24-12-2015, 18:14 #1
[EN] NIC.TR Under Massive DDoS AttackSince last Monday, Turkey has been experiencing a massive cyberattack targeting the country’s official domain servers ending with Turkey’s internet code, .tr. NIC.tr’s five nameservers, ns1.nic.tr through ns5.nic.tr, were completely down under a 40 Gigabits per second DDoS attack, which caused massive disruption of service all over the country. Over 400,000 websites including over 300,000 businesses were affected including universities, government institutions, schools and the military.
So far, decentralized hacktivist group Anonymous has claimed responsibility for the attack. In an uploaded video, the hacktivists said that the DDos attack was sent as a message to Turkey for the country allegedly supporting and aiding the Daesh or ISIS/ISIL terrorist group and also for promoting mass censorship in blocking websites such as YouTube, Rapidshare, Fileserve, and Google services. In response, a local paper in Turkey has reported that 12 members were arrested in connection to Anonymous.
24-12-2015, 18:17 #2
Massive DDoS Cloud Rains On TurkeySince the beginning of the week on Monday, Turkey has been inundated with a barrage of DDoS attacks targeting the country’s official domain name servers. Altogether, hundreds of thousands of websites including those of universities, government institutions, schools and the military have been affected.
The attacks began early Monday morning. The domain names ending with Turkey’s Internet code, .tr were starting to feel the brute force of a relentless DDoS attacks.
The Daily Dot reports that all websites with the suffix .tr have to be registered with the administrative body NIC.tr, based in Ankara, Turkey’s capital city. Nic.tr is also tasked with looking over the academic internet backbone of the country, with universities also registering their websites with the admin body.
A few hours into Monday, by noon, all of NIC.tr’s five name-servers, all the way from ns1.nic.tr through to ns5.nic.tr were knocked offline with a 40 Gbps DDoS attack.
Altogether, about 400,000 websites are said to be affected. Those of localized Turkish domain names that also include 300,000 companies.
By evening on Monday, Turkey’s National Response Center for Cyber Events shut down all international incoming traffic to NIC.tr to basically provide a blackout for all those trying to reach Turkish domains with .tr from outside the country.
The significant move kept even email communications at bay, with any emails addressed to companies or university emails with the .tr domain bouncing back. Although the Response Center changed the policy by late Monday night, NIC.tr is selectively blocking a range of suspect IP addresses from around the world.
Simple and yet Sophisticated
While a 40 Gigabits per second DDoS attack may sound massive, renowned security expert and blogger Brian Krebs sums up “the new normal” of DDoS attacks to range between 200-400 Gigabits per second.
Although not substantial like some of the larger attacks, the DDoS attacks targeting Turkey is destructive due to the targets chosen. Essentially, targeting the five name-servers of NIC.tr, a small group of IP addresses –relatively speaking—had the attacks “take down the DNS system” of an entire country, as reported by the publication.
While it is hard to detect or even prove where an attack if coming from (they’re distributed), commentators from Turkey are firmly pointing the finger at Russia. The recent downing of a Russian fighter jet by Turkey near Syrian borders has resulted in heightened diplomatic tensions between the two countries. Russia even claimed that Turkey’s President is directly involved in illegal oil trade with radical extremist group ISIS. Russian President Vladmir Putin claimed that the downed plane was one mandated to attack ISIS targets in Syria.
Even Hacked was the target of a DDoS attack in recent times, one which came in with a ransom demand from the attacker. We mitigated it with better DDoS protection and we’re now offering a reward for those who can help us find the attacker.
24-12-2015, 18:23 #3
Turkish nameservers hit with massive DDoS attackSince Monday morning, the country's official domain name servers have been under a Distributed Denial of Service (DDoS) attack. The attack’s perpetrators are unknown, but it reveals the vulnerabilities of the country’s Internet infrastructure.
All domain names that end with Turkey’s two-letter country code .tr must be registered by NIC.tr, an administration office in Turkey’s capital of Ankara. Besides its registration duties, NIC.tr maintains the academic internet backbone for Turkish universities. It’s also the main service for .tr domain names, making it a valuable target.
On Monday morning Turkish time, traces of an attack became noticeable. By noon, NIC.tr’s five nameservers, ns1.nic.tr through ns5.nic.tr, were completely down under a 40 Gigabits per second DDoS attack.
