What is DAC ? What are its Benefits for Indians

Digital Address Code (DAC) as address for eKYC, property tax, online shopping !

The Department of Posts, Government of India, is in the process of creating an unique  Digital Address Code (#DAC) as a  proof of address  which can be used for booking an online delivery or for paying property tax.DAC would help in digitally authenticating an address.

--Currently, Aadhaar is commonly used as a proof of address. But the address mentioned on the Aadhaar card cannot be digitally authenticated. 

--DAC would be an unique address identity and is usable by all stakeholders.  DAC is expected to identify each address in the country uniquely and link the address to its geospatial coordinates represented numerically or alphanumerically.

--DAC is proposed as a solution. It would be an input that could be keyed in or captured out of a QR Code by apps of service providers and would be cognizable by digital maps.

--However, in the case of sensitive establishments, the DAC may not be issued or it may be linked to coordinates of a “neighbourhood” or city.

--DAC would be unique for each address i.e. each individual dwelling unit or office or business. For example, each flat in an apartment would get separate DAC. This code would be permanent for each address.

--The proposed DAC would be useful for the logistics and eCommerce industry and also help in targeting social sector benefits to the right beneficiary. As per the proposal, each and every dwelling unit in the country would get a DAC. For this, satellite imagery with 5m resolution has been proposed to be used.

--There will be a process for the verification of DACs. All verified DACs would be eligible for an online address authentication service.

Benefits of DAC:

The draft proposal has listed some of the following benefits of DAC:

1. The proposed DAC would be linked to geospatial coordinates. It will help provide address authentication as an online service.

2. The DAC would help in simplifying the KYC verification process in business sectors like banking, insurance, telecom etc. This would further result in reduced cost of doing business. DAC online authentication combined with Aadhaar authentication would be a truly digital eKYC.

3. The DAC may lead to higher productivity and quality of service in delivery services, especially eCommerce. It would also help reduce eCommerce fraud.

4. DAC is expected to simplify the delivery and implementation of Government Schemes.

5. The adoption of DAC would lead to increased financial and administrative efficiencies across sectors like property taxation, emergency response, disaster management, election management, infrastructure planning and management, census operations and grievance redressal.

6. The DAC is expected to fulfil the requirements put forth regarding 'One Nation One Address' (#ONOA) by the Working Group of Ministers on Employment Generation and Skill Development dated 22nd October 2020.

Deep Web What it is ?

 Deep Web What it is ? 

By Prashant Mali

The surface web is the entire Internet for most users, but it represents a fraction of available content. The surface web is that part of the Internet that is accessible by standard search engines, either by indexing, or through use of the site’s IP address. By contrast, the deep web is unfamiliar to most of the public and is larger by orders of magnitude. 

Characterised as the submerged part of the iceberg, researchers describe the deep web’s size in various and conflicting ways: over 96 percent of content on the world wide web, unguessable, 7500 terabytes, infinite, and 500x the size of the surface web. Although imprecise, these estimates indicate that the deep web contains much more content than the surface web. Generally speaking, the deep web is the content not indexed by standard search engines, like Google.

The only U.S. court that has attempted to define the deep web, described it as follows:

"The portion of the Web that is not theoretically indexable through

the use of “spidering” technology, because other Web pages do not

link to it, is called the “Deep Web.” Such sites or pages can still be

made publically accessible without being publically indexable by,

for example, using individual or mass emailings (also known as

“spam”) to distribute the URL to potential readers or customers, or

by using types of Web links that cannot be found by spiders but can

be seen and used by readers.

The deep web contains all manner of content including text, photographs, videos, and music. Large academic, library, and proprietary databases are stored on the deep web, including core content from the U.S. Patent and

Trademark Office, Thomson Reuters Westlaw, and NASA.

The distinctions between the deep web and the surface web are sometimes imprecise because content on the deep web can be “surfaced” in several ways. Similarly, the deep web can be searched even though it is not indexed like the surface web. While research in the deep web requires considerable technical facility, specialized deep web browsers, like Tor, allow visitors to browse the deep web without having to rely entirely on pre-identified URLs.

The dark web has been characterized as a subset of the deep web. Controversial and illicit transactions reputedly transpire on the dark web, including human trafficking, narcotic sales, and contracts for killings. The dark web relies on anonymity tools to conceal both the seeker and the provider of such services.It is not accessible through surface web browsers like Internet Explorer or Firefox, but is accessible via specialized and anonymized browsers such as Tor or I2P. 

