Group used 30,000-node botnet in MasterCard, PayPal attacks
IDG News Service - PayPal's website was hit late Wednesday by two botnets as online activists continued their Web attacks on companies that have severed their relationships with WikiLeaks.
The activists have recruited volunteers, who have banded their computers into a distributed denial of service (DDoS) botnet, but they are also using hacked machines to carry out these attacks, said Sean-Paul Correll of threat researcher Panda Security. "Today we observed over 3,000 computers in the voluntary botnet, but we also have knowledge of a 30k node botnet," he said.
This botnet infects computers via peer to peer filesharing systems, but it can spread via Microsoft Messenger and USB sticks as well, he said. Panda is trying to get a sample of the botnet code to analyze.
PayPal was hit late Wednesday afternoon, Pacific time, and the Paypal.com address was unresponsive into early Thursday morning. "There have been attempted DDoS attacks on paypal.com this week," said company spokesman Anuj Nayar. "The attacks slowed the website itself down for a short while, but did not significantly impact payments."
PayPal's blog had been hit earlier in the week, but the main Paypal.com website was down for at least several hours Wednesday, and www.paypal.com was affected too, although less seriously. Unlike Visa and MasterCard, the website is critical to PayPal's business. Customers need the website to send money to other PayPal users.
Paypal wasn't the only company to have some payments affected, however. MasterCard's SecureCode service -- used to add a security code for use in online transactions, similar to a PIN (personal identification number), also suffered a disruption Wednesday, said MasterCard spokesman James Issokson. "There were some operational issues and they have been resolved," he said.
Representatives of the Anonymous group's Operation Payback said that they were responsible for this disruption. They believe that MasterCard's Web servers may have shared resources with the SecureCode system. In a MasterCard advisory,published on the Securetrading blog, MasterCard said that a directory server had failed.
Both MasterCard and Visa also had their public websites knocked offline by a "hive" of as many as 3,000 activists who had downloaded Web-attacking software, which was then turned on different websites.
For several months now, Operation Payback has gone after websites belonging to organizations that have cracked down on unlicensed music and movie copying -- the Motion Picture Association of America (MPAA) and the Recording Industry Association of America (RIAA). This week, the project took up cyber arms against companies that have cut business ties with WikiLeaks, making it harder for the website to raise money and continue operations. They have also hit websites belonging to WikiLeaks critics such as U.S. Senator Joseph Lieberman and former Alaska Governor Sarah Palin.
- NSA used 'European bazaar' to spy on EU citizens
- Target CIO resigns following breach
- Evan Schuman: Mobile IT Roach Motel: Data checks in, but it won't check out
- Sears finds no evidence of data breach -- yet
- Gameover malware is tougher to kill with new rootkit component
- Mobile app for RSA Conference exposes personal data
- UK man charged with hacking Federal Reserve
- Bloomberg clamps down with data-access policies after scandal
- Amazon.com security slip allowed unlimited password guesses on mobile apps
- Huge turnout at RSA shows hackers are winning
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- IDC Report: The Future of eMail is Social This paper discusses the changing nature of collaboration and work fueled by the social Web by examining current email trends and the emergence...
- The Business of Social Business Social business represents a significant transformational opportunity for organizations. Read this whitepaper to learn more.
- Six Ways Your Small Business Can Save with Internet Phone Service Traditional phone systems present two main problems for businesses: limited features and high costs. As a result, small businesses are migrating to Internet...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- Supercharge Your Web and Mobile App Development with High-Productivity Hybrid Cloud Webinar: Hear from industry experts about the amazing power at the intersection of next-generation web and mobile application development and cloud platforms.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Internet White Papers | Webcasts