Europe’s regional Internet registry, the RIPE Network Coordination Centre, serves as a secondary Domain Name System to Nic.tr. RIPE was also severely affected. As noted by its manager of the Global Information Infrastructure, Romero Zwart, the attack was “modified to evade” RIPE's mitigation measures. As of this writing, the attack is still going on at around 40 Gbps, disrupting working hours in Turkey.
DDoS attacks, which overload servers with requests for information, are a simple way of disrupting a website for a brief amount of time. The cost of hiring attacking botnets, huge armies of compromised computers that can all visit a site at the same time, is getting cheaper, and the size of attacks is growing each year. In 2013, an average DDoS attack was about 2 Gbps. In 2014, it’s nearly 8 Gbps.
By focusing on a relatively small group of IP addresses, the five nameservers of NIC.tr, the attackers managed to “take down the DNS system of a whole country with a 40 Gbps attack:”
As the country’s official domain suffix, .tr domain names are very popular in Turkey, and many local companies want their businesses officially recognized for their local audience. There are about 400,000 websites with localized Turkish domain names, including 300,000 companies. It's also used by government institutions, schools, municipalities, Turkish e-mail servers, and the Turkish military.
When the attack left NIC.tr’s DNS service non-responding, practically all .tr domain names became unreachable. Besides the private Turkish companies, official government businesses such as vital population registry queries, remained interrupted for more than a day. Internet access at university campuses are still down or extremely slow.
On Monday evening, Turkey’s National Response Center for Cyber Events closed all incoming traffic to NIC.tr from outside of Turkey, which made 400,000 websites with .tr domain names unreachable from the rest of the world, all e-mails sent to companies and organisations with .tr domains bounced back with the “unknown host” error.
Response Center changed its policy late Monday night, and NIC.tr has since been running a selective block policy for a number of suspected root IP addresses. DNS service for .tr domains were also re-configured to distribute the queries among public and private servers, including a Turkish Internet service providers Superonline and Vodafone.
It’s notoriously difficult to attribute where a cyberattack comes from. Many Turkish commentators have pointed to Russia as the source of the attack. Russia’s cyber warfare capabilities are an established weapon, believed to be used against Estonia in 2007, Georgia in 2008, and Ukraine in 2014.
With Turkey’s recent downing of a Russian jet near Syrian border, and with the ongoing troll wars between Erdoğan’s and Putin’s social media campaigners, DDoS botnets could be the next battleground. Some experts have speculated this is a response to Turkey’s nationalist cyber teams, who stand accused of organising a DDoS attack on Russia’s Sputnik news.
24-12-2015, 18:26 #4
Anonymous Claims Responsibility For DDoS Attack on Turkish Nameservers
The reason behind the attack is that Turkey is allegedly supporting and aiding the Daesh/ISIS/ISIL terrorist group.
The online hacktivist Anonymous has claimed the responsibility for a massive 40Gbps DDoS attack on Turkish DNS Servers under NIC.tr — The reason behind the attack is that Turkey is allegedly supporting and aiding the Daesh or ISIS/ISIL terrorist group.
In a video uploaded by Anonymous, the hacktivists said that their attack on Turkish servers was part of their ongoing operation #OpISIS.
According to the video message, “We won’t accept that Erdogan, the leader of Turkey, will help ISIS any longer. The news media has already stated that Turkey’s Internet has been the victim of massive DDOS attacks. This lead Turkey to shut down it’s internet borders and deny anybody outside the country to access Turkish websites.”
The hacktivists also warned the government that if Turkey didn’t stop aiding Daesh or ISIS the attacks will continue and target airports, banks, government and military servers.
“If you don’t stop supporting ISIS, we will continue attacking your internet, your root DNS, your banks and take your government sites down. After the root DNS, we will start to hit your airports, military assets and private state connections. We will destroy your critical banking infrastructure. Stop this insanity now Turkey. Your fate is in your own hands,” said Anonymous.
The cyber attack on Turkish root DNS servers took place last week which forced 40,000 .tr domains to go offline. Though the targeted domains were back online they same day however the accesses to those sites was kept limited.
The state of Turkey has been accused of aiding and buying oil from the Daesh terrorist group. Some also accuse Turkey of being a safe passage for the groups recruitment in Syria.
24-12-2015, 18:29 #5
Turkey Arrests 32 Anonymous Hackers for DDOS AttacksTurkey responded to the hacking group Anonymous with 32 arrests following attacks on government websites, according to the country's state-run news agency.
The Anadolu Agency wrote the alleged Anonymous members were arrested in 12 cities, including Ankara and Istanbul.
