About these ads

Archive

Archive for March, 2012

Middle East Cyber War Update

Another week of Cyber War in the Middle East…

Another week in which pro Israeli hackers seem to have disappeared, and hence have apparently left the scene to Pro Palestine hackers, although not so many high-profile actions have been reported in this period. The only exception to this schema is represented by Mauritania Hacker Team who dumped 4000 login accounts from Microsoft Israel Dynamics CRM Online website. This action is particularly significant… Not because it targeted a Cloud service, and not even because it targeted a Microsoft Cloud Service, but most of all because on the wake of the multiple dumps performed by Pro Arab hackers against Israel (among which the dump to the Microsoft Cloud Service was only the latest), the Israel’s Justice Ministry has releases guidelines forbidding unnecessary collection of personal national identification numbers. This is the first time in which the aftermath of a Cyber War has direct implications on everyday life.

From this point of view the wars fought on the cyber domain are completely different from the wars fought on the real world… In the cyber battlefield the civilians are the primary targets (since they have their personal data dumped) and not collateral victims…

Read the complete timeline of the Middle East Cyber War at this link and follow @paulsparrows on Twitter for the latest updates.

Read more…

About these ads

Timeline of Cyber War Between Bangladesh and India (Part II)

March 26, 2012 1 comment

Part I: The list of Cyber Attacks Carried On by Bangladesh Hackers against India

The second part of this post covers the cyber attacks carried on by Indian hackers against Bangladesh. Apparently their number is smaller but a deeper analysis shows a sharper strategy focused on paralyzing the financial system of Bangladesh.

In this first quarter of 2012, the cyber war between the two countries went through two different phases: until the beginning of March, the two opposite factions faced themselves with sparse defacement and DDoS actions (unchained after the attacks following the India Republic Day). After March we entered the Cyber War 2.0 characterized by High Profile actions, most of all suffered by Bangladesh, that led to the takedown of the Stock Exchange and one important Bank.

Again, thanks to Catherine for collecting the data.

Of course do not forget to follow @paulsparrows for the latest updates on the (too many) Cyber Wars, being fought on the underground of our planet.

Read more…

Timeline Of Cyber War Between Bangladesh and India

March 24, 2012 6 comments

Update 03/26/12: List of Cyber Attacks Carried on by Pro-India Hackers against Bangladesh

Several days ago I tweeted a request of help to my tweeps for building a timeline of India and Bangladesh Cyber War Timeline.

Unexpectedly the day after I received a complete and detailed timeline from Catherine Anita. I was nearly risking to loose it since my Gmail account had marked the message as spam. As I do not completely trust the antispam engines and regularly check my Spam folder, fortunately I was able to retrieve her e-mail and the precious content.

Catherine did a complete review that I formatted according to my consolidated model, adding a couple of events for the last days.

Since the timeline of the mutual Cyber Attacks  is quite long, I decided to divide it into two parts, the first one covering the cyber attacks carried on by pro-Bangladesh hacking crews against India (I used a rigorous alphabetical Order). Expect for tomorrow the update with attacks carried on from the other side.

As usual after the Jump you find all the references.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @pausparrows on Twitter for the latest updates.

Read more…

The First Italian Cybercrime Report is Available [Infographic]

March 21, 2012 7 comments

Yesterday, during the Italian Security Summit 2012, the Italian Clusit Association has unveiled the first Italian Cybercrime Report for which I acted as a contributor (in particular I compiled the section dedicated to the Italian Cyber Attacks), putting also at disposal my 2011 Cyber Attacks Timeline for the Report’s introduction.

This is a great result for our Security Community, not only because such a similar holistic work had never been compiled before in Italy, but also because it pinpoints the possible trends and scenarios for 2012 and hence provide guidelines useful to delineate security strategies for professionals and organizations.

Most of all, the Report has been enriched by data collected by the Italian Cyber Police. An unprecedented event in Italy that provides a real deep insight the Cybercrime impacts in everyday life as never done before in our country.

