Update 01/11/2012: Year-to-Tear comparison with 2011 Security Predictions The new year has just come, vacations are over, and, as usually…
February 2012 brings a new domain for my blog (it’s just a hackmaggedon) and confirms the trend of January with a constant and unprecedented increase in number and complexity of the events. Driven by the echo of the ACTA movement, the Anonymous have performed a massive wave of attacks, resuming the old habits of targeting Law Enforcement agencies. From this point of view, this month has registered several remarkable events among which the hacking of a conf call between the FBI and Scotland Yard and the takedown of the Homeland Security and the CIA Web sites.
The Hacktivism front has been very hot as well, with attacks in Europe and Syria (with the presidential e-mail hacked) and even against United Nations (once again) and NASDAQ Stock Exchange.
Scroll down the list and enjoy to discover the (too) many illustrious victims including Intel, Microsoft, Foxconn and Philips. After the jump you find all the references and do not forget to follow @paulsparrows for the latest updates. Also have a look to the Middle East Cyberwar Timeline, and the master indexes for 2011 and 2012 Cyber Attacks.
Addendum: of course it is impossible to keep count of the huge amount of sites attacked or defaced as an aftermath of the Anti ACTA movements. In any case I suggest you a couple of links that mat be really helpful:
- List of all vulnerable websites attacked by anonymous Part II (updated daily) (via cylaw.info)
- List of Websites Hacked, Defaced & Taken Down By Anonymous (via valuewalk.com)
There are really few doubts, this is the most (in)famous hacking collective. There is no new day without a new resounding action. They are Anonymous. They are Legion. They do not forgive. They do not forget. Expect Them.
B like Barrett Brown
Considered one of the early members, Barrett Brown is the alleged spokesperson of Anonymous.
C like Chanology (AKA Project Chanology, AKA Operation Chanology)
A protest movement against the practices of the Church of Scientology by Anonymous. The project (or Operation) was started in response to the Church of Scientology’s attempts to remove material from a highly publicized interview with Scientologist Tom Cruise from the Internet in January 2008 and was followed by DDoS attacks and other actions such as black faxes and prunk calls.
D like DDoS
Distributed Denial of Service (abbreviated DDoS) is the preferred weapon by Hackitivsts, since it does not need particular hacking skills and may also be centrally controlled (with a hive mind who define the target). The preferred tool for perpetrating DDoS attacks is LOIC, although next-gen tools are under development.
E like Encyclopædia Dramatica
A satirical open wiki, launched on December 10, 2004 and defunct on April 14 2011. It is considered one of the sources of inspiration for The Anonymous.
F like Fawkes Guy AKA Fawkes Guido
Guy Fawkes (13 April 1570 – 31 January 1606), also known as Guido Fawkes, belonged to a group of provincial English Catholics who planned the failed Gunpowder Plot, a failed assassination attempt against King James I of England. His stylised mask designed by illustrator David Lloyd and used as a major plot element in the “V for Vendetta“ Comic Book, is the symbol for the Anonymous. The failure of the Gunpowder plot has been commemorated in England since 5 November 1605.
Find here February 2012 Cyber Attacks Timelime Part I.
With a small delay (my apologies but the end of February has been very busy for me and not only for Cybercrooks as you will soon see), here it is the second part of my compilation with the main Cyber Attacks for February 2012.
Easily Predictable, the Hacktivism is still the main concern for System Administrators, in particular for the ones of Stratfor who suffered a huge leak of 5 million of emails.
On the same front, the threats of the Anonymous for the Friday actions have come true and as a matter of fact Law Enforcement Agencies suffered other remarkable breaches in this month: Infragard for the second time and also Interpol (a new entry) that was taken down after the arrest of 25 members of the collective. Anti ACTA protest also continue to shake Europe as also the delicate economical and social situation in Greece.
Last but not least, this month has also seen an unforgettable leak, affecting potentially more than 1.000.000 Youporn users.
As usual, the chart does not include the events related to Middle East Cyber War Timeline, that you may find at this link, as they “deserve” a dedicated timeline.
The first half of March is gone, and here it is the Timeline of the main Cyber Attacks for this…
As usual, here is the list of the main cyber attacks for April 2012. A first half of the month which has been characterized by hacktivism, although the time of the resounding attacks seems so far away. Also because, after the arrest of Sabu, the law enforcement agencies (which also were targeted during this month, most of all in UK), made two further arrests of alleged hackers affiliated to the Anonymous Collective: W0rmer, member of CabinCr3w, and two possible members of the infamous collective @TeaMp0isoN.
