2011 has been an annus horribilis for information security, and aviation has not been an exception to this rule: not only in 2011 the corporate networks of several aviation and aerospace industries have been targeted by digital storms (not a surprise in the so-called hackmageddon) but, above all, last year will be probably remembered for the unwelcome record of two alleged hacking events targeting drones (“alleged” because in the RQ-170 Sentinel downed in Iran episode, several doubts surround the theory according to which GPS hacking could have been the real cause of the crash landing).

But, if Information Security professionals are quite familiar with the idea that military contractors could be primary and preferred targets of the current Cyberwar, as the infographic on the left shows, realizing that malware can be used to target a drone is still considered an isolated episode, and even worse, the idea of a malware targeting, for instance, the multirole Joint Strike Fighter is still something hard to accept.

However, things are about change dramatically. And quickly.

The reason is simple: the latest military and civil airplanes are literally full of electronics, which play a primary role in managing avionics, onboard systems, flight surfaces, communcation equipment and armament.

For instance an F-22 Raptor owns about 1.7 millions od line of codes , an F-35 Joint Strike Fighter about 5.7 millions and a Boeing 787 Dreamliner about 6.5 millions. Everything with some built in code may be exploited, therefore, with plenty of code and much current and future vulnerabilities, one may not rule out a priori that these systems will be targeted with specific tailored or generic malware for Cyberwar, Cybercrime, or even hacktivism purposes.

Unfortunately it looks like the latter hypothesis is closer to reality since too often these systems are managed by standard Windows operating systems, and as a matter of fact a generic malware has proven to be capable to infect the most important U.S. robots flying in Afghanistan, Pakistan, Libya, and Indian Ocean: Predator and Reaper Drones.

As a consequence, it should not be surprising, nor it is a coincidence, that McAfee, Sophos and Trend Micro, three leading players for Endpoint Security, consider the embedded systems as one of the main security concerns for 2012.

Making networks more secure (and personnel more educated) to prevent the leak of mission critical documents and costly project plans (as happened in at least a couple of circumstances) will not be aviation and aerospace industry’s information security challenge; the real challenge will be to embrace the security-by-design paradigm and make secure and malware-proof products ab initio.

While you wait to see if an endpoint security solution becomes available for an F-35, scroll down the image below and enjoy the list of aviation and aerospace related cyber attacks occurred since the very first hack targeting the F-35 Lightning II in 2009.

Of course aviation and aerospace industries are not the only targets for hackers and cybercriminals. So, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated) at hackmageddon.com. And follow @pausparrows on Twitter for the latest updates.

As usual the references are after the jump…

1. http://online.wsj.com/article/SB124027491029837401.html
2. http://hackmageddon.com/2011/05/31/insecureid/
3. http://hackmageddon.com/2011/05/26/it-was-only-a-matter-of-time/
4. http://hackmageddon.com/2011/06/02/another-breach-in-the-wall/
5. http://hackmageddon.com/2011/07/15/the-mother-of-all-breaches/
6. http://nakedsecurity.sophos.com/2011/09/19/mitsubishi-defense-contractor-hack/
7. http://hackmageddon.com/2011/10/08/oops-my-drone-was-infected/
8. http://ajw.asahi.com/article/behind_news/social_affairs/AJ2011102415638
9. http://nakedsecurity.sophos.com/2011/09/19/mitsubishi-defense-contractor-hack/
10. http://www.csmonitor.com/World/Middle-East/2011/1215/Exclusive-Iran-hijacked-US-drone-says-Iranian-engineer-Video
11. http://theaviationist.com/2011/12/19/simple-solution/
12. http://news.discovery.com/space/jaxa-virus-data-htv-computer-120113.html

This week of Cyber War on the Middle East front, has shown a slight change on the Cyber Conflict trend. For the first time since January, psyops have deserved a primary role, maybe on the wake of the video released by the Anonymous against Israel one week ago. Not only the Jerusalem Post calls the video into question, but also argues that it may have been forged by Iran, identifying a state sponsored impersonation behind the entry of Anonymous in this cyber war.

But this has not been the only psyops event as an alleged message from Mossad to the Anonymous has appeared on pastebin, whose beginning sounds like a dark warning: If you want to be a hero start with saving your own lives. Although there are many doubts on its truthfulness, it deserves a particular attention since outlines a new age on psyops, what I call “pastebin psyops”.

But a war is not made only of psyops, so this week has also seen more hostile actions, among which the most remarkable one has been the leak of 300,000 accounts from Israeli Ministry of Construction and Housing. This action had been preannounced by a wave of attacks on primary Israeli sites (which targeted also the PM site), and most of all, has been carried on by 0xOmar, the absolute initiator of this cyber conflict.

Palestine has been targeted as well, and it is really interesting to read under this perspective a statement by Ammar al-Ikir, the head of Paltel, the Palestinian telecommunications provider according to whom cyber attacks on Palestinian websites and internet servers have escalated since Palestine joined UNESCO.

On the Iranian front chronicle report of a failed cyber attacks againstPress TV, Iran’s English-language 24-hour news channel and most of all of a controversial statement by Gholam Reza Jalali, a senior Iranian military official in charge of head of the Iranian Cyber Intelligence, according to whom the country’s nuclear facilities have finally been made immune to cyber attacks. And it is not a coincidence that in this week Iran has kicked off the first national conference on Cyber Defense. A matter that deserves a special attention by Tehran because of the growing number of attacks on Iran’s cyber space by US and Israel. On the other hand, Israel did a similar move one month ago, at very early stage of the cyber conflict.