Said in few words, it worths a read, and even if, so far, it is in Italian, we are working for a short English Version.

In the meantime I provide you with an amusing preview. In compiling the report, Andrea Zapparoli Manzoni, a dear friend and most of all one of the report contributors, did a great job by cataloguing all the 406 international attacks that I collected in my 2011 timeline. I consequently decided to summarize the results of this huge work in the following Infographic. The result is quite impressive, isn’t it?

Drones used as Proxies to get around ISP blocking and law enforcement: Predator’s to add server payload?

Cross Posted from TheAviationist.

Nearly in contemporary with the breaking news that a judge in New Zealand’s High Court has declared that the order used to seize Kim Dotcom’s assets is “null and void”, writing another page inside the endless MegaUpload saga, The Pirate Bay, one of the world’s largest BitTorrent sites, made another clamorous announcement. Tired of countering the block attempts that forced, last month, to switch its top-level domain, possibly to avoid seizure by U.S. authorities, and in October 2011 to set up a new domain to get around ISP blocking in Belgium, the infamous BitTorrent site is considering the hypothesis to turn GPS-controlled aircraft drones into proxies, in order to avoid Law Enforcement controls (and censorship) and hence evade authorities who are looking to shut the site down.

A Predator drone carries a few servers…as tin cans would trail a newly married couple’s car

The drones, controlled by GPS and equipped with cheap radio equipment and small computers (such as Raspberry Pi), would act as proxies redirecting users’ traffic to a “secret location”. An unprecedented form of (literally) “Cloud Computing”, or better to say “Computing in the Clouds”, capable to transfer, thanks to modern radio transmitters, more than 100Mbps at over 50 kilometers away, more than enough for a proxy system.

This is essentially what MrSpock, one of the site’s administrators, stated in a Sunday blog post (apparently unavailable at the moment). Curiously the drones are called “Low Orbit Server Stations”, a name not surprisingly much similar to the “Low Orbit Ion Cannon”, the DDoS weapon used by the Anonymous collective, capable of evoking very familiar hacktivism echoes.

Actually this is not the first time that hackers try to use air communication to circumvent Law Enforcement controls. At the beginning of the year, a group of hackers unveiled their project to take the internet beyond the reach of censors by putting their own communication satellites into orbit.

What raised some doubts (at first glance this announcement looks like an anticipated April Fools), is not the the use of a Low Orbit Server Stations, but the fact that moving into an airspace would be enough to prevent Law Enforcement Controls (and reactions).

Drones are subject to specific rules and restrictions and can only fly along reserved corridors to deconflict them from civilian and military air traffic. And they have to land every now and then, unless someone thinks these pirate robots can be air-to-air refueled.

As a commenter of The Hacker News correctly pointed out: “There seems to be a lot of misunderstanding about who “owns” the airspace of a given country“: definitely a drone flying too high would be classified as a threat and forcibly removed by an air force, a drone tethered to ground would be subjected to local zoning laws, while a drone broadcasting from an “intermediate” height would probably violate a number of existing laws and forced to shut down.

At the end it is better to turn back to “Ground Computing” as opposed to “Cloud Drones”. As a matter of fact “it’s probably a lot easier to find a friendly government and host a normal server in that country“.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated) at hackmageddon.com. And follow the author of this article @pausparrows on Twitter for the latest updates.

Middle East Cyber War Timeline (Part VIII)

March 18, 2012 1 comment

This last week has seen some remarkable events an undoubtable revamp of data leaks inside the Middle East Cyberwar.

Not only the infamous 0xOmar, the initiator of the Middle East Cyber War, reappeared, leaking alleged secret data from some Israeli Virtual Israeli Air Force School websites; but also the Pakistani zCompany Hacking Crew has re-entered the scene unchaining the original weapon, that is the Credit Card leak. As a matter of fact ZHC published 5,166 records containing working credit cards, usernames, emails and addresses of individual supporters of the Zionist Organisation of UK & Ireland (zionist.org.uk).