In any case, the most important breach of the first half of the month has nothing to deal with hacktivism, targeted the health sector and occurred to Utah Department of Health with potentially 750,000 users affected. According to the Last Ponemon Study related to the cost of a breach ($194 per record) applied to the minimum number of users affected (250,000), the monetary impact could be at least $ 55 million.
Another interesting event to mention in the observed period is also the alleged attack against a Chinese Military Contractor, and the takedown of the five most important al-Qaeda forums. On the hacktivist front, it worths to mention a new hijacked call from MI6 to FBI, but also the alleged phone bombing to the same Law Enforcement Agency. Both events were performed by TeamPoison, whose two alleged members were arrested the day after.
For the sample of attacks I tried to identify: the category of the targets, the category of the attacks, and the motivations behind them. Of course this attempt must be taken with caution since in many cases the attacks did not target a single objective. Taking into account the single objectives would have been nearly impossible and prone to errors (I am doing the timeline in my free time!), so the data reported on the charts refer to the single event (and not to all the target affected in the single event).
As usual the references are placed after the jump.
By the way, SQL Injection continues to rule (the question mark indicates attacks possibly performed by SQL Injection, where the term “possibly” indicates the lack of direct evidences…).
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @pausparrows on Twitter for the latest updates.
05/11/12: Updated timeline. The tension between Philippines and China escalates and new cyber attacks target both sides.
The month of April has suddenly revealed a new unexpected Cyber Conflict between two very different countries: Philippines and China.
Of course the Chinese Cyber Activity is not that surprising, differently from the Philippines which had not shown any bellicose intention in the Cyber Domain. At least until these days when the cyber peace between the two countries has been broken because of a dispute concerning the sovereignty on the Scarborough Shoal and the Spratly Islands claimed from both countries. As often happens, the dispute has crossed the boundaries between the real and the cyber worlds and has hence unleashed an endless and unexpected trail of mutual cyber attacks.
According to Roy Espiritu, spokesman of the government’s information technology office, all the attacks came after Philippine ships faced off with Chinese patrol vessels in April 8 in the disputed Scarborough Shoal in the South China Sea. Before that, there had been no such eventsm at least until April 2o, when some hackers, identifying themselves as Chinese, attacked to the University of the Philippines. In that circumstance they defaced the UP website (up.edu.ph) with a map, labeled with Chinese characters, showing the Scarborough Shoal (Panatag as called by the Philippines and Huangyan by China).
Needless to say, the latter episode has started an endless line of mutual attacks that are still continuing despite the calls to end the attacks from Manila.
Will the cyber conflict be limited to “simple” defacements, or will it take the shape of the first phase of the Middle East Cyber War when both parties faced themselves leaking credit card details of innocent individuals? Moreover, are critical infrastructure really in danger as suggested by Filipino IT professionals?
Based on the current events, maybe this latter scenario is exaggerated, in any case once again, the upsetting evidence shows that the Cyber World has become a consolidated further battlefield for the disputes inflicting the real world.
If you want to have an idea of how fragile is the equlibrium inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @paulsparrows on Twitter for the latest updates.
I have aggregated the data collected related to cyber attacks occurred in April 2012 (that you may find in the…
As I did in the last month, I have summarized the data collected in my Cyber Attacks Sample for the…
As usual, here it is the second part of the Cyber Attacks Timeline for the month of May 2012: a month particularly rich of Cyber Events. As you will probably know, the Flame malware has monopolized the attention, deserving the most attention from the Information Security Professional.
Nevertheless the scene has offered many interesting events, among which it worths to mention the breach of 123,000 federal employees records, the breach affecting University of Nebraska, and, last but not least, the breach against WHCMS (which, as we will soon see, has proved to be fatal for its author).
The hacktivist front is still hot and preannounces another hot summer. On the other hand the authors of several remarkable cyber-criminal actions are probably going to leave the scene: the long trail of arrests made by Law Enforcement Agencies against hackers has continued in this month and has hence led to the arrest of Cosmo, the leader of the infamous group UGNazi, which claimed to be the author of the Cyber Attack against WHCMS.
In your opinion are the arrests against hackers really going to stop the growing number of Cyber Attacks (acting as a deterrent)?
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @paulsparrows on Twitter for the latest updates.
After the jump you find all the references, and at this link the first part covering 1-15 May.