Hackers Cause Massive Web Outages, Skim Republican Donors' Credit Cards; WikiLeaks Founder Has No Internet Access

This week's security incidents may have a big financial impact. Catch up on ThreatWatch, our regularly updated index of cyber happenings. 

Widespread Outage of Popular Sites Because of DDoS Attacks

If Twitter is down, where do the masses go to complain when their other favorite websites aren’t loading?

Early Friday, Domain Name System provider Dyn confirmed it was experiencing a massive distributed denial-of-service attack, resulting in many slow-loading sites for its customers.

DNS providers map the human-friendly website addresses to the IP addresses, and an attack on such a provider can prevent users from connecting to websites.

Threatpost reported Twitter, Etsy, GitHub, SoundCloud, Spotify, Heroku, PagerDuty and Shopify all had extremely slow loads on Friday.

Though Dyn reported services were restored at 13:20 UTC, the company later posted its engineers were monitoring and mitigating another attack.

The company has not attributed these attacks to any source. However, KrebsOnSecurity.com pointed out it follows a Dyn researcher’s presentation about a DDoS mitigation firm with a history of hijacking internet addresses, though the site did not attribute the Dyn attacks to any of the companies mentioned in the presentation.

Dark Reading reported some security experts thought Russian nation-state hackers could be testing DDoS capabilities to disrupt news coverage for the presidential election.

Credit-Card Skimming Malware Found on Senate Republican Fundraising Site

A Dutch developer found credit card-stealing code on a site to raise funds for Republican senators, according to a report.

Developer Willem De Groot found code on the National Republican Senatorial Committee’s store that skimmed donors’ first and last names, email address, billing address, employer details, occupation, card type, card number, card expiration and security identification number, according to CSO Online.

NRSC’s site has been cleaned up, but De Groot estimates it was infected between March 16 and Oct. 5. The code sent the stolen data to various domains, including one hosted by Dataflow, a company associated with various illicit services like money laundering, spamming and phishing.

NRSC’s store is among roughly 5,900 e-commerce sites De Groot identified running one of nine variants of the malicious JavaScript code, which suggests multiple people or groups are involved, according to an Ars Technica report.

“This attack is mainly impacting U.S. East and is impacting Managed DNS customers in this region,” Dyn posted on its status site.

WikiLeaks: Ecuador Cut Off Assange's Internet Access

The founder of WikiLeaks can’t access the internet.

WikiLeaks tweeted Monday a “state party” severed Julian Assange’s access and the organization “activated the appropriate contingency plans.” The group later tweeted Ecuador cut off Assange's internet "shortly after the publication of Clinton's Goldman Sachs speechs [sic]."

Assange has been in living in the Ecuadorian Embassy in London for four years since Sweden issued a warrant for his arrest.

The tweets so far are the only confirmation of the loss of internet access, and BBC reports a woman at the embassy said she could not disclose any information.

The evening prior the WikiLeaks account tweeted out multiple messages with 64-character codes that lead some Twitter and Reddit users to speculate Assange was dead (he's not, according to this WikiLeaks volunteer). The tweets also reference U.S. Secretary of State John Kerry, Ecuador and UK FCO, likely the U.K. Foreign and Commonwealth Office. The codes are a cryptographic scheme to prove unreleased materials haven’t been tampered with, according to Gizmodo.

WikiLeaks has been releasing batches of emails from John Podesta, Hillary Clinton’s campaign chairman, and transcripts of Clinton's speeches. During a recent video chat Oct. 4, Assange said the organization plans to release election-related documents every week for the next 10 weeks.