Turkey is the latest country to make arrests connected with Anonymous, a decentralized group of activists who conduct distributed denial-of-service attacks (DDOS) against organizations and businesses that the group opposes. The attacks seek to make websites unavailable.
On Friday, Spain said it concluded its first policing action against Anonymous, arresting three people who allegedly directed DDOS attacks on banks, government websites and companies including Sony.
Also on Friday, Anonymous said through its website, AnonOps Communications, that its attacks against Turkish government websites were in protest of "plans to implement a filter on Internet browsing" in August. Activists took to the streets in 30 cities in Turkey in May to protest the plans.
"Over the last few years, we have witnessed the censorship taken by the Turkish government, such as blocking YouTube, Rapidshare, Fileserve and thousands of other websites," according to the statement. "Most recently, the government banned access to Google services. These acts of censorship are inexcusable."
Anonymous said the strikes will be executed using the Low Orbit Ion Cannon, an easy-to-use tool for DDOS attacks but one that security experts has said is not difficult for law enforcement to trace who is using it.
Targets included Turkey's telecommunications directorate, which appeared to be offline on Monday morning, and the country's social security institution, Anonymous wrote.
25-12-2015, 15:08 #6
Cyber attack hits Turkish banks, transactions
Three of Turkey's largest banks are the latest targets of a week-long cyber-attack on the country's “.tr” domains, media outlets reported on Thursday.
December 24, 2015, Thursday/ 18:28:12/ TODAY'S ZAMAN / ISTANBUL
The websites of private banks İş Bankası and Garanti as well as the state-run Ziraat Bankası went partly offline on Thursday and banking operations via smartphone apps were not available, sources said. Others said that point of sale (POS) machines for these banks were also out of order on Thursday.
The banks were not immediately available for comment.
The reported malfunction in banking servers follows reports on Wednesday that since Dec. 14, Turkish Internet servers have suffered from one of the country's most intense cyber-attacks to date.
Over the weekend, hacking group Anonymous claimed responsibility for a massive distributed denial of service (DDoS) attack on Turkish DNS servers under NIC.tr. Accusing the country's leaders of supporting the Islamic State of Iraq and the Levant (ISIL), Anonymous also warned the Turkish government that if Turkey didn't stop “aiding” ISIL, the attacks would continue and target airports, banks, the government and military servers. “If you don't stop supporting ISIS [another acronym for ISIL], we will continue attacking your internet, your root DNS, your banks and take your government sites down. After the root DNS we will start to hit your airports, military assets and private state connections. We will destroy your critical banking infrastructure. Stop this insanity now Turkey. Your fate is in your own hands,” said Anonymous.
Turkish university under fire defends measures against cyber attack
The Ankara-based Middle East Technical University (ODTÜ), which is responsible for operating the main Internet domain in the country, defended itself on Thursday from government criticism over its response to the cyber-attacks Turkey has been facing.
One of the most prestigious universities in the country, ODTÜ has attracted criticism from Transportation, Maritime Affairs and Communications Minister Binali Yıldırım on Wednesday regarding the intense cyber attack Turkey has been experiencing since last week. Turkish Internet servers continue to suffer from one of the country's most intense cyber attacks to date as a massive flood of traffic hit Turkish Internet servers handling nearly 400,000 websites, including those of government institutions, schools, municipalities, email servers and the military since Dec. 14. ODTÜ has drawn the minister's criticism for failing to take the necessary measures to prevent cyber attacks because it operates the main Internet domain in the country.
"ODTÜ is operating the Nic.tr domain but this is an issue of national security; necessary measures should have been taken against such attacks. … This attack has shown that ODTÜ has not taken the necessary measures. Such attacks are part of daily life; there could be an attack at any moment from anywhere. So we constantly need to take measures and keep our security level high. The matter is a serious one," Yıldırım said on Wednesday.
In response to the criticism, ODTÜ Rector Ahmet Acar said in a written statement that the university has taken the measures defined by universal standards in similar incidents. "We have faced one of the biggest cyber attacks the world has ever seen and our teams have quickly responded to the threats created by organized groups from outside Turkey," Acar said.
The minister also warned that a cyber war could lead to graver consequences than a real war because it happens suddenly and aims to paralyze life completely.
