite difficult to be get along aware of and also punish because of how difficult it is, and also because attackers are able to hack victims thousands of miles away. delinquent to E-Crime getting a lot giganticger and technology is becoming to a greater extent advanced, new threats are rising very quickly and are also quite difficult for companies and people to react to them. (E-Crime Wales, 2011)2.1 Types of E-Crime?According to the UK Government, around 87% of small businesses were victims of a security incident in 2013 up 10% and the average cost of a comp whatsoevers worst incident was 35,000 65,000 (Gov, 2013)In Wales alone it is estimated that attacks from e-criminals cost the economy around one billion. This involves financial loss, interruption of business, theft of valuable data, i dentity theft and a lot more caused by unauthorized entrance to systems. (Prior, N, 2013)Types of E-Crime are as followsHardware Theft individuality TheftPhishingPharmingMalwareVirussCyber Terrorism3 The Raspberry Pi FoundationThe Raspberry Pi Foundation is charity that was founded in 2006 which is back up by the University of Cambridge Computer Laboratory and Broadcom. The charity is there to promote computer science in schools, and is the developer of the single board computer the Raspberry Pi. In 2011, the Raspberry Pi Foundation developed a single-board computer named the Raspberry Pi. The Foundations goal was to offer two versions, priced at around 30. The Foundation started evaluate orders for the higher priced model on 29 February 2012. (Raspberry,FAQ, 2009)4 The AttackThe important attack was the third attack of out of seven days. The bum was attacked on the after(prenominal)noon of the 3rd march, where the site was disrupted for about an hour. The foundation was then again attacked two days later on the 5th march, just now nothing happened and the attackers gave up after a few hours, finally on the evening of 7th March 2013, the Raspberry Pi Foundation website was attacked by a nasty Distri moreovered Denial of Service (DDoS) attack. The hosts where hit by a SYN soaker, a botnet that contained around 1 million nodes. This caused the website to become very slow, curiously the forum pages. The website was also down for a few hours. This attack proved to be the worst out of the three attempts.5 DoS attacksDoS refers to Denial of service attack. A DoS attack is an attack that send away make a web resource unavailable to its users by fill the target URL with more requests than the server poop handle. That means that continuous traffic on the website will be either slowed down or completely interrupted. (Bull Guard, 2012)5.1 DDoS attacksDDos refers to distributed denial of service attack. A Distributed Denial of Service (DDoS) attack is a DoS attack that comes from more than one source at the comparable time. A DDoS attack is generated exploitation thousands crapper be up to hundreds of thousands of zombie machines. The machines used in such attacks are cognize as botnets in this attack there were around one million nodes in the botnet. The botnets are normally infected with malicious software, so they heap be remotely controlled by the attacker. Attackers usually create the denial-of-service by either consume server bandwidth or impairing the server itself. Targets are normally web servers, DNS servers, industriousness servers, routers, sackingwalls and Internet bandwidth. (Verisign, 2012)Figure 1 DDoS Attack5.2 BotnetsCriminals use bots to infect whopping numbers of computers. These computers form a network, or a botnet. Criminals use botnets to dismount out spam email messages, spread viruses, attack computers and servers, and commit other kinds of crime and fraud. If a computer becomes part of a botnet, then the computer might slow down and maybe unintentionally be support criminals. (E-CrimeWales, 2011)5.3 Protocol AttackThe attack used against the raspberry pi foundation was a SYN flood from a botnet. This is called a protocol attack. Protocol attacks include attacks such as SYN floods, fragmented packet attacks ETC. These types of attacks target server resources, firewalls and load balancers, and is mea trustworthyd in Packets per second.5.4 SYN FloodA SYN flood DDoS attack exploits a weakness in the TCP conjunction sequence which is known as the three way handshake, SYN requests to start a TCP connection with a host must be answered by a SYN-ACK reaction from that host, and then confirmed by an ACK (ACKnowledge) response from the requester. In a SYN flood attack, the requester sends multiple SYN requests, but some(a)times it doesnt respond to the hosts SYN-ACK response, or sends the SYN requests from a spoofed IP name. Either way, the host system continues to reckon for ack nowledgement, binding resources until no new connections can be made, and then resulting in a denial of service attack. (Incapsula, 2012)6 Tools6.1 High orbit ion caromFigure 2 High Orbit Ion Cannon(Breeden, J, 2012)The High Orbit Ion Cannon is a tool used mainly by unnamed but also used