1. http://www.maannews.net/eng/ViewDetails.aspx?ID=459643
   
2. http://www.cyberwarnews.info/2012/02/10/anonymous-sends-a-warning-to-the-israeli-government/
   
3. http://pastebin.com/pVmAZqWY
   
4. http://blogs.jpost.com/content/impersonating-anonymous-it-state-sponsored-terrorism
   
5. http://abcnews.go.com/International/wireStory/iran-nuclear-facilities-immune-cyber-attack-15572784#.T0DKP3lW2So
   
6. http://www.maannews.net/eng/ViewDetails.aspx?ID=460132
   
7. http://www.haaretz.com/business/hackers-hit-israel-prime-minister-office-website-1.412769
   
8. http://pastebin.com/NZVGFrcb
9. http://www.theyeshivaworld.com/news/General+News/118420/Israel%3A-Bank-Hapoalim-Data-Cops-Beats-Hackers.html
10. http://www.presstv.ir/detail/227341.html
    
11. http://www.presstv.ir/detail/227407.html
12. http://pastebin.com/EgnEDDje

The Hacktivism front has been very hot as well, with attacks in Europe and Syria (with the presidential e-mail hacked) and even against United Nations (once again) and NASDAQ Stock Exchange.

Scroll down the list and enjoy to discover the (too) many illustrious victims including Intel, Microsoft, Foxconn and Philips. After the jump you find all the references and do not forget to follow @paulsparrows for the latest updates. Also have a look to the Middle East Cyberwar Timeline, and the master indexes for 2011 and 2012 Cyber Attacks.

Addendum: of course it is impossible to keep count of the huge amount of sites attacked or defaced as an aftermath of the Anti ACTA movements. In any case I suggest you a couple of links that mat be really helpful:

• List of all vulnerable websites attacked by anonymous Part II (updated daily) (via cylaw.info)
• List of Websites Hacked, Defaced & Taken Down By Anonymous (via valuewalk.com)