Nic.tr, a nongovernmental body operating under ODTÜ that administers addresses for websites using Turkey's official ".tr" domain, confirmed on Wednesday that intensified cyber attacks have been affecting Turkish servers since Monday. The disruptive traffic, known as Distributed Denial of Service (DDoS) attacks -- in which thousands of computers became specific Internet targets -- resulted in web speeds plummeting for some sites, Nic.tr said.
The minister also noted that the ministry wanted to transfer the operation of Nic.tr to the Technologies and Communications Authority (BTK), but ODTÜ objected to it and even filed a case against the ministry.
"We said, 'Let it stay there,' but we need to act together on measures. We should at least be able to cooperate in cases of such attacks," he said
25-12-2015, 15:41 #7
"Turkey's cyber security should be public office"
ANKARA (AA) - IT Law Association President Kürşat Ergun, due to ODTÜ's cyber attacks can not pass in front of ODTÜ years Nic.tr system it should be transferred to the experts. "This important task concerning Turkey's cyber security and internet infrastructure, as well as commercial purposes should not be the task of a university should become an important public task of a government institution," he said.
Ergun, AA correspondent, developed by ODTÜ and administration of executed Nic.tr system, "tr" Apart from making the sales process of the extension of the domain name, the DNS recalled network is the main router in Turkey.
Government agencies, banks and .tr extension which all web addresses of the DNS request and analysis of the perform Nic.tr system, Ergun Pointing to the need to pursue the new technology in terms of cyber security, used the following statements:
"Specific time intervals leakage test of professional individuals and organizations in the field (penetration testing) by building, measures must be taken according to the report will be released. As long as conducting this operation, all .all extension domain names are at risk in Turkey. In weakness line may occur, e-government transactions and You can disable many important functions, including banking transactions or stopped. except for the suspension of the operation of the system, made redirects to different sources can be traced all the data used in these systems.
ODTÜ under such a serious liability issue if the bet to take measures on issues that will lead to Turkey's negative stance in the world of cyber security consideration. When evaluated from a technical standpoint because these attacks can not pass in front of ODTÜ years Nic.tr system it should be transferred to the specialists. "This important task concerning Turkey's cyber security and internet infrastructure, as well as commercial purposes should not be the task of a university should become an important public task of a government institution."
Última edição por 5ms; 25-12-2015 às 15:51.
25-12-2015, 16:30 #8
Turkish deputy PM slams university in cyberattack rowANKARA - Anadolu Agency
Turkish Deputy Prime Minister Lütfi Elvan has slammed Middle East Technical University (ODTÜ) Rector Prof. Ahmet Acar over the recent cyberattacks targeting websites with the extension “.tr,” saying the rector “fancied himself an emperor” as the row between government and the university continued to intensify with the recent cyber-crisis.
Elvan said on Dec. 25 the university had insisted on managing the targeted DNS servers rather than handing management to Turkey’s IT authority because Prof. Acar “fancies himself an emperor.”
“ODTÜ had taken responsibility for Internet in the international arena. However, we established the Information and Communication Technologies Authority (BTK). The BTK had requested that this responsibility of the ODTÜ should have been handed over to the BTK via the Transportation Ministry. ODTÜ continues to insist on the issue, however, there are legislative regulations on the issue. I guess this rector fancies himself an emperor and everyone should know their place,” Elvan said, speaking at the editor’s desk meeting of the state-run Anadolu Agency.
Elvan reiterated that ODTÜ should hand over responsibility to BTK, defending that the university was not capable of providing national security.
“ODTÜ should hand over the responsibiliy it holds coming from the past to BTK. ODTÜ does not have a structure to provide our national security but it is a university,” Elvan said.
Prof. Acar had previously refuted claims by Turkish Transportation Minister Binali Yıldırım over the recent cyberattacks, saying the university took “necessary measures” during the cyberattack.
However, Yıldırım had blamed ODTÜ over the cyberattacks, saying “insufficient measures” had been taken during the cyberattacks
Meanwhile, Turkish Science and Technology Minister Fikri Işık said necessary measures have been taken over the cyberattacks.
“Most of the necessary precautions have been taken. I am sure that we will not experience such intensive slowdown and access block to the system,” Işık said.
Işık also warned citizens not to open files from unknown sources.
“Nowadays, it will be good not to open Word documents coming from unknown addresses,” he added.
ODTÜ responds to claims
Meanwhile, ODTÜ made a press statement on Dec. 25 over a separate row with the government over an alleged prayer room “provocation” between students.
