Timeline of Opisrael

After the ceasefire of the 21st of November, the cyber attacks against Israel, executed in name of OpIsrael, have come to a break.

The contemporaneous ceasefire in the real world and in the cyber space has confirmed the two dimensional nature of this conflict. A conflict in which even the social media played a crucial role: IDF chose Twitter to make the first official announcement of the airstrike that killed Ahmed Al-Jaabari, and subsequently during the stages of operation Pillar of Defence Twitter has been intensively used by the two opposite factions for actions of propaganda, psyops, and even to divulge official news of the war operations.

Since the Ion Cannons are not shooting, this is the best moment to analyze the cyber attacks. At this purpose, in the following table I tried to summarize the timeline of the main events that have characterized this operation (and in general all the cyber attacks executed against Israel since the 14th of November).

Of course I do not pretend to be exhaustive: more than 44 million of cyber attacks in a week are impossible to enumerate singularly.

(more…)

Continue ReadingTimeline of Opisrael

The Quassam Group Stops the Cyber Attacks Against US Banks

Finally it looks like the DDoS attacks against US Banks, carried on by the Izz ad-Din al-Qassam Cyber Fighters in name of the infamous Operation Ababil, have been temporarily suspended. The decision is a consequence of the removal of the controversial video “The innocence of Muslim” from Youtube.

Actually only one copy has been removed (the one which collected more views) and a dozen of copies are still available to visitors. Nevertheless the hacktivists have appreciated this action and have consequently suspended the cyber attacks.

The sudden stop came in the moment of maximum peak: in the last two weeks the wave of DDoS has reached an unprecedented level, with 35 attacks against 25 banks. An apparently unstoppable storm that has dramatically shown the fragility of the system. Here the details of the banks impacted (of course you will find them in the forthcoming Cyber Attack Timeline.

Date

Target

Details

Jan 22

image1The seventh week of Operation Ababil 2 begins with the following banks taken down:

Jan 23

image2Other US banks are targeted:

Jan 24

 image3Again, other DDoS attacks against US Banks. The wave is unprecedented and the list of the targets is very long, including:

(more…)

Continue ReadingThe Quassam Group Stops the Cyber Attacks Against US Banks

Another Certification Authority Breached (the 12th!)

  • Post author:
  • Post last modified:December 10, 2011
  • Post category:CyberwarSecurity
  • Post comments:1 Comment
  • Reading time:4 mins read

2011 CA Attacks Timeline (Click To Enlarge)This year is nearly at the end but it looks like it is really endless, at least from an Information Security Perspective. As a matter of fact this 2011 will leave an heavy and embarassing heritage to Information Security: the Certification Authority authentication model, which has been continuously under siege in this troubled year; a siege that seems endless and which has shown its ultimate expression on the alleged compromise of yet another Dutch Certification Authority: Gemnet.

Gemnet, an affiliate of KPN, has suspended certificate signing operation after an intrusion on its publicly accessible instance of phpMyAdmin (a web interface for managing SQL Database) which was, against any acceptable best practice, exposed on the Internet and not protected by password. As in case of Diginotar, another Dutch Certification Authority which declared Bankrupt few days after being compromised by the infamous Comodo Hacker, Gamnet has  the Dutch government among its customers including the Ministry of Security and Justice, Bank of Dutch Municipalities and the police.

After the intrusion, the attacker claimed to have manipulated the databases, and to allegedly have been able to gain control over the system and all of the documents contained on it, although KPN, claims the documents contained on the server were all publicly available. Moreover the attacker claimed the attack was successful since he could obtain the password (braTica4) used for administrative tasks on the server. As a precaution, while further information is collected about the incident, Gemnet CSP, KPN’s certificate authority division, has also suspended access to their website.

The breach is very different, in purpose and motivations, from the one occurred to Diginotar, at the end of July, which led to the issuance of more than 500 bogus Certificates (on behalf of Google, Microsoft, and other companies). In case of Diginotar the certificates were used to intercept about 300,000 Iranians, as part of what was called “Operation Black Tulip“, a campaign aimed to eavesdrop and hijack dissidents’ emails. For the chronicles, the same author of the Diginotar hack, the Infamous Comodo Hacker, had already compromised another Certification Authority earlier this year, Comodo (which was at the origin of his nickname). In both cases, the hacks were performed for political reasons, respectively as a retaliation for the Massacre of Srebrenica (in which the Comodo Hacker claimed the Dutch UN Blue Helmets did not do enough to prevent it), and as a retaliation for Stuxnet, allegedly developed in a joint effort by Israel and US to delay Iranian Nuclear Program.

But although resounding, these are not the only examples of attacks or security incidents targeting Certification Authorities: after all, the attacks against CAs started virtually in 2010 with the infamous 21th century weapon Stuxnet, that could count among its records, the fact to be the first malware using a driver signed with a valid certificate belonging to Realtek Semiconductor Corps. A technique also used by Duqu, the so called Duqu’s son.

Since then, I counted 11 other breaches, perpetrated for different purposes: eavesdropping (as is the case of the Infamous Comodo Hacker), malware driver signatures, or “simple” compromised servers (with DDoS tools as in case of KPN).

At this point I wonder what else we could deploy to protect our identity, given that two factor authentication has been breached, CAs are under siege, and also SSL needs a substantial revision. Identity protection is getting more and more important, since our privacy is constantly under attack, but we are dangerously running out of ammunitions.

(Click below for references)

(more…)

Continue ReadingAnother Certification Authority Breached (the 12th!)