A few days ago a reported the attack conducted by the black hat hacker Cryptolulz (
@Cryptolulz666), a former member of the Powerful Greek Army, who hacked the website of Russian embassy of Armenia (www.embassyru.am). He hacked the website of Russian embassy of Armenia to create awareness amongst the authorities, the hacker confirmed me that he used a blind SQL Injection vulnerability.
Now Cryptolulz is back, he wanted to demonstrate that it is very simple for hackers, even small groups, to launch a massive DDoS attack against any target.
Yesterday he first launched a DDoS attack against the website http://italiastartupvisa.mise.gov.it/ belonging to the Italian Government.
It was just testing his own botnet, then later he targeted the website of the Russian Federal Drug Control Service liquidation commission.
The Russian website was down for several hours.
When I asked a comment he told me:
He launched a DDoS attack leveraging on the NetBIOS amplification technique. NetBIOS is a protocol used in computer software to allow applications to talk to each other via LAN networks.
The hacker scanned roughly 10 % of the Internet searching for potential bots to use in the attack and he found 2 million bots.
“which is pretty perfect for amp vectors..” he told me.
He confirmed me to have shut down the site of the Russian government with a single shot and maintained it down for hours.
In this specific attack he other two spoofing server in order to guarantee a stable malicious traffic against the target, and he made this with python scripts.
“I used another two spoofing servers to launch dos attacks with my self-coded python scripts.” he added.I did it to create awareness among the authorities and users of the website.
I did it to create awareness among the authorities and users of the website.
He confirmed me that he will target other government websites in next attacks, always for the same reason.
“you see the government don’t care about security so we gonna exploit it hard.” added Cryptolulz666
(Security Affairs – Cryptolulz666, hacking)