Tor facilitates browsing of dark web services without disclosing the user’s IP address, which would otherwise reveal the user’s network identity and location.

The Tor protocol leverages pseudomains like .onion as well as anonymous introduction points and relays between users, making de-anonymization difficult.

While the dark web and deep web contain criminal elements, both are routinely used for less nefarious purposes by those seeking anonymity. The U.S. Navy uses Tor for intelligence gathering. Journalists pursue controversial leads in the deep web to avoid government monitoring.An array of law enforcement agencies search for illicit conduct using Tor because Tor hides government IP addresses, ensuring covert surveillance.Whistleblowers reveal corporate and governmental malfeasance on the deep web to avoid retribution.

But increasingly, normal Internet users opt for deep web browsing simply for additional privacy. Tor’s website states that Tor “prevents somebody watching your Internet connection from learning what sites you visit, and it prevents

the sites you visit from learning your physical location.” Invasive commercial browsers and search engines cannot monitor, collect, aggregate, and sell user information, like browsing history, if the user is effectively hidden while searching the web. Similarly, governmental surveillance is

rendered substantially more difficult.

Why does India need Data Privacy or Protection Law ?

Why does India need a Data Protection Law?

Apart from appeasing European Union for sharing data with Indian companies, One of the reason is

presently all Data of ours -Search, Emails, Chats of Google, FB, Hotmail, Whatsapp are stored in Californian Servers, USA Jurisdiction.

US Foriegn Intelligence Survivelenace Court (FISA) with a single penstroke court gag order can take all Indian MPs, PMO, Home Minister,MEA's etc Email data and Analyse them for leverage in Intl' Affairs, Thats a severe Threat, #privacy intrusion. 

Not to mention even the Locations of each Citizen,Official in India can be monitored by US NSA analysts as of now with #Whatsapp, Android Phones relaying data back to USA servers. 

Hence a Data Protection Law in India is a need of the Hour.

"How to turn Android Phone or Tablet into a Server"

.You can check it out here - https://joyofandroid.com/use-old-android-phone-as-server/

Is Credit or Debit Card PIN a Electronic Signature as per the Law ?

Is Credit or Debit Card  PIN a Electronic Signature as per the Law ?

For Lawyers across the world, click and wrap agreement i.e. the act of ticking an icon in the shape of a box to accept the terms of a contract can hardly count as a form of signature. In the physical world, that must be right. Similarly, it might be questioned that a personal identity number (PIN) can also be considered to be an electronic signature.

Arguably, the PIN combines two functions. Before considering the two functions, consider the requirements of the bank. The bank needs to satisfy itself that:

1. The card is legitimate (this is difficult to achieve, as the reports about fraud demonstrate), and

2. The card is in the possession of the customer to whom it was issued, or a person authorised by the customer to use the card.

If the bank satisfies itself that its computer systems are interacting with the card issued to the customer (which is not always the case), then the computer system requests the purported customer to undertake one further act to confirm they (or a person authorised by them) have physically inserted the card into the ATM or the point of sale terminal, by keying in the correct PIN. Generally, if the computer systems receive positive results from both interactions, then the bank will permit the person at the ATM or the point of sale terminal to undertake whatever activity they are permitted to do within the terms of the mandate.

The first function of the PIN acts as a means of authentication. The PIN purports to demonstrate that the person that keyed in the PIN knew the correct PIN (there are some forms of attack that do

The first function of a PIN

Prefacenot need the correct PIN – any combination of numbers will act vii to deceive the card issuer that the correct PIN has been keyed in).

Once the computer systems of the bank are satisfied that the card is legitimate and the PIN is the correct PIN of the customer, then the person at the ATM or the point of sale terminal can undertake any activity on the account that is permitted within the mandate and within the limitations of the technology.

The second function of a PIN

The PIN, even though it is offered to the machine before a transaction is effected, acts as a signature to verify a payment or other form of transaction. This means that the presentation of a card to an ATM, and the input of a PIN, is similar to a cheque that is written out by the account holder, signed, and then presented to the cashier at the bank. The customer completes the action necessary to request a payment in advance of the payment being made by the cashier, and then signs the cheque in the presence of the cashier – all before receiving acknowledgment that a transaction has been authorised. This means the PIN is a form of electronic signature.

