One Year Of Lulz (Part II)

Christmas has just gone and here it is my personal way to wish you a Happy New Year: the second part of my personal chart (first part here) of Main 2011 Cyber Attacks covering the time window from August to November 2011 (December is not yet finished, and featuring remarkable events, so expect an update very soon). This memorable year is nearly over and is time, if you feel nostalgic, to scroll down the second part of the list to review the main Cyber Events that contributed, in my opinion, to change the landscape and the rules of the (information security) game. Many events in this period among whom, IMHO, the most noticeable is the one carried on against Diginotar. Since then our trust in conventional authentication models is not (and will not be) the same anymore.

Of course this is my personal selection. Suggestions are well accepted and if you need more details about the cyber events in 2011, feel free to consult my 2011 Cyber Attacks Master Index. As usual after the page break you find all the references…

(more…)

Continue ReadingOne Year Of Lulz (Part II)

Middle East Cyber War Timeline Part III

Jan 22: Middle East Cyber War Timeline Part I

Jan 29: Middle East Cyber War Timeline Part II

Feb 12: Middle East Cyber War Timeline Part IV

The more  I look inside the Middle East Cyber War between Israel and the Arab Hackers, the more I realize that it follows exactly the same shape than the real conflict.

In particular this last week has seen a strong reduction of the cyber events between the involved parties, although it is not clear if this was due to stronger cyber defenses enforced, or it was rather a kind of “calm before the storm”.

Among the reported events I considered particularly meaningful the attack of InLightPress, a Palestinian news website, of whom I did not find any other report except the one quoted in the Infographic which comes from a Pro-Israeli Website (this is the reason why this event must be considered with the necessary caution). Maybe it is not directly related to the Middle East Cyber War, anyway it looks like this attack was not originated by Israeli hackers, but had rather been “commissioned” by the Palestinian Authority. In the real world political parties or movement have different wings (typically hawks and doves), it looks like this is true for the cyber world as well. On the other hand, some believe that also the attack carried on last week against the Israeli newspaper Haaretz, considered close to Pro-Palestinian movements, has an internal origin, that maybe explains the subsequent excuses by the alleged authors of the attack (BTW at the above link there is an interesting list of the hack published in pastebin by the Israeli Hackers).

Do you believe the descending trend of the cyber events will be confirmed in the next period, or it is rather a temporary cyber truce before the digital storm?

(more…)

Continue ReadingMiddle East Cyber War Timeline Part III

April 2012 Cyber Attacks Timeline (Part I)

As usual, here is the list of the main cyber attacks for April 2012. A first half of the month which has been characterized by hacktivism, although the time of the resounding attacks seems so far away. Also because, after the arrest of Sabu, the law enforcement agencies (which also were targeted during this month, most of all in UK), made  two further arrests of alleged hackers affiliated to the Anonymous Collective: W0rmer, member of CabinCr3w, and two possible members of the infamous collective @TeaMp0isoN.

In any case, the most important breach of the first half of the month has nothing to deal with hacktivism, targeted the health sector and occurred to Utah Department of Health with potentially 750,000 users affected. According to the Last Ponemon Study related to the cost of a breach ($194 per record) applied to the minimum number of users affected (250,000), the monetary impact could be at least $ 55 million.

Another interesting event to mention in the observed period is also the alleged attack against a Chinese Military Contractor, and the takedown of the five most important al-Qaeda forums. On the hacktivist front, it worths to mention a new hijacked call from MI6 to FBI, but also the alleged phone bombing to the same Law Enforcement Agency. Both events were performed by TeamPoison, whose two alleged members were arrested the day after.

For the sample of attacks I tried to identify: the category of the targets, the category of the attacks, and the motivations behind them. Of course this attempt must be taken with caution since in many cases the attacks did not target a single objective. Taking into account the single objectives would have been nearly impossible and prone to errors (I am doing the timeline in my free time!), so the data reported on the charts refer to the single event (and not to all the target affected in the single event).

As usual the references are placed after the jump.

By the way, SQL Injection continues to rule (the question mark indicates attacks possibly performed by SQL Injection, where the term “possibly” indicates the lack of direct evidences…).

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @pausparrows on Twitter for the latest updates.

(more…)

Continue ReadingApril 2012 Cyber Attacks Timeline (Part I)

Imperfect Cybercrimes

  • Post author:
  • Post last modified:May 24, 2015
  • Post category:Security
  • Post comments:1 Comment
  • Reading time:4 mins read

Law Enforcement Agencies are taking their revenge against the Hacktivists who mostly targeted them during the last months. In a deadly and unexpected sequence, the last 40 days have seen the heads of three infamous hacking crews falling under the blows of FBI and Scotland Yard.

One after the other, the key members of LulzSec, CabinCr3w and Team Poison have been arrested and in all but one case (that is the arrest of the alleged members of Team P0ison for which no details are known so far), the events have unveiled some surprises and unexpected details. Moreover, at least three arrests have been possible since the hackers left behind them a trail of mistakes which allowed the investigators to connect the dots and link their twitter accounts to their real identities.