On a different front, the massive defacements of websites all over the world in support of #OpFreePalestine continued. Under the label of the same operation, the Anonymous also “doxed” several companies and individuals on pastebin.

As far as the two main contenders (Iran and Israel) are concerned, the strategies seem quite different.

Iran has shown a cyber activity culminated in the alleged attack against the BBC Persian Service. For this nation, it is also important to notice its “cyber autarky”, maybe a choice forced by the embargo, that led to the creation of an internal email service, in contrast to the traditional Gmail, Yahoo, etc. This happens few weeks after the decision to develop an internal Antivirus.

On the opposite front, Israel keeps on its apparent cyber silence. Is it the prelude for the feared military action against Iran?

If you want to be constantly updated on the Middle East Cyber War, at this link you find the complete timeline. Also follow @paulsparrows on Twitter for the latest updates!

Read more…

After latest F-35 hack, Lockheed Martin, BAE Systems, Elbit under multiple cyber attacks….right now.

March 14, 2012 2 comments

Cross Posted from TheAviationist.

I have just published a timeline covering the main Cyber Attacks targeting Military Industry and Aviation, but it looks like the latest events will force me to post an update, soon.

Although perpetrated with very different timelines, origins and motivations behind them, the last three days have seen a new wave of attacks against military industry that has unexpectedly become the point of intersection between cybercrime and cyberwar.

The first clamorous attack was disclosed a couple of days ago, when the Sunday Times revealed that alleged Chinese Hackers were able to penetrate into computers belonging to BAE Systems, Britain’s biggest defence company, and to steal details about the design, performance and electronic systems of the West’s latest fighter jet, the costly F-35 Joint Strike Fighter. The hacking attack has raised concerns that the fighter jet’s advanced radar capabilities could have been compromised and comes few weeks after papers about the future British-French drone were stolen in Paris.

Apparently, once again, an APT-based attack, or maybe one of its precursors, since it was first uncovered nearly three years ago. In any case, according to the sources and the little information available, it lasted continuously for 18 months, exploiting vulnerabilities in BAE’s computer defences to steal vast amounts of data. A fingerprint analogous to other similar cyber operations, allegedly generated from China such as Operation Aurora or the controversial operation Shady RAT.

Details of the attack have been a secret within Britain’s intelligence community until they were disclosed by a senior BAE executive during a private dinner in London for cyber security experts late last year.

Curiously the F-35 seems to be a very attracting prey for hackers as it was already the victim of a Cyber Attack in 2009; once again the latest attack is believed to be originated from China, who is showing a restless cyber activity.

Although completely different for impact and motivations, a second attack has just been announced by the infamous hacking collective Anonymous, which, in name of the #OpFreePalestine operation, has published the contact details for senior staff at BAE (hit once again), Lockheed, Gulfstream Aerospace, a division of General Dynamics, and the United States Division Of Israeli Owned Arms Company Elbit Systems. An attempt to embarrass military industry considered involved in the events happening in Palestine.

Although the data dumps apparently contain little valuable information (according to V3.co.uk many of the telephone numbers listed are for company headquarters, while several of the names appear to be out of date), the latest attacks represent a quantum leap in the Middle East Cyber War, after the “reign of terror” threatened by Anonymous against Israel.

The F-35 JSF is not only the most advanced stealthy fighter plane of the next future. It is also the most expensive. That’s why some partners have been compelled to downsize their initial requirements because of cuts imposed by the increasing unit price (with the new contract the total unit cost for an LRIP 5 jet is 205.3 million USD!!).

Apparently these cuts are interesting even the IT Security budgets of the manufacturers.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated) at hackmageddon.com. And follow the author of this article @pausparrows on Twitter for the latest updates.