1. https://twitter.com/#!/ItsKahuna/status/164850154778796032
2. http://www.thejournal.ie/government-website-passwords-obtained-by-anonymous-hacker-343904-Feb2012/
3. http://anonops.blogspot.com/2012/02/opblitzkrieg-anonymous-strikes-neo.html
4. http://www.kwgn.com/news/kdvr-hackers-tap-into-medical-groups-records-20120201,0,909581.story
5. http://datalossdb.org/incidents/5586-4-933-e-mail-addresses-and-hashed-passwords-dumped-on-the-internet
6. http://mashable.com/2012/02/02/susan-g-komen/
7. http://www.bbc.co.uk/news/uk-england-essex-16853109
8. http://www.irishtimes.com/newspaper/breaking/2012/0202/breaking27.html
9. http://hosted.ap.org/dynamic/stories/H/HACKING_FBI?SITE=AP&SECTION=HOME&TEMPLATE=DEFAULT&CTIME=2012-02-03-09-23-34
10. http://zone-h.org/mirror/id/16859089
11. http://mashable.com/2012/02/03/anonymous-marine-emails/
12. http://www.informationweek.com/news/government/security/232600258?cid=RSSfeed_IWK_security
13. http://anonops.blogspot.in/2012/02/anonymous-hack-greek-justice-ministrys.html
14. http://thehackernews.com/2012/02/syrian-presidents-e-mail-hacked-by.html
15. http://research.zscaler.com/2012/02/dreamhost-hijacked-websites-redirect-to.html
16. http://pastebin.com/bi92xFG9
17. http://www.huffingtonpost.com/2012/02/05/cyberforce-anonymous-sweden_n_1255724.html
18. http://rt.com/usa/news/homeland-security-website-anonymous-473/
19. http://www.databreaches.net/?p=23051
20. http://pastebin.com/g8wMwsv8
21. http://www.sofiaecho.com/2012/02/05/1759788_anonymous-hacks-website-of-pro-acta-group-prophon-in-bulgaria
22. http://www.haaretz.com/print-edition/news/bashar-assad-emails-leaked-tips-for-abc-interview-revealed-1.411445
23. http://zone-h.org/mirror/id/16872995
24. http://pastebin.com/x370nKgZ
25. http://pastebin.com/uaYDfCz0
26. http://pastebin.com/kWuv69S3
27. http://pastebin.com/rj1SHiKu
28. http://www.cyberhaber.com/haber/5328-mcdonalds-official-website-hacked-by-turkey-cyber-.html
29. http://www.cyberwarnews.info/2012/02/08/4940-accounts-leaked-from-media-devilscafe-in/
30. http://pastehtml.com/view/bn72jbka4.html
31. http://pastehtml.com/view/bn6l642zy.html
32. http://www.pastebay.net/307023
33. https://twitter.com/#!/EgyptAnonops/status/166356863762436098
34. https://twitter.com/#!/EgyptAnonops/status/166362819678322688
35. https://twitter.com/#!/EgyptAnonops/status/166391016285417472
36. http://www.cyberwarnews.info/2012/02/08/super-bowl-website-hacked-and-massive-amount-of-data-leaked-by-anonymous/
37. http://www.cyberwarnews.info/2012/02/08/massive-data-leak-from-foxconn-com-by-swaggsec/
38. http://lulzfinancial.wordpress.com/2012/02/07/westboro-one-more-time-tango-down-4-the-lulz/
39. http://nakedsecurity.sophos.com/2012/02/11/dutch-isp-kpn-hacked-credentials-and-personal-information-leaked/
40. http://www.cyberwarnews.info/2012/02/09/macforbeginners-com-hacked-and-data-leaked-by-xdev-b4lc4nh4ck/
41. http://www.cyberwarnews.info/2012/02/09/economic-development-association-scotland-hacked-and-data-leaked-by-epoch/
42. http://news.softpedia.com/news/UN-Website-Unpatched-Hacked-Again-by-TeaMp0isoN-Exclusive-251849.shtml
43. http://news.softpedia.com/news/United-Nations-Hacked-by-TeaMp0isoN-Details-Leaked-237086.shtml
44. http://pastehtml.com/view/bnik8yo1q.html
45. http://pastehtml.com/view/bnmjxxgfp.html
46. http://pastehtml.com/view/bnm8z2mlq.html
47. http://news.softpedia.com/news/TeaMp0isoN-Leaks-Syrian-Military-Bank-Accounts-251637.shtml
48. http://www.bankinfosecurity.com/articles.php?art_id=4487
49. http://www.cyberwarnews.info/2012/02/09/nigeria-national-assembly-hacked-by-anonymous-opnigeria/
50. http://pastebin.com/3jWkk0bX
51. http://reviews.cnet.com/8301-19512_7-57374384-233/itunes-customers-reportedly-under-threat-from-digital-thieves/
52. http://cyberleaks.org/index.php/2012/02/300-170-indian-sites-hacked-by-zhc-a-pakistani-hackers-group300-170-indian-sites-restored-by-indian-hacker-godziila-volcaniumwww-cyberleaks-org/
53. http://www.cyberwarnews.info/2012/02/09/fiat-india-hacked-and-defaced-by-zcompany-hacking-crew/
54. http://www.thehacknews.com/fiats-official-website-hacked-by-grayhatz/fiat-website-hacked-grayhatz/
55. http://www.itworld.com/security/249118/anonymous-takes-down-ciagov
56. http://pastebin.com/g4rScjT2
57. http://pastebin.com/AwdYCkv5
58. http://www.cyberwarnews.info/2012/02/10/toyota-peru-hacked-and-defaced/
59. http://thehackernews.com/2012/02/hackers-claims-to-compromise-intels.html
60. http://www.cyberwarnews.info/2012/02/11/electoral-institute-and-citizen-participation-of-tabasco-email-leak-from-anonymous-opmexico/
61. http://www.huffingtonpost.com/2012/02/11/brazzers-hack-porn-site-anonymous_n_1270238.html
62. http://anonops.blogspot.in/2012/02/anonymous-takes-down-greek-police-and.html
63. http://thehackernews.com/2012/02/united-states-census-bureau-hacked-and.html
64. http://www.cyberwarnews.info/2012/02/14/turkish-information-technologies-and-communications-authority-hacked-and-lots-of-data-leaked/
65. http://www.cyberwarnews.info/2012/02/13/nasa-hacked-and-data-leaked-after-they-didnt-take-it-serious/
66. http://www.cyberwarnews.info/2012/02/13/national-library-of-venezuela-hacked-and-data-leaked-by-sector404cl/
67. http://pastebin.com/LgpfHdPM
68. http://arstechnica.com/business/news/2012/02/microsofts-store-site-in-india-defaced-hackers-find-plain-text-passwords.ars
69. http://www.cyberwarnews.info/2012/02/14/8000-accounts-leaked-from-the-chinese-government-trade-website-by-revolutionsec/
70. http://arstechnica.com/tech-policy/news/2012/01/pro-government-hactivists-deface-al-jazeera-coverage-of-syrian-violence.ars
71. http://www.cyberwarnews.info/2012/02/13/myheadlinez-com-hacked-and-190-accounts-leaked/
72. http://www.cyberwarnews.info/2012/02/14/partial-data-leaked-by-anonopsromania-that-expose-romanian-spies/
73. http://abcnews.go.com/Technology/wireStory/hackers-attack-large-brazilian-bank-15480657
74. http://www.theinquirer.net/inquirer/news/2151893/ticketweb-admits-hacked
75. http://thehackernews.com/2012/01/embassy-of-kazakhstan-hacked-by.html
76. http://nakedsecurity.sophos.com/2012/02/14/nortel-chinese-hackers/
77. http://praguemonitor.com/2012/02/14/hackers-attack-czech-ifpi-branch
78. http://www.cyberwarnews.info/2012/02/14/electronics-giant-philips-hacked-defaced-and-lots-of-data-leaked/
79. http://thehackernews.com/2012/02/cryptome-webpages-infected-with.html
80. http://news.softpedia.com/news/Horde-FTP-Server-Hacked-Files-Maliciously-Altered-252708.shtml
81. http://pastebin.com/it77tAvs
82. http://thehackernews.com/2012/02/anonymous-leak-400-mb-documents-from-us.html
83. http://www.cyberwarnews.info/2012/02/15/thai-government-hacked-and-defaced-by-saadi-n-hax-r00t/

After some mutual attacks in terms of DDoS and defacements (with a new entry from Morocco and a resounding defacement against the Tel Aviv University Security Studies Program website, the head of the National Cyber Defense Authority), this week has seen the revamping of Credit Cards leaks “thanks” to Zcompany Hacker crew, who dumped more than 200 Credit Cards belonging to Israel And United States.