by other hacktivists. The High Orbit Ion Cannon is an upgrade of the Low Orbit Ion Cannon, but it seems that the High Orbit Ion Cannon is mainly used to just DoS websites instead of servers, which you can do on the Low Orbit Ion Cannon. The High Orbit Ion Cannon is able to use custom scripts to target more than just a websites home page. Instead of visiting the site from a actor user, the High Orbit Ion Cannon targets sub-pages. So the attackers try to visit the obtain page, help pages, article pages and anything else a victim site has to offer. This method prevents some firewalls from recognising that the website is being attacked. Even if they do detect whats happening, they will have trouble shutting down because the software is sending multiple bull users to multiple pages within a domain. (Breeden, J, 2012)The High Orbit Ion Cannon is really not that powerful for single users if they want to attack a big organisation, Anonymous say at least 50 people collect to attack a big organisation in order to take the website down. In this instance a single user could of used this type of tool to bring down the Raspberry Pi Foundation website for a few hours, mainly because the Foundation wouldnt have (or very little) anti DDoS software to have been able to stop the attack. (Breeden, J, 2012)6.1.1 High Orbit Ion Cannon CapabilitiesHigh-speed multi-threaded HTTP FloodingSimultaneously flood up to multiple websites at onceScripted Boosters to handle DDoS counter measures and increase DoS output.Generating denary HTTP Header to create the genuine traffic flow scenario.(Avkash, K, 2012)6.2 Apache KillerFigure 3 Apache Killer(Expert Hacker Home, 2012)Apache killer is a DDOS/DOS t ool written in Perl which sends HTTP get requests with multiple byte ranges, these byte rangesoccupya wide variety of portions in the memory space. Byte Range helps browsers or downloading applications to download required parts of files. This helps ignore bandwidth usage. While the script sends dozens of unsorted components in the request head word to cause the apacheserver to malfunction. (Rafayhackingarticles, 2012)If the attack is successful the results can be devastating and can end up in rendering the original operating system unusable only if the requests are sent parallel. (Hoffman, S, 2011).7 Defending DDoS in that respect are a number of ways to defend against DDoS attacksBlack-holing or sinkholing This memory access blocks all traffic and diverts it to a black hole, where it is cast away. The downside is that all traffic is discarded good and bad, packet-filtering and rate-limiting measures simply shut everything down, denying access to legitimate users. (ComputerWorl d Inc, 2004)Routers and firewalls Routers can be configured to stop simple ping attacks by filtering nonessential protocols and can also stop invalid IP addresses. However, routers are pretty much useless against a more educate spoof attack and application-level attacks using valid IP addresses. Firewalls can shut down a specialized flow associated with an attack, but like routers, they cant perform anti-spoofing. (ComputerWorld Inc, 2004)7.1 DDoS Defence SystemFigure 4 DDoS Defence System(Coreo vane Security, 2012)The DDoS Defence System (DDS) prevents DDoS attacks from crippling firewalls, intrusion prevention systems (IPS), switches and targeted web and DNS servers. It stops all types of DDoS attacks and maintains serious availability without effecting performance. DDS provides maximum protection for critical IT assets while allowing full access to legitimate users and applications. (Coreo Network Security, 2012)DDS detects and blocks all forms of DDoS attacks, includingAppli cation storyNetwork layer floodingSpecially crafted exploitsReflectiveOutbound attacks7.2 DDoS Defence System BenefitsDetects and mitigates both traditional network-layer DDoS attacks and more advanced application-layer attacksProtects your network, allowing legitimate communications to pass without waitprovides automated real-time defence against identified DDoS attack sources8 Example of a DoS attackThe following attack was performed in a virtual environment using DoS and DDoS software. In the example the DoS tool that was used was the Low Orbit Ion Cannon and Windows server 2008.Figure 5 Command PromptAs you can see in figure 5, it shows a simple IPconfig command to show the IP address for the attack.Figure 6 Low Orbit Ion Cannon readyIn Figure 6 you can see that the Low Orbit Ion Cannon is ready to set off. As you can see the Server 2008 IP address has been locked on ready for it to be DoSed. Just underneath the address you can see the speed of the attack, the faster it is t he more requests that are sent to the server, underneath that it then shows the method, port, thread and timeout for the attack.Figure 7 Low Orbit Ion Cannon attackingAs from figure 6 you can see all the things are the same and ready to go. After clicking IMMA CHARGIN MAH LAZER you can see the attack is working by looking at the can buoy of Figure 7 where it is showing