It might be considered that the action of clicking the ‘I accept’ icon or box, or typing in a PIN are merely a means by which the person agrees to conclude the contract, but the act is not that of appending their electronic signature.
This analysis might be right, but we must recall that the digital world is different to the physical world. Conceptually, some of the forms of electronic signature may not strictly be considered ‘signatures’ in the physical world. Nevertheless, it is a convenient shorthand to refer to some forms of agreeing to enter a contract as an ‘electronic signature’ – at least we can all understand the meaning behind these words, even if the form is not quite what we expect.

Case Law:

Standard Bank London Ltd v. Bank of Tokyo Ltd [1995] CLC 496; [1996] 1 C.T.L.R. T-17 and Industrial & Commercial Bank Ltd v. Banco Ambrosiano Veneto SpA [2003] 1 SLR 221, where a message using an authentication code sent through the SWIFT (Society for Worldwide Interbank Financial Telecommunication) system has the legal effect of binding the sender bank according to its contents, and where a recipient bank undertakes further checks on credit standing or other aspects, it does not detract from this proposition. 

What is ones responsibility as a cardholder?

You, and all your supplementary cardholders, must take all reasonable precautions to prevent the card and the card number, the PIN, or any other security details for the card or account (the “card security details”) from being misused or being used to commit fraud. These precautions include:

• sign the card as soon as it is received and comply with any security instructions;
• protect the card, the PIN, and any card security details;
• do not allow anyone else to have or use the card;
• do not write down the PIN or the card security details nor disclose them to anyone else including the police and/or banks staff;
• do not allow another person to see your PIN when you enter it or it is displayed;
• do not tamper with the card;
• regularly check that you still have your card;
• keep card receipts securely and dispose of them carefully; and
• contact bank about any suspicious matter or problem regarding the use of the card at a terminal.

You must notify bank immediately if:

• your card is lost or stolen; or
• your PIN may have been disclosed; or
• your card is retained by an ATM; or
• your address or contact details have changed

Definition of Electronic Signature in various Countries

USA:
Electronic Signatures in Global and National Commerce Act, 15 U.S.C. §§ 7001-7003. 
ELECTRONIC SIGNATURE. – The term “electronic signature” means an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record. 

CANADA:
The Uniform Electronic Commerce Act provides a single, media neutral, definition of an electronic signature in s1(b):

(b) “electronic signature” means information in electronic form that a person has created or adopted in order to sign a document and that is in, attached to or associated with the document.

 China:

Order No. 24 of the President of the People’s Republic of China, promulgated on and effective since 4 April 2015, amending the 2004 law.  

Electronic Signatures Law of the People’s Republic of China of 2015. Article 2 provides a definition of electronic signature and data message, both of which are widely drafted:

“Electronic signature” in this law means data in electronic form in or affixed to a data message, which may be used to identify the signatory in relation to the data message and to indicate the signatory’s approval of the information contained in the data message.

“Data message” means information generated, sent, received or stored by electronic, optical, magnetic or similar means.
EU:

The Regulation provides the definition of an electronic signature in article 3(10)
‘electronic signature’ means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign;

India:

Sec 2 (ta) of Information Technology Act 2000 had defines electronic signature as
“Authentication of any electronic record by a subscriber by means of the electronic technique specified in the second schedule and includes digital signature.”
The definition of electronic signature includes digital signature and other electronic technique which may be specified in the second schedule of the Act, thus an electronic signature means authentication of an electronic record by a subscriber by means of electronic techniques. The adoption of ‘electronic signature’ has made the Act technological neutral as it recognizes both the digital signature method based on cryptography technique and electronic signature using other technologies.

IoT Malware and its Types 2017

IoT Malware Types Revealed 

The Internet of Things (IoT) is creating a new environment where malware can be used to create powerful botnets. Recently, IoT devices have been used to create large-scale botnets—networks of devices infected with self-propagating malware—that can execute crippling distributed denial-of-service (DDoS) attacks. IoT devices are particularly susceptible to malware, so protecting these devices and connected hardware is critical to protect systems and networks.