Even considering this latter event, however, the timeline seems to have confirmed the descending trend, with the early actors of both parties apparently quiet inside their virtual shelters (maybe to elaborate new strategies). But in this apparently calm sky a new thunderstorm threatens the horizon: it is the Anonymous which posted a message promising a reign of terror for Israel…

If you have a look to the Middle East nations involved in the cyber conflict which made attacks or suffered attacks (depicted in the map below that does not include U.S. victim of the latest Credit Card leak and France whose Council of Jewish Institutions was hacked earlier in June), you may easily notice that the virtual geopolitics reflect nearly exactly the real ones (the dotted arrow from Iran indicates the uncertainty of the nationality of OxOmar) with the new entry of Pakistani ZHC.

1. http://www.israelnationalnews.com/News/Flash.aspx/231271#.TzYcxsiceqy
   
2. http://zionops.wordpress.com/2012/02/06/iranian-news-site-hacked-radio-irib-ir/
   
3. http://webcache.googleusercontent.com/search?q=cache:ADnxdOpcQpYJ:www.irannewsdaily.com/view_news.asp%3Fid%3D177678+radio.irib.ir+hacked&cd=10&hl=iw&ct=clnk&gl=il
   
4. http://zionops.wordpress.com/2012/02/07/israeli-sites-defaced-by-capoo_tunisianoo/
   
5. http://pastebin.com/Cy1cZCKE
   
6. http://pastebin.com/4n2jqTZ3
7. http://www.ynetnews.com/articles/0,7340,L-4186692,00.html
8. http://zionops.wordpress.com/2012/02/08/gaza-hacker-team-hacked-and-defaced-127-israeli-sites/
   
9. http://zone-h.org/archive/notifier=Gaza%20Hacker%20Team
   
10. http://pastebin.com/LVr0TiBZ
    
11. http://www.jpost.com/NationalNews/Article.aspx?id=257252&R=R2
12. http://www.israeltoday.co.il/News/tabid/178/nid/23111/language/en-US/Default.aspx
13. http://www.cyberwarnews.info/2012/02/10/anonymous-sends-a-warning-to-the-israeli-government/
    

These reports are particularly meaningful since they come in a moment in which the waves of DDoS attacks unleashed by the OpMegaUploadas are not completely gone. To all the (too) many information security professionals whose sleep is disturbed by the booms of the Low Orbit Ion Cannons, I suggest to give a look to both documents:

• 2011 Worldwide Infrastructure Security Report issued by Arbor Networks;
• 2011 Global Application & Network Security Report issued by Radware.

As a matter of fact both reports provide a really interesting overview of this kind of attack which has become the flagship of the hacktivism movements.

From a methodological perspective both reports provide the results of a survey: the one conducted by Arbor Networks consisted of 132 free-form and multiple choice questions, covering a 12-month period from October 2010 through September 2011, whilst the one conducted by Radware consisted of 23 questions concerning the DDoS faced in 2011.

The participants of the Arbor Networks survey included 114 self-classified Tier 1, Tier 2 and other IP network operators from the U.S. and Canada, Latin/South America, EMEA, Africa and Asia, whilst the participants from the Radware survey included 135 organizations with large, medium and small size;ì,

Although the targets of the survey were not completely heterogeneous, and also the analyzed time windows were not exactly the same, I spent some time in comparing the results. In both cases, the message is clear: the DDoS attacks are becoming more and more complex, but the two vendors came to the same conclusion with a substantial difference. Does really size matter?

Hacktvism on the top

In both cases hacktivism ranks at number one among the attack motivations. The 35% of the Arbor Networks participants reported political or ideological attack motivations as the most common, immediately followed by Nihilism/Vandalism (31%). Analogously, the 22% of the Radware participants indicated a political/hacktivism motivation behind the attacks, immediately followed by “Angry Users” (12%). Curiously the 50% of the Radware participants indicated an unknown motivation, against the 19% of the Arbor Networks participants. Although hacktivism ranks undoubtedly at number one, the difference are not surprising: albeit the questions aimed to obtain the same information, they were slightly different: in one case (Arbor Networks) participants were asked to indicate Attack motivations considered common or very common, in the other case (Radware) participants were asked to indicate which motivations from a defined list, they considered behind the DoS /DDoS attacks experienced. Moreover also the different sample of participants may offer a further explanation. Arbor Networks participants are mainly operator, which have more sophisticated equipment to detect and counter attacks, Radware participants are heterogeneous organizations of different sizes, so their response may be “tainted” by emotive considerations or also by a smaller technological culture.

DDoS Attacks are becoming more and more complex assuming the nature of APTs

I was particularly impressed by a statement found in the Radware Report: “The nature of DoS / DDoS attacks has become more of an Advanced Persistent Threat (APT) and, therefore, much more serious.” The report is also more explicit and suggests that, for instance, during a DDoS Attack perpetrated by the Anonymous there is an external ring formed by the volunteers self-made hackers that use LOIC or similar tools (too often without any precautions), and an inner circle formed by skilled hackers who have access to more sophisticated attack methods and tools. The Arbor Networks report substantially agrees with this statement using the term Multi Vector DDoS, emphasizing a shift to Application Layer (Layer 7) DDoS Attacks. In both cases HTTP is the preferred protocol to convey Application Layer DDoS.

Size matters! Or not?

It is interesting to notice the opposite position of the two vendors with regard to the importance of the size for DDoS Attacks. Radware does not consider the size of the attack as the primary factor: the first myth to be debunked is the fact that not necessarily average organizations might experience intense attacks (according to Radware, in the observed period 32% of attacks were less than 10Mbps, while 76% were less than 1Gbps), the second myth to be debunked is the fact that the proper way to measure attacks is by their bytes-per-second (BPS) and packets per-second (PPS) properties. A smaller HTTP connection-based attack can cause more damage with much less traffic than a “traditional” UDP attack.

