After the initial surprise more details are being divulged about the CNAIPIC Hack disclosed this morning. CNAIPIC stands for Centro Nazionale Anticrimine Informatico per la Protezione delle Infrastrutture Critiche) and in practice corresponds to Italian Cyber Police. The event was so resounding to deserve ample space on foreign press as well, starting from BBC, which shows that it has not a mere technical meaning.
Several quick considerations:
- As already stated, CNAIPIC played a primary role during the Campaign of July in which 15 alleged Anonymous members were arrested in 32 raids carried on in Italy and Switzerland. At first glance, this hack seems a clamorous retaliation… But this is too much simple and in my opinion there’s more… During the above mentioned raids, the Italian Police (a statement not reported by local press) reported that: Out of all of the current hacker groups, Anonymous is the largest, but is also populated by the least technical people. Some of its members carry out attacks using software downloaded from the Internet and do not carry out the most basic attempts to secure their IP address. A clear reference to the fact that, until then, the activities of the Anonymous/LulzSec cells in Italy were mainly focused on disruptive DDoS against several sites related to Government, Finance, Telcos and utilities probably made with LOIC without precautions. This attack has shown a much greater level of complexity and this can be easily intended as a kind of “revenge inside the revenge”: Anonymous is not (only) LOIC made DDoS.
- BBC reported that the Anonymous hacker group received the files from a “source”, implicitly suggesting an internal origin for the leak (also suggested by Gizmodo). Honestly speaking I do not agree with this interpretation. As a matter of fact the first tweet announcing the leak on the @AnonymousIRC account was a mere forward from an original tweet by @anonesc (who admitted not to have further details since only forwarded the info). Guess who gave the first tweet? Yes, it was Sabu (thanks to Punto 1 for reporting the info), an old acquaintance, the alleged leader of the LulzSec Group. I have already indicated that this hack resembled the one perpetrated against HBGary Federal which was already performed by Sabu, which could be involved in this hack as well the fact that he was the first to report the CNAIPIC leak cannot be considered a coincidence. Moreover, so far no details concerning the leak were given, not even from the Italian Anonymous and LulzSec.
- The statement was first written in English, of course with the purpose to reach a wider audience. Gizmodo suggests that “the broken English indicates a foreign agent—maybe Italian—and might hint at the possibility of this being an inside job” (considered the average level of English knowledge in Italy the fact that the first statement was written in English should exclude an internal origin but this is a personal consideration ). Anyway, the first statement lacks the irony (and the grammar) of the Lulz pastebins (but it looks like the Lulz Boat had a dedicated member, Topiary, for “public relations”). Curiously, the same statement in Italian was released several hours later and, honestly speaking, is a broken Italian, suggesting a quick translation from the original statement, perhaps with Google Translator or a similar tool, without further deep revisions. In any case, to me, it sounds more likely that the hack was performed with a foreign hand: if I were in an Italian attacker’s shoes I would have reserved more attention to my own language.
In any case, internal or external origin, the action is destined to raise many controversies in Italy, making even more bloody the fight against Anonymous.
- Italian Cyber Police Hacked? (paulsparrows.wordpress.com)
This morning the Anonymous tweets are particularly loud in Italy. It looks like a splinter cell of Anonymous hacked the Italian Cyber Police (CNAIPIC) releasing an image previews, two preview archives and a structure of the file archive (links are currently working). According to the related pastebin the content of the whole leak should amount to 8 Gb of data.
The Italian Cyber Police was heavily involved into the 32 raids which led, at the beginning of July, to the arrest of 15 alleged anonymous members in Italy during a campaign which interested the whole country and the Switzerland where the alleged leader of the group resided. Probably, to confirm a consolidated “tradition” of the group, the Anonymous decided to have a clamorous revenge (does this remember the HBGary affair?).
Moreover, this alleged leak follows another resounding leak happened in Italy, nearly in contemporary with the above raids, targeting several of the main Italian Universities.
This July 2011 seems to be endless from an Infosec perspective and, at my memory, I do not remember Italy has ever been involved so much, with actions by both sides.
Here is the full pastebin content:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ____ _______ ________
| | \ _ \ _____ \______ \
| | / /_\ \\__ \ | | \
| |__\ \_/ \/ __ \_| ` \
|_______ \_____ (____ /_______ /
\/ \/ \/ \/
+Legion of Anonymous Doom+ Release Zero1+
This is a prerelease of a series we are going to make to reveal the biggest in history of European LE cyber operation Evidence exploitation and abuse. Thing’s gonna get published and twittered all over anonymous and lulzsec community.
Today we were granted with the Italian law enforcement Pandora box, we really think it shall be a new era of “regreaissance” to the almighty Homeland Security Cyber Operation Unit in EU.
So we decided to leak everything they got since they were established as a full scale cyber taskforce named CNAIPIC.
This corrupted organization gathered all the evidence from the seized property of suspected computer professional entertainers and utilized it over many years to conduct illegal operations with foreign intelligence agencies and oligarchy to facilitate their lust for power and money, they never used obtained evidence to really support ongoing investigations.
Today we reveal a whole Load of stuff (estimated leak would be over 8Gb) from such owned institutions, just to make it clear all of this stuff was stored on CNAIPIC evidence servers for years while people are doing time in jail waiting for the trial while CNAIPIC used the evidence in the global spy game galore:
Egypt: Ministry of Transport and Communication
Australia: Ministry of Defence
Russia: Atomstroyexport, Diaskan, Sibneft, Gazprom etc.
Ukraine: several embassies and consulates on it’s territory
Nepal: Ministry of Foreign Affairs
Belarus: Ministry of Foreign Affairs, Belneftehim, Belspetzexport
Gibraltar, Cyprus, Cayman Islands etc: Tecno Develp, Line Holdings, Dugsberry Inc, Alpha Prime, Alpha Minerals etc.
Vietnam: PetroVietnam (PTSC), Ministry of Natural Resources (MONRE)
USA: EXXON MOBIL, US Department of agriculture and hundreds of attorneys and DOJ accounts including: McCallion & Associates LLP, Goodkind, Labaton, Rudoff & Sucharow, LLP, and hundreds of bullshit agencies we don’t even know why we pay taxes to support all of them.
So to cut the crap let’s get it over with fellaz…
Is the image preview to get a glimpse on what is meant to be said.
first of 2 preview archives with preview documents to get a general idea.
2nd preview archive
CNAIPIC file structure and listing Part 1
Thank you all,
Stay tuned…4 update on this one.