Linux.Darlloz

The Linux.Darlloz was discovered in late 2013. The worm exploited an old PHP vulnerability (CVE-2012-1823) to access a system, it escalated privileges through default and common credential lists, it propagated through the network, and it established a backdoor on the system. While the original malware only infected computers running Intel x86 chip architectures, other versions were designed to target ARM, PPC, MIPS and MIPSEL chip architectures commonly used in IoT devices. The worm also scanned systems for Linux.Aidra and attempted to remove any files related to the threat and to block any ports used by Aidra for communication [1].

Aidra

Aidra was discovered after the publication of the 2013 research paper that described the results of the 2012 Internet Census. The malware was designed to search for open telnet ports that could be accessed using known default credentials [2]. According to its author, Federico Fazzi, the malware was introduced in early 2012 as an IRC-based mass scanning and exploitation tool. The code can be compiled for MIPS, MIPSEL, ARM, PPC, x86/x86-64 and SuperH. Aidra is designed to target IoT devices that run embedded forms of Linux with active Telnet connectivity and default or no password. Some variants of Aidra can retrieve router passwords through the /cgi-bin/firmwarecfg bug found on some outdated D-Link and Netgear devices.

The malware attempts to connect to a telnet port using default credentials and if it succeeds, it downloads and executes a script called getbinaries.sh, which removes other malware binaries and prevents the device from being compromised by other competing malware. Some variants attempt to change the device credentials. Malware binaries are downloaded to /var/run, /var/tmp, /var/etc. Consequently, the malware can be removed by rebooting the device because the directories are stored in RAM. Then the infected device connects to an IRC server, joins a channel, reads a topic, and follows the instructions. Aidra is capable of scanning, flooding, and spoofing targets randomly or recursively. Further, its code can be easily tailored to a threat actor’s needs [3].

Qbot/ Qakbot

Qbot is a network-aware worm capable of harvesting credentials and creating backdoors [4]. The Qbot malware, first discovered around 2009, continues to be adapted and employed by script kiddies and cybercriminals [5]. Qbot leverages the Rig exploit kit against vulnerable websites to gain write access on the backend and to inject malicious JavaScript onto the site. To avoid suspicion, the malicious JavaScript may be appended onto the beginning or end of a legitimate JavaScript. The Rig exploit kit is a two-tier model consisting of a gate and a landing page. While a new set of domains are used for each IP address, the dense population of each IP address with many subdomains allows for a degree of undesired visibility into the botnet structure. The majority of the gate and landing page domains are registered through GoDaddy accounts; many of which are believed to be exploited compromised accounts. The Rig Gate URL returns the main_color_handle variable is returned. It contains a large string of characters that are used to determine the Rig exploit kit landing page. The string is passed through a function that replaces all illegal characters in HEX notation (0-9 and a-f) and then translates the result to ASCII and embeds the current page with an i frame with the landing page loaded with the exploit. Random variable names, dynamically generated from the Rig Gate URL contained in the kit, are used in the malicious script to obfuscate the functionality.

Users’ Windows sessions are injected with the malware via a watering-hole attack or a drive-by download; alternately, modified Qbot derivatives deliver the malware through malicious emails. Once installed on the system, the malware runs a network speed test and it sends an initial beacon, containing a list of installed software, user privileges, and the infected network external IP address, to the FTP server. The malware injects itself into a running explorer.exe process and it infects processes as they start up. The bot injects a DLL into processes that will extract its strings, configuration, APIs, and critical strings block into heap-allocated buffers, when run. Qbot contains its configuration parameters, such as FTP credentials, C2 settings, and timestamps, in an internal table. The malware places system-wide inline hooks to intercept or modify network traffic, to modify or redirect browser queries, to infect new processes, and to hide its presence. Qbot uses a domain generation algorithm for all C2 communications [31].

Upon installation, modern variants contact the C2 infrastructure to receive instructions, to update, and to mutate the appearance of the malware by self-recompiling or self-re-encrypting the malware as a server-based polymorphism, an obfuscation mechanism meant to confound anti-malware application and research efforts. The server-based polymorphism enables Qbot to avoid most anti-virus products because the malware updates itself to a new version every few days, and re-encrypts itself to remain undetectable for long periods of time. The malware can detect whether it is running in a Virtual Machine sandbox and it can alter its behavior to avoid detection [32].