Arbor Networks has quite a different opinion: his respondents reported a significant increase in the prevalence of flood-based DDoS attacks in the 10 Gbps range. This represents the “mainstreaming” of large flood-based DDoS attacks, and indicates that network operators must be prepared to withstand and mitigate large flood attacks on a routine basis. Moreover, the highest-bandwidth attack observed by respondents during the survey period was a 60 Gbps DNS reflection/amplification attack, which however represents a 40 percent decrease from the previous year in terms of sustained attack size for a single attack.

At the end…

There are few doubts about the fact that DDoS attacks are becoming multi-layered and more and more complex, and even that they are mainly motivated by hacktivism. There are also few doubts about the fact that technology is enough mature to provide a crucial support to mitigate them. In any case, there is a further element to take into consideration that is the human factor: as usual technology is useless if the IT Staff is not prepared to face such a similar attacks, gaining an adequate awareness in terms of procedures and (I would say) culture. As Radware stated “the very public attacks last year raised awareness of DoS / DDoS and made organizations acquire better and more capable mitigation solutions” but maybe is not enough…

Jan 29: Middle East Cyber War Timeline Part II

Feb 12: Middle East Cyber War Timeline Part IV

The more  I look inside the Middle East Cyber War between Israel and the Arab Hackers, the more I realize that it follows exactly the same shape than the real conflict.

In particular this last week has seen a strong reduction of the cyber events between the involved parties, although it is not clear if this was due to stronger cyber defenses enforced, or it was rather a kind of “calm before the storm”.

Among the reported events I considered particularly meaningful the attack of InLightPress, a Palestinian news website, of whom I did not find any other report except the one quoted in the Infographic which comes from a Pro-Israeli Website (this is the reason why this event must be considered with the necessary caution). Maybe it is not directly related to the Middle East Cyber War, anyway it looks like this attack was not originated by Israeli hackers, but had rather been “commissioned” by the Palestinian Authority. In the real world political parties or movement have different wings (typically hawks and doves), it looks like this is true for the cyber world as well. On the other hand, some believe that also the attack carried on last week against the Israeli newspaper Haaretz, considered close to Pro-Palestinian movements, has an internal origin, that maybe explains the subsequent excuses by the alleged authors of the attack (BTW at the above link there is an interesting list of the hack published in pastebin by the Israeli Hackers).

Do you believe the descending trend of the cyber events will be confirmed in the next period, or it is rather a temporary cyber truce before the digital storm?

1. http://www.israellycool.com/2012/01/30/mahmoud-abbas-launches-attack-against-inlightpress/
   
2. http://www.israellycool.com/2012/02/01/inlightpress-slams-mahmoud-abbas-over-hacking-attack/
   
3. http://pastebin.com/BBWw44kQ
   
4. http://pastebin.com/DvGebdhC
   
5. http://www.washingtonpost.com/business/industries/websites-of-2-palestinian-news-agencies-brought-down-by-cyber-attack/2012/01/31/gIQAcHVffQ_story.html
   
6. https://twitter.com/#!/_TeaMp0isoN/status/164895749627318272
   
7. http://pastebin.com/mMZiEekm
   
8. http://pastebin.com/KEELtb6c
   

Even if this has been, so far, the most noticeable example, is not the only one of a malicious tool used as a service for criminal (in this case one shot) campaigns. More in general, using very familiar terms (borrowed and adapted from Cloud Terminology) I believe the CaaS is assuming three shapes:

• Software As a (Crime) Service or Saa(C)S, in which the criminals offer malicious software (and the needed support) as a service. An example? The latest Zeus Variant dubbed Citadel, recently spotted by Brian Kerbs, which provides the purchaser with help desk and even a dedicated Social Network;

• Infrastructure As (Crime) Service or Iaa(C)S, in which the criminals offer malicious services (or infrastructures) to attack specified targets, services may include complex “traditional” infrastructures such as botnets, but also “innovative” large scale fashioned services such as DDoS or also sharper services such as password cracking. Try to surf the web and you will discover how easy it is to purchase such a criminal kind of services.

• Platform As a (Crime) Service or Paa(C)S: in which the criminals offer malicious platforms that users may adapt to fit their needs. An example? The brand new HOIC (High Orbit Ion Cannon) the new DDoS tool, evoluti0n of the infamous LOIC, that may be assimilated to a real malicious service platform that users may tailor to fits their needs thanks to the booster scripts. I believe we are not so far from criminal organizations selling customized booster scripts for every kind of need and, why not, offering support services as well.

Last but not least this services are self provisioned, and this is the reason why I used the term “Crime as a Self Service”: in every scenario, be the malicious service a Saa(C)S, Iaa(C)S or Paa(C)S, the user selects directly the target (or the victim), and that’s it!

Related articles

• May I Be Arrested For Using LOIC? (paulsparrows.wordpress.com)
• DDoS with just a click! (thesecuritysamurai.com)

The second half of January is gone, and it is undoubtely clear that this month has been characterized by hacktivism and will be remembered for the Mega Upload shutdown. Its direct and indirect aftermaths led to an unprecedented wave of cyber attacks in terms of LOIC-Based DDoS (with a brand new self service approach we will need to get used to), defacements and more hacking initiatives against several Governments and the EU Parliament, all perpetrated under the common umbrella of the opposition to SOPA, PIPA and ACTA. These attacks overshadowed another important Cyber Event: the Middle East Cyberwar (which for the sake of clarity deserved a dedicated series of posts, here Part I and Part II) and several other major breaches (above all Dreamhost and New York State Electric & Gas and Rochester Gas & Electric).