The Italian Job

March 13, 2012 5 comments

The Italian Anonymous did it again and today have attacked for the second time in few days the vatican.va website. Actually this time their attack has apparently been deeper since the infamous collective also posted a small portion of a database claimed to have been leaked from radiovaticana.org, the website of the official Vatican Radio.

The inevitable statement on pastebin (so far only in Italian) quotes Imperva, the Israeli Company Focused on Application Security which claimed, few days ago, to have prevented, in August, a summer attack against the Vatican, using the collected information to profile a typical Anonymous DDoS attack.

Of course the pastebin suggests that this attack has been a kind of retaliation against the information disclosed by Israeli Security Company in their detailed report, nevertheless this has been only the last DDoS attack in Italy in this troubled weekend that has seen several websites falling under the LOIC shots: Saturday the Italian Railways have been hit (three domains), and yesterday Equitalia, the company owning the concession, on behalf of the Government, to collect taxes.

This (un)expected revamp of DDoS activity in Italy comes approximately nearly a couple of months after the LOIC attacks unchained by the MegaUpload shutdown, and nearly nine months after the waves of attacks which made the Italian Summer a very hot season for Information Security.

Besides, so far the preferred targets of The Anonymous in Italy have been Government and Politician Websites, targeting the Vatican Site, looks like this time the Anonymous crossed the line.

As a matter of fact I have decided to write down in a table all the hacktivism-led attacks carried on Italy from the 2011 onwards. I have collected the information on the attacks during the gathering of the necessary material to prepare my timelines for 2011 and 2012. In reading the list, please consider that several DDoS attacks were only claimed by the attackers, so it is really difficult discriminate if they were succesful or not, nevertheless I thought it appropriate to insert them all to provide a global view.

So far, you will notice that the Hackvism in Italy has passed three main phases: the summer phase, maybe interrupted by the wave of arrests in July; the winter phase, as quoted above, immediately after the Megaupload shutdown on the wake of the anti-SOPA/PIPA/ACTA movements; and the current phase (may we define it a spring phase?) triggered by the delicate internal sociopolitical situation….

March 2011

04/03/2011 finmeccanica.it DDOS Military Industry
04/03/2011 eni.it DDOS Energy
04/03/2011 unicredit.it DDOS Finance

June 2011

21/06/2011 ilpopolodellalibertà.it DDoS Political Parties
21/06/2011 governoberlusconi.it DDoS Political Parties
21/06/2011 pdl.it DDoS Political Parties
21/06/2011 governoberlusconi.it DDoS Political Parties
21/06/2011 silvioberlusconifansclub.org DDoS Political Parties
21/06/2011 forzasilvio.it DDoS Political Parties
22/06/2011 governo.it DDoS Government
22/06/2011 camera.it DDoS Government
22/06/2011 senato.it DDoS Government
22/06/2011 interno.it DDoS Government
22/06/2011 regione.campania.it DDoS Government
22/06/2011 pdl.it DDoS Political Parties
22/06/2011 renatobrunetta.it DDoS Political Parties
22/06/2011 innovazionepa.gov.it DDoS Government
23/06/2011 governo.it DDoS Government
23/06/2011 agcom.it DDoS Government
23/06/2011 leganord.org DDoS Political Parties
24/06/2011 governo.it DDoS Government
24/06/2011 giustizia.it DDoS Government
28/06/2011 agcom.it DDOS Government
29/06/2011 camera.it DDoS Government
29/06/2011 pdl.it DDoS Government
29/06/2011 mediaset.it DDoS Entertainment
30/06/2011 telecomitalia.it DDoS ISP
30/06/2011 poste.it DDoS Mail
30/06/2011 borsaitaliana.it DDoS Finance