the number of requests being sent. That number was just after around one minute of the server being attacked, so the amount requested would be a lot higher after around five minutes time which would probably be bountiful time. The purpose of Dosing a server is so that it stops any requests to that server, it sends multiple fake requests to the server stopping anything else being connected to it.8.1 DoSing a websiteFigure 8 Low Orbit Ion Cannon URLThe Low Orbit Ion Cannon can also be used to DoS a website, by simply typing in the website you want to DoS in the URL tab, click lock on and then fire the cannon. The pu rpose of DoSing a website is by flooding the target URL with more requests than the server can handle causing the website to crash and to be temporarily unavailable.8.1.1 The ResultFigure 9 Result of a successful DoS on a websiteIf a DoS/DDoS attack is successful on a website then this is normally what youll see when you try to access the website, the DoS attack has clearly crashed the website and caused it to offline.9 Possible PerpetratorsThe Possible perpetrators could be a number of people or organised crime. Even though there is no evidence from the foundation on who was behind the attack or the location it came.9.1 Threat AgentsThe possible threat agents that could have been behind this attack are as followsEmployeesGovernment agenciesHacktivists themes e.g. AnonymousOrganised criminals9.2 Who are the perpetrators?From conducting the query there is no evidence of who was behind the attack and where that attack had come from. Looking at the possible threat agents its very m arvellous that the attack could of come from a government agency or a type of hacktivist group such as anonymous, Lulzsec etc, if the attack came from one of them two types of threat agents the attack could have been a lot more sophisticated and could have caused a lot more damage. The Raspberry Pi Foundation quote that the attacker was probably an angry confused kid which is wanton to believe considering the attack was attempted multiple times throughout that week, but its possible that the attack may not be linked to the same person, it could also be the same attacker with help from others to make sure the attack was successful or it could have been another attacker. The foundation says that the attack was probably for financial gain but there is no scuttlebutt of any data being stolen.10 ConclusionThroughout the report it shows how frightening it is that any sorts of hacker or hacktivist group are ordain to attack anyone. Its scary to think that even charity websites are vuln erable to attacks. Looking at this attack the foundation is lucky that it wasnt attacked by a bigger threat agent from a hacktivist group which could have caused a lot more damage. The report also shows how easy it is to get your hands on the tools that are commonly used, how easy they are to use and how powerful they actually are. The examples of the attacks show how powerful the tools can be, the Low Orbit Ion Cannon sends a high amount of requests to servers and websites in a short space of time.11 ReferencesRaspberry, FAQ. (2009). About Us. lendable http//www.raspberrypi.org/about. stand firm accessed 19/03/2014.E-Crime Wales. (2011). What is e-Crime?. on tap(predicate) http//www.ecrimewales.com/server.php?show=nav.8856. Last accessed 17/03/2014.Breeden, J. (2012). Hackers new firepower adds firepower to DDOS. Available http//gcn.com/Articles/2012/10/24/Hackers-new-super-weapon-adds-firepower-to-DDOS.aspx?Page=2. Last accessed 18/03/2014.Expert, Hacker Home. (2012). Latest Me thods of DDoS attacks. Available http//experthackershome.blogspot.co.uk/2012/07/ddos-attacks-in-2012-latest-method-of.html. Last accessed 18/03/2013.E-Crime, Wales. (2011). Botnets Explained. Available http//www.ecrimewales.com/server.php?show=nav.9390. Last accessed 26/03/2014.Coreo Network Security. (2012). How to stop DDoS Attacks. Available http//www.corero.com/en/products_and_services/dds. Last accessed 27/03/2014.ComputerWorld Inc. (2004). How to defend against DDoS attacks. Available http//www.computerworld.com/s/article/94014/How_to_defend_against_DDoS_attacks. Last accessed 27/03/2014.Bull Guard. (2012). What are DoS and DDoS attacks?. Available http//www.bullguard.com/bullguard-security-center/internet-security/internet-threats/what-are-dos-and-ddos-attacks.aspx. Last accessed 20/03/2014.Verisign. (2012). What is a DDoS attacks?. Available http//www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/ddos/ddos-attack/index.xhtml. Last accessed 20/ 03/2014.Incapsula. (2012). DDoS Attack Types. Available http//www.incapsula.com/ddos/ddos-attacks. Last accessed 20/03/2014.rafayhackingarticles. (2012). Apache Killer. Available http//www.rafayhackingarticles.net/2011/08/zero-day-dos-vulnerability-in-apache.html. Last accessed 23/03/2014.Hoffman, S. (2011). Apache Killer Tool Exploits DoS Flaw. Available http//www.crn.com/news/security/231600200/apache-killer-tool-exploits-dos-flaw.htm. Last accessed 23/03/2014.1