Chronicles also reports a cyber attack to railways, several cyber attacks to universities, a preferred target, and also of a bank robbery in South Africa which allowed the attackers to steal $6.7 million.

Do you think that cyber attacks in this month crossed the line and the Cyber Chessboard will not be the same anymore? It may be, meanwhile do not forget to follow @paulsparrows to get the latest timelines and feel free to support and improve my work with suggeastions and other meaningful events I eventually forgot to mention.

1. http://tucsoncitizen.com/arizona-news/2012/01/19/asu-shuts-down-online-access-after-security-breach/
   
2. http://www.cyberwarnews.info/2012/01/18/21000-accounts-dumped-from-videogamesplus-ca-by-b4lc4nh4ck/
   
3. http://www.cyberwarnews.info/2012/01/17/nepal-telecommunications-authority-hacked-again-by-d35m0nd142/
   
4. http://www.cyberwarnews.info/2012/01/17/oksportsandfitness-com-database-leaked/
   
5. http://www.cyberwarnews.info/2012/01/17/20-more-hacked-sites-by-stk/
   
6. http://www.cyberwarnews.info/2012/01/26/2-more-large-data-dumps-and-27-sites-hacked-by-stk
   
7. http://www.net-security.org/secworld.php?id=12230
   
8. http://pastebin.com/NXBUhZHS
   
9. http://www.databreaches.net/?p=23051
   
10. http://www.cyberwarnews.info/2012/01/18/opfreepalestine-still-attacking-sites-bnsl-indias-biggest-telecom-hacked/
    
11. http://www.cyberwarnews.info/2012/01/20/two-schools-hacked-and-information-leaked-by-anonymous/
    
12. http://www.zone-h.com/archive/notifier=Pak%20Cyber%20Combat%20Squad
    
13. http://www.idsnews.com/news/story.aspx?id=85147
    
14. http://lifehacker.com/5878025/dreamhost-hacked-change-your-passwords-now
    
15. http://www.reuters.com/article/2012/01/23/us-euronetworldwide-idUSTRE80M2ET20120123
    
16. http://news.softpedia.com/news/Hackers-Prove-EA-IGN-ImageShack-NY-Times-Verizon-Vulnerable-247952.shtml
    
17. http://nakedsecurity.sophos.com/2012/01/20/grindr-hack/
    
18. https://twitter.com/#!/soulpowernow/status/160634287899676672
    
19. http://www.google.com/hostednews/afp/article/ALeqM5jGNOfn8Ij_BmP_UTSE83cFq_bMDA?docId=CNG.ed2a687c0642d8185d1e4e7ccab9f2c3.6e1
    
20. http://pastebin.com/AtedM7Lj
    
21. http://pastebin.com/Qawqs5UE
    
22. http://en.trend.az/capital/it/1982514.html
    
23. http://pastebin.com/wyDvALW1
    
24. http://pastebin.com/WEydcBVV
    
25. http://pastebin.com/mvLYNdWB
    
26. http://www.zdnet.com/blog/networking/weekend-anonymous-attacks-bring-down-major-websites/1944
    
27. https://twitter.com/#!/Havittaja
    
28. https://twitter.com/#!/theevilc0de
    
29. http://pastebin.com/H4NpqCDC
    
30. http://pastebin.com/KeV7hnht
    
31. http://thehackernews.com/2012/01/for-protest-against-sopa-68-website.html
    
32. http://pastebin.com/QMiszN6z
    
33. http://pastebin.com/GpEd0ssP
    
34. http://www.bbc.co.uk/news/technology-16686265
    
35. http://www.cyberwarnews.info/2012/01/22/rpghry-cz-hacked-and-5000-accounts/
    
36. http://www.cyberwarnews.info/2012/01/22/sexyono-com-hacked-and-thousands-of-accounts-leaked/
    
37. http://thenextweb.com/insider/2012/01/23/ufc-website-gets-hacked-due-to-its-support-for-sopa/
    
38. http://www.huffingtonpost.com/2012/01/23/the-daily-show-colbert-report-twitter-hacked_n_1223267.html
    
39. http://news.softpedia.com/news/NY-Public-Service-Commission-Alerts-2-Million-Customers-of-Data-Breach-248509.shtml
    
40. http://news.softpedia.com/news/Anonymous-Hacks-Romanian-Child-Protection-Agency-Naming-it-Corrupt-247966.shtml
    
41. http://www.nextgov.com/nextgov/ng_20120123_3491.php?oref=topstory
    
42. http://thenextweb.com/insider/2012/01/24/anonymous-has-just-hacked-into-the-ftcs-online-guardian-site/
    
43. http://www.cyberwarnews.info/2012/01/23/websoftdownload-com-hacked-and-2242-accounts-leaked-by-alsa7rx/
    
44. http://thehackernews.com/2012/01/panasonic-china-websites-hacked-and.html
    
45. http://www.cyberwarnews.info/2012/01/27/34000-accounts-leaked-from-xboxliveclans-com-by-alsa7rx/
    
46. http://www.techcentral.ie/article.aspx?id=18173
    
47. https://twitter.com/#!/LulzSecITALY/status/161928273130029057
    
48. http://www.cyberwarnews.info/2012/01/25/senate-of-michigan-hacked-by-anonymous/
    
49. http://www.cyberwarnews.info/2012/01/25/gente-com-ar-hacked-and-509-accounts-dumped/
    