Once Qbot has infected a system, it begins harvesting credentials contained in Windows Credential Store (Outlook, Windows Live Messenger, Remote Desktop, Gmail Messenger) and password stored by the Internet Explorer credential manager. Further credentials are sniffed from network traffic. The attackers can use the stolen credentials and system information to access FTP servers or to infect vulnerable websites to further spread the malware [32]. Qbot attempts to spread to open shares across the network through brute force password attempts or through attempts to access the Windows Credential Store. Qbot is also capable of intercepting browser information, such as banking information, and writing the data into named pipes and then sending it to a remote server [31].

Over a two-week investigation, BAE Systems discovered over 54,517 machines infected in a Qbot botnet. Most these systems (85%) were located in the United States. The explosive popularity of Mirai and subsequent oversaturation of the IoT threat landscape has led to a decline in Qbot botnets. 

BASHLITE/ Lizkebab/ Torlus/ gafgyt

BASHLITE botnets are responsible for enslaving over 1 million devices. One security firm estimates that of compromised devices, 95 percent were IP cameras or DVR units, 4 percent were home routers, and less than 1 percent were Linux servers. DVRs are high value bots because the devices are configured with open telnet and other web interfaces, often rely on default credentials, and are able to process high bandwidth, as is required to stream video. The majority of the infected devices were located in Taiwan, Brazil, and Columbia. Due to compartmentalization, the size of a monitored botnets is often difficult for security researchers to estimate. Oppositely, the C2 IPs associated with campaigns are often hardcoded into the malware and are easier to monitor [33].

The BASHLITE source code was leaked in early 2015 and has since been adapted into over a dozen variants. The malware conducts two scans to discover vulnerable devices to infect. The first attack vector utilizes the bots to port scan IP ranges for telnet servers and then it instructs them to brute force credentials in order to access and infect the device. The second attack vector employs external scanners to detect vulnerable devices and then infects those devices by using brute force on the credentials, by exploiting known security vulnerabilities, or by leveraging another attack vector [8]. Once the attacker has compromised a device, the malware tools execute the “busybox wget” and “wget” commands to retrieve the DDoS payloads. The malware does not identify the architecture of the compromised device; instead, it attempts to run different versions that have been compiled for different architectures, until one executes. Most BASHLITE attacks are simple UDP and TCP floods, though the malware does support a less used feature to spoof source addresses and some variants support HTTP attacks [6]. BASHLITE is a predecessor to Mirai, and the botnets are now in direct competition for a diminishing pool of vulnerable IoT devices

 [7].

Mirai

Mirai’s (Japanese for "the future") name comes from the discovered binaries having the name “mirai.()” and was initially discovered in August. It arrives as an ELF Linux executable and focuses mainly on DVRs, routers, web IP cameras, Linux servers, and other devices that are running Busybox a common tool for IoT embedded devices.

Mirai uses the default password for the telnet or SSH accounts to gain shell access. Once it’s able to get access to this account, it installs malware on the system. This malware creates delayed processes and then deletes files that might alert antivirus software to its presence. Because of this, it’s difficult to identify an infected system without doing a memory analysis.

Mirai opens ports and creates a connection with bot masters and then starts looking for other devices it can infect. After that, it waits for more instructions. Since it has no activity while it waits and no files left on the system, it is difficult to detect.

The low detection ratio can also be explained by the Mirai feature to delete all malware files once it successfully sets the backdoor port into the system. It leaves only the delayed process where the malware is running after being executed.

Mirai is a piece of malware that infects IoT devices and is used as a launch platform for DDoS attacks. Mirai’s C&C (command and control) code is coded in Go, while its bots are coded in C.

Like most malware in this category, Mirai is built for two core purposes:

• Locate and compromise IoT devices to further grow the botnet.
• Launch DDoS attacks based on instructions received from a remote C&C.

To fulfill its recruitment function, Mirai performs wide-ranging scans of IP addresses. The purpose of these scans is to locate under-secured IoT devices that could be remotely accessed via easily guessable login credentials—usually factory default usernames and passwords (e.g., admin/admin).

Mirai uses a brute force technique for guessing passwords a.k.a. dictionary attacks.

On September 30, 2016, a script kiddie using the moniker “Anna-senpai” posted the Mirai source code on Hack Forums, in a claimed attempt to “retire” due to acquired wealth and due to a dissolving botnet base resulting from ISP intervention. 