The following table depicts the facts which may be better summarized from the Criminal Complaints which are reported below for:

As you may notice, in two cases, W0rmer and ItsKahuna, the hackers were betrayed by two familiar technologies which are commonly considered dangerous for users’ privacy and identity: social networks and mobile devices. Sabu was the one who really did a “technical mistake” by connecting to an IRC without protecting his IP address with TOR.

Interesting to say is also the different approach of FBI and Scotland Yard. Once discovered the real identities of the hackers the Feds tried to “enroll” them as informants, at least in one case (Sabu) this strategy was winning. At the opposite the Britons immediately caught the alleged culprits without giving any detail about their identity, maybe hoping the arrest could act as a deterrent for the other hackers. Apparently it looks like this latter strategy was not completely successful since the CabinCr3w survivors are threatening authorities, inviting other Blackhats to join them for the revenge.

Last but not least, I cannot help but notice the tweet below for which I remember to have been particularly impressed when I first saw it since, at that time, I considered it a too much imprudent. Consequently I was not that surprised when I saw it quoted in the Criminal Complaint.

[tweet https://twitter.com/ItsKahuna/status/163423280278159360]

At the end we are becoming more and more familiar with mobile phones and Social Network, so familiar to forget their level of intrusiveness and the related dangers for our privacy. As an example try to verify how many of you and your friend toggle Geo-Tagging off from their phone cameras. (Un)fortunately, it looks like not even the bad guys are immune from this.

(more…)

Continue ReadingImperfect Cybercrimes

November 2011 Cyber Attacks Timeline (Part II)

The second half of November has confirmed the trend seen in the previous report covering the first half of the month. The period under examination has confirmed a remarkable increase in Cyber Attacks from both a quality and quantity perspective.

Although the month has been characterized by many small attacks, several remarkable events have really made the difference.

Among the victims of the month, Finland deserves a special mention in this unenviable rank: the second half of the month has confirmed the emerging trend for this country, which suffered in this period two further breaches of huge amounts of personal data, for a global cumulative cost, computed on the whole month, around $25 million.

But Finland was not the only northern European country hit by cybercrookers (maybe the term cyberprofessionals would be more appropriate): Norwegian systems associated with the country’s oil, gas and energy sectors were hit with an APT based cyber attack resulting in a loss of sensitive information including documents, drawings, user names and passwords.

But once again the crown of the most remarkable breach of the month is placed upon the head of South Korea which suffered another huge data dump affecting users of the popular MMORPG “Maple Story” affecting theoretically 13 million of users, nearly the 27% of the Korean population, for an estimated cost of the breach close to $2.8 billion.

The list of affected countries this month includes also 243,089 Nigerian users, victims of the hack of Naijaloaded, a popular forum.

Microsoft has been another victim in this November, with a phishing scam targeting Xbox Live users. Details of the scam are not clear, although each single affected user in U.K. might have lost something between £100 and £200 for a total cost of the breach assimilable to “million of Pounds”.

November will make history for showing for the first time to information security professionals the dangers hidden inside the SCADA universe (and not related to Nuclear Reactors). The echo of Stuxnet and Duqu is still alive, but this month was the the turn of SCADA water pumps, that have suffered a couple of attacks (Springfield and South Houston), the first one allegedly originated from Russia and the second one from a “lonely ranger” who considered the answer from DHS concerning the first incident, too soft and not enough satisfactory. My sixth sense (and one half) tells me that we will need to get more and more used to attacks against SCADA driven facilities.

The Anonymous continued their operations against governments with a brand new occurrence of their Friday Releases, targeting a Special Agent of the CA Department and leaking something like 38,000 emails. Besides from other some sparse “small” operations, the other remarkable action performed by the Anonymous collective involved the hacking of an United Nations (old?) server, that caused personal data of some personnel to be released on the Internet.

November Special mentions are dedicated (for opposite reasons) to HP and AT&T. HP for the issue on their printers discovered by a group of Researchers of Columbia Univerity, which could allow a malicious user to remotely control (and burn) them. AT&T deserved the special mention for the attack, unsuccessful, against the 1% of its 100 million wireless accounts customer base.

In any case, counting also the “minor” attacks of the month, the chart shows a real emergency for data protection issues: schools, e-commerce sites, TVs, government sites, etc. are increasingly becoming targets. Administrators do not show the deserved attention to data protection and maybe also the users are loosing the real perception of how much important is the safeguard of their personal information and how serious the aftermaths of a compromise are.

As usual, references for each single cyber attack are reported below. Have a (nice?) read and most of alle share among your acquaintances the awareness that everyone is virtually at risk.

Related articles

(more…)

Continue ReadingNovember 2011 Cyber Attacks Timeline (Part II)