The university said a brawl, which erupted on Dec. 22, was not caused by insufficient religious places or the prevention of religious practices as was claimed but provocative interventions by an “Islamic State of Iraq and the Levant (ISIL)-like mentality” when new prayer room demands were being evaluated.
A brawl broke out between two groups at the university’s campus on Dec. 22 with one group demanding a new prayer room and another saying those who wanted a new prayer room made “ISIL propaganda.”
The university also said government figures would bear responsibility for any possible attacks against ODTÜ students over their remarks in line with their political intentions, referring to Justice and Development Party (AKP) Ankara deputy Aydın Ünal’s statements in which he said, “We can enter ODTÜ if required, like how we enter Cizre and Silopi,” following the brawl.
The university also vowed not to surrender to such collective provocation, while highlighting that it was up to the university to decide who manages the university amid calls for rector Professor Acar’s resignation on social media.
25-12-2015, 16:53 #9
Turkish banks under cyberattack amid crisis with RussiaHülya Güler – ISTANBUL
The two-week-long cyberattack against Turkey spilled over to the banking sector on Dec. 24, inhibiting access to online banking services of some Turkish banks with wide customer bases.
While the attacks created worries over safety breaches, high-level sources from the banking sector told daily Hürriyet that the hackers did not access the banks’ systems but rather created traffic to prevent customers from accessing their accounts online.
“They are not entering the bank’s system. They just create traffic prohibiting access. To put it simply, they come to the door but do not enter, hence, there are no safety risks,” one senior-level banker said.
“The cyberattacks are not about money but rather an intervention to draw attention,” another source said, asserting the attacks are a form of protest.
Meanwhile, Turkey’s leading Internet service provider, Türk Telekom, told Hürriyet that although it has been under continuous cyberattacks, necessary precautions had been taken to rebuff the attacks.
“We are expecting another big attack from both within and outside Turkey,” the company said, adding that necessary measures had been taken.
The daily volume of digital banking services is estimated at around 1.5 to 2 billion Turkish Liras (US$ 700 milhões), 85 percent of which originates from mobile devices.
The recent attacks come after a feud with Russia over Turkey’s downing of a Russian fighter jet on Nov. 24, allegedly for violating Turkish airspace. Pilot Oleg Peshkov was killed in the attack.
Russia has since started a war of words in addition to a number of economic sanctions targeting Turkey.
Meanwhile, Anonymous has claimed a number of attacks against Turkey over the past two weeks, accusing Turkey of supporting the Islamic State of Iraq and the Levant (ISIL) by allegedly buying oil and hospitalizing their fighters.
Anonymous also threatened to launch more cyberattacks unless Turkey ceases its purported support for the group.
26-12-2015, 08:15 #10
Russian intel spots 12,000 oil tankers & trucks on Turkey-Iraq border
Published on Dec 25, 2015
Oil trucks are crossing Syrian-Turkish bordeline
Published on Dec 25, 2015
“The [aerial] imagery was made in the vicinity of Zakho (a city in Iraqi Kurdistan), there were 11,775 tankers and trucks on both sides of the Turkish-Iraqi border,” Lieutenant-General Sergey Rudskoy told journalists on Friday.
“It must be noted that oil from both Iraq and Syria come through this [Zakho] checkpoint,” General Rudskoy said.
Heavy-duty trucks loaded with oil continue to cross the Turkish-Syrian border as well, Rudskoy said. At the same time, the number of tankers on the northern and western routes used for transporting oil from Syria is declining, the general added.
READ MORE: Russia has ‘more proof’ ISIS oil routed through Turkey, Erdogan says he’ll resign if it’s true
“According to satellite data, the number of oil tankers moving through the ‘northern route’ towards the refinery in the [Turkish] city of Batman has considerably diminished,” Rudskoy said, adding that the number of tankers using the ‘western route,’ between the Turkish cities of Reyhanli [on the Syrian border] and the city of Iskenderun, has decreased to 265 vehicles.
The Russian Air Force in Syria has destroyed about 2,000 tankers used by the Islamists for oil transportation. In the last week, Russian warplanes eliminated 17 convoys of oil tankers and a number of installations used by terrorists for oil extraction and processing.
The Russian Air Force’s effective strikes in Syria have forced the terrorists to look for new routes for crude oil transportation. Today, tankers loaded with oil in Syria’s Deir ez-Zor province, under Islamic State control, are moving towards the Iraqi border in the direction of Zakho and Mosul.
“However, despite a considerable diversion, the finishing point of the trafficking route remains Turkey,” Rudskoy said.