50. http://datalossdb.org/incidents/5566-392-e-mail-addresses-and-md5-passwords-dumped-on-internet
    
51. http://www.pcworld.com/businesscenter/article/248787/european_parliament_says_its_website_taken_offline_by_attackers.html
    
52. http://www.mid-day.com/news/2012/jan/280112-Indo-Pak-cyber-war-on-Jan-26.htm
    
53. https://twitter.com/#!/LulzSecITALY/statuses/162578545347006464
    
54. http://www.cyberwarnews.info/2012/01/27/ninewinds-ftp-server-hacked-by-psykonx-of-netbashers/
    
55. http://www.cyberwarnews.info/2012/01/27/just10time-com-hacked-and-thousands-of-accounts-leaked-by-psykonx-of-netbashers/
    
56. http://www.cyberwarnews.info/2012/01/27/wikispaces-hacked-and-data-leaked-by-psykonx-of-netbashers/
    
57. http://www.cyberwarnews.info/2012/01/26/harvard-hacked-and-dataleaked-by-b4lc4nh4ck/
    
58. http://www.cyberwarnews.info/2012/01/26/sellpal-co-uk-hacked-and-9000-accounts-leaked-by-b4lc4nh4ck/
    
59. http://www.symantec.com/connect/fr/blogs/insight-sykipot-operations-0
    
60. http://pastebin.com/4vw6SCaV
    
61. http://www.cyberwarnews.info/2012/01/27/horia-hulubei-national-institute-of-physics-and-nuclear-engineering-hacked-and-loads-of-data-by-anonymous/
    
62. http://www.cyberwarnews.info/2012/01/28/bmw-motorcycle-owners-of-america-hacked-and-thousands-of-accounts-leaked-by-xdev-b4lc4nh4ck/
    
63. http://www.cyberwarnews.info/2012/01/29/universal-music-portugal-hacked-and-accounts-leaked/
    
64. http://arstechnica.com/tech-policy/news/2012/01/pro-government-hactivists-deface-al-jazeera-coverage-of-syrian-violence.ars
    
65. https://twitter.com/#!/pastebin/status/163606474495496193
    
66. http://pastebin.com/6yxB78F5
    
67. http://pastebin.com/CkqXdbwv
    
68. http://pastebin.com/u/sepo
    
69. http://abcnews.go.com/Technology/wireStory/hackers-attack-large-brazilian-bank-15480657
    
70. http://thehackernews.com/2012/01/embassy-of-kazakhstan-hacked-by.html
    
71. http://labs.m86security.com/2012/01/massive-compromise-of-wordpress-based-sites-but-%E2%80%98everything-will-be-fine%E2%80%99/
    
72. http://pastebin.com/tpit8bD3
    
73. https://twitter.com/#!/pastebin/status/164477415966507008
    
74. http://threatpost.com/en_us/blogs/ongoing-targeted-attack-campaign-going-after-defense-aerospace-industries-013112
    
75. http://datalossdb.org/incidents/5568-12-374-job-applicants-and-fewer-than-500-patients-notified-that-their-names-addresses-social-security-numbers-and-insurance-info-may-have-been-accessed-after-virus-was-discovered-on-system
76. http://pastebin.com/W2K3pTyX
77. http://pastebin.com/hKZMPHWr
78. http://pastebin.com/wPGNUJsb

Related articles

• January 2012 Cyber Attacks Timeline (Part 1) (paulsparrows.wordpress.com)
• Middle East Cyber War Timeline (paulsparrows.wordpress.com)
• Middle East Cyberwar Timeline Part II (paulsparrows.wordpress.com)

The rapid escalation of personal information leaks which characterized in the first two weeks of January has slightly changed shape, being replaced in the third week by Defacements and DDoS campaigns (targeting also the web sites of two Israeli Hospitals, as to say that a Cyber Geneva Convention is needed). Other dumps has also occurred, but not of the same scale as the first two weeks of January.

Besides the mutual DDoS and defacements to each other web sites, so far a quick calculation shows that since the beginning of this cyber war Arab Hackers have dumped more than 410,000 Credit Cards and 170,000 accounts, while the Israeli Counterparts have published approximately 11,000 Credit Cards, details of 140,000 individuals and 105,000 emails. Even if these data have to be taken with attention since many records have proven to be duplicated or fake, one consideration is clear: even Cyber Wars have their digital casualties.

The worst is yet to come?

1. http://zionops.wordpress.com/2012/01/22/npsoft-co-il-hacked-and-defaced-by-tkl-part-of-gaza-hacker-team
   
2. http://www.israelnationalnews.com/News/News.aspx/151969#.TyMUvYF17LJ
   
3. http://zionops.wordpress.com/2012/01/22/pirelli-israel-hacked-and-defaced-by-a-turkish-hacker/
   
4. http://zionops.wordpress.com/2012/01/23/amitec-top-it-innovative-company-of-israel-hacked-by-hitcher/
   
5. http://www.cyberwarnews.info/2012/01/23/message-to-israel-from-alienz-about-the-cyberwar/
   
6. http://pastebay.com/303136
   
7. http://pastebin.com/sUPiu0jc
   
8. http://www.cyberwarnews.info/2012/01/24/more-hackers-leak-israeli-accounts-in-middle-east-cyber-war/
   
9. http://www.maannews.net/eng/ViewDetails.aspx?ID=454711
   
10. http://zionops.wordpress.com/2012/01/25/unknown-hackers-crashed-israel-assuta-hospital-website/
    