Investigation of the attack uncovered 49,657 unique IPs which hosted Mirai-infected devices. these were mostly CCTV cameras—a common exploit of DDoS botnet herders. Other victimized devices included DVRs and routers.

Overall, IP addresses of Mirai-infected devices were spotted in 164 countries, appearing even in such remote locations as Montenegro, Tajikistan and Somalia

How to Prevent Infection

To prevent infection:

• Stop the telnet service and block TCP port 48101 if you’re not currently using it
• Set Busybox execution to be run only for a specific user
• Scan for open telnet connections on your network

Mitigation

In order to remove the Mirai malware from an infected IoT device, users and administrators should take the following actions:

• Disconnect device from the network.
• While disconnected from the network and Internet, perform a reboot. Because Mirai malware exists in dynamic memory, rebooting the device clears the malware.
• Ensure that the password for accessing the device has been changed from the default password to a strong password. 
• You should reconnect to the network only after rebooting and changing the password. If you reconnect before changing the password, the device could be quickly reinfected with the Mirai malware.

Preventive Steps

In order to prevent a malware infection on an IoT device, users and administrators should take following precautions:

• Ensure all default passwords are changed to strong passwords. Default usernames and passwords for most devices can easily be found on the Internet, making devices with default passwords extremely vulnerable.
• Update IoT devices with security patches as soon as patches become available.
• Disable Universal Plug and Play (UPnP) on routers unless absolutely necessary.
• Purchase IoT devices from companies with a reputation for providing secure devices.
• Consumers should be aware of the capabilities of the devices and appliances installed in their homes and businesses. If a device comes with a default password or an open Wi-Fi connection, consumers should change the password and only allow it to operate on a home network with a secured Wi-Fi router.
• Understand the capabilities of any medical devices intended for at-home use. If the device transmits data or can be operated remotely, it has the potential to be infected.
• Monitor Internet Protocol (IP) port 2323/TCP and port 23/TCP for attempts to gain unauthorized control over IoT devices using the network terminal (Telnet) protocol.(link is external)
• Look for suspicious traffic on port 48101. Infected devices often attempt to spread malware by using port 48101 to send results to the threat actor.

References :

[1] "The Internet of Things: New Threats Emerge in a Connected World," in Symantec, Symantec, 2014. [Online]. Available: https://www.symantec.com/connect/blogs/internet-things-new-threats-emerge- connected-world-0. Accessed: Oct. 25, 2016.

[2] M. Mimoso, C. Brook, and T. Spring, "New IoT Botnet Malware borrows from Mirai," Threatpost, 2016. [Online]. Available: https://threatpost.com/new-iot-botnet-malware-borrows-from- mirai/121705/. Accessed: Nov. 1, 2016.

[3] "Lightaidra 0x2012," in House of Vierko, 2012. [Online]. Available: http://vierko.org/tech/lightaidra- 0x2012/. Accessed: Nov. 10, 2016.

[4] "The Return of Qbot," in BAE Systems, 2016. [Online]. Available: https://resources.baesystems.com/pages/view.php?ref=39115&k=46713a20f9. Accessed: Oct. 26, 2016.

[5] G. Cluley, "Mutating Qbot worm Infects over 54, 000 PCs at organizations worldwide," in Tripwire, Tripwire, 2016. [Online]. Available: https://www.tripwire.com/state-of-security/featured/qbot- malware/. Accessed: Oct. 26, 2016.

[6] T. Spring, K. Carpenter, and M. Mimoso, "BASHLITE family of Malware Infects 1 Million IoT devices," in Threat Post, Threatpost, 2016. [Online]. Available: https://threatpost.com/bashlite-family-of- malware-infects-1-million-iot-devices/120230/. Accessed: Oct. 25, 2016.

[7] B. Krebs, "Source code for IoT Botnet ‘Mirai’ released," in KrebsonSecurity, 2016. [Online]. Available: https://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-released/. Accessed: Oct. 23, 2016. 

[8] B. Krebs, "KrebsOnSecurity hit with record DDoS," in KrebsonSecurity, 2016. [Online]. Available: https://krebsonsecurity.com/2016/09/krebsonsecurity-hit-with-record-ddos/. Accessed: Oct. 23, 2016.

Compiled Version by Author