July 2011

01/07/2011 leganord.org DDoS Political Parties
01/07/2011 agcom.it DDoS Government
02/07/2011 innovazionepa.gov.it DDoS Government
02/07/2011 governo.it DDoS Government
03/07/2011 agcom.it DDoS Government
04/07/2011 agcom.it DDoS Government
06/07/2011 19 Universities:                  unisi.it
unisa.it
uniroma1.it
anotonianum.eu
econoca.it
uniba.it
unibocconi.it
unifg.it
unime.it
unimib.it
uniurb.it
unibo.it
unipv.it
unina2.it
unile.it
polimi.it
unito.it
unimo.it
SQLi? Education
31/07/2011 vitrociset.it Defacement Contractor

August 2011

03/08/2011 vitrociset.it Defacement Contractor
06/08/2011 sappe.it Defacement Law Enforcement Agencies

September 2011

02/09/2011 Undisclosed Bank ? Finance

November 2011

29/11/2011 fiocchigfl.it Defacement Military Industry

December 2011

06/12/2011 torino-lione.it Defacement Transportation
06/12/2011 ghiglia.it Defacement Political Parties
19/12/2011 fabriziocorona.it Defacement Entertainment
19/12/2011 costantinovitaliano.it Defacement Entertainment

January 2012

10/01/2012 leganord.org Defacement Political Parties
13/01/2012 italia.gov.it DDoS Political Parties
22/01/2012 siae.it DDoS Entertainment
22/01/2012 universalmusic.it DDoS Entertainment
22/01/2012 copyright.it DDoS Entertainment
22/01/2012 giannifava.org DDoS Political Parties
22/01/2012 leganord.org DDoS Political Parties
24/01/2012 giustizia.it DDoS Government
26/01/2012 italia.gov.it DDoS Government

February 2012

11/02/2012 circondarialetorino.it Defacement Law Enforcement Agencies
17/02/2012 rivagroup.com DDoS Military Industry
17/02/2012 enel.it DDoS Energy
18/02/2012 mauriziopaniz.it Defacement Political Parties
22/02/2012 binetti.it Defacement Political Parties
27/02/2012 polizia.it DDoS Law Enforcement Agencies
27/02/2012 carabinieri.it DDoS Law Enforcement Agencies

March 2012

07/03/2012 vatican.va DDoS Religion
10/03/2012 trenitalia.it DDoS Transportation
10/03/2012 RFI.it DDoS Transportation
10/03/2012 viaggaintreno.it DDoS Transportation
11/03/2012 equitalia.it DDoS Services
12/03/2012 vatican.va DDoS Religion
12/03/2012 radiovaticana.org Defacement Religion

Middle East Cyber War Update (Part VII)

Updated on March 11 to include the latest cyber attacks to Israeli Websites by @CabinCr3w and Anonymous Crkvina

As reported on the last update, it looks like the Cyberwar between Israel and the Middle East (most of all Iran) has come to an apparent truce, at least from the Israeli Site. A trend confirmed also in this last period in which Israel did not perform any Cyber action, but suffered several sparse attacks (mostly defacements) and a new DDoS against AIPAC (American Israel Public Affairs Committee) with a new threatening message from the Anonymous. In the same time, many other countries all over the world suffered cyber attacks in name of the so-called #OpFreePalestine. These attacks were mainly carried on by a crew called Pak Cyber Pyrates who also defaced the isreaeldefenceforces.com webiste.

Is the static position of Israel a possible prelude for an Israeli Military Action against Iran in the real space? According to a panel of experts the  chance that the United States or Israel will strike Iran in the next year is 48 percent.

But Israel and Iran are not the only unstable zones in the Middle East Cyber Space: a new cyber war front is raising in Lebanon, which has become the target of several cyber-attacks, carried on by hacktivist hacking groups stressing the need of more democracy, rather than by foreign countries.A front joined by the Anonymous who declared the start of #OpLebanon.

Last but not least, although not reported on the chart, I also found a Lebanese Cyber Army that hacked several Facebook accounts belonging to Israeli people.

At this link the complete timeline at the Middle East Cyberwar Timeline and follow @paulsparrows for the latest updates.

Read more…

Follow

Get every new post delivered to your Inbox.

Join 2,705 other followers