11. http://zionops.wordpress.com/2012/01/25/unknown-hackers-crashed-israel-sheba-hospital-website/
    
12. http://www.ynetnews.com/articles/0,7340,L-4180781,00.html
    
13. http://www.ynetnews.com/articles/0,7340,L-4180485,00.html
    
14. http://www.ynetnews.com/articles/0,7340,L-4180954,00.html
    
15. http://pastebin.com/9d4auVeA
    
16. http://pastebin.com/3WYsUiRm
    
17. http://pastebin.com/53B2e3m6
    
18. http://www.jpost.com/MiddleEast/Article.aspx?id=255300
    
19. http://zionops.wordpress.com/2012/01/26/saudi-presidency-of-meteorology-environment-protection-hacked-by-yourikan/
    
20. http://pastebin.com/pzJwRAUi
    
21. http://www.israelnationalnews.com/News/News.aspx/152185#.TyRTmoF17LJ
    
22. http://pastebin.com/u/hannibal
    
23. http://pastebin.com/u/SaNTi12
    
24. http://www.thenational.ae/news/world/middle-east/pro-palestinian-hackers-apologise-for-cyber-attack-on-haaretz-newspaper-website
    
25. http://pastebin.com/UmjxSWPq
    
26. http://zionops.wordpress.com/2012/01/28/subaru-israel-website-breached-by-syrian_dragon/
    

Related articles

• Middle East Cyber War Timeline (paulsparrows.wordpress.com)

I tried to summarize the chain of events that is characterizing the Cyber Escalation in the Middle East. I collected the information from several sources in order to provide a detailed picture of what is happening between Israel and the Arab Countries since the initial claim of 0xOmar. Observing the evolution of the chart, the Cyber conflicts seems to follow the same rules than real wars: innocent victims, propaganda and psyops, different paths of escalation and guerrilla tactics. This Cyber Conflict in Middle East is probably crossing the line: from now the landscape will not be the same anymore.

From the initial action of 0xOmar to the Israeli reaction, passing through the declaration of Cyber Jihad (the chart is updated to Sunday, the 22^nd of January), (too) many events have happened, involving different hacking crews, different countries (also some French and Canadian web sites have been defaced) and different kind of attacks. What was started as an endless chain of massive leaks seems to be evolving as isolated actions typical of guerrilla.

Follow the line of a Cyber conflict that, similarly to the real one occurring in the Middle East, appears far from being solved…

1. http://www.haaretz.com/news/national/saudi-hackers-claim-to-post-personal-information-of-400-000-israelis-1.405147
2. http://thenextweb.com/me/2012/01/03/saudi-hackers-claim-400000-israeli-credit-cards-compromised-banks-say-its-closer-to-15000/
   
3. http://pastebin.com/13nJQQ9p
   
4. http://www.ynetnews.com/articles/0,7340,L-4172225,00.html
   
5. http://pastebin.com/SwP7sur8
   
6. http://www.jpost.com/DiplomacyAndPolitics/Article.aspx?id=252637
   
7. http://www.palestine-info.co.uk/En/default.aspx?xyz=U6Qq7k%2bcOd87MDI46m9rUxJEpMO%2bi1s7qSuWvMpmwa3skOg7ZaVEQKQWPqzupG5gHZt%2bzI2I2YJofObntDLz3hOWVgl63yyIJpzKvEUn7TnIDAosPi%2bZWwCB5HT60nWGnqzf5jx6s2U%3d
   
8. http://www.databreaches.net/?p=22776
   
9. http://www.jta.org/news/article/2012/01/09/3091090/hacker-takes-over-israeli-lawmakers-website
   
10. http://www.bbc.co.uk/news/world-middle-east-16526067
    
11. http://pastebin.com/2sxWtLMG
    
12. http://news.softpedia.com/news/South-Houston-SCADA-Systems-Protected-by-Three-Character-Passwords-235798.shtml
    
13. http://www.washingtonpost.com/blogs/blogpost/post/israeli-saudi-hackers-in-confusing-credit-card-publishing-war/2012/01/12/gIQA3QCFuP_blog.html
    
14. http://pastebin.com/u/Group-XP-0xOmar
    
15. http://pastebin.com/iMnejxnw
    
16. http://www.israelnationalnews.com/News/News.aspx/151713#.TxwwQIF17LJ
    
17. http://pastebin.com/3MvPkejn
    
18. http://pastebin.com/n2XKjRNX
19. http://www.cyberwarnews.info/2012/01/16/300-hacked-and-defaced-website-for-ops-freedom-palestine/
20. http://www.cyberwarnews.info/2012/01/16/nightmare-joins-0xomar-for-attacks-on-tel-aviv-stock-exchange-and-israel-airline/
    
21. http://www.ynetnews.com/articles/0,7340,L-4176396,00.html
    
22. http://www.haaretz.com/news/diplomacy-defense/israeli-hackers-bring-down-saudi-uae-stock-exchange-websites-1.407846
    
23. http://www.haaretz.com/news/diplomacy-defense/saudis-deny-stock-exchange-website-infiltrated-by-israeli-hackers-1.407983
    
24. http://occupiedpalestine.wordpress.com/2012/01/17/cyberwar-on-israel-new-resistance/
    
25. http://zionops.wordpress.com/2012/01/17/0xomar-the-script-kiddie-forum-got-pwned-by-zionops/
    
26. http://www.cyberwarnews.info/2012/01/18/0xomars-data-leaks-spark-more-attacks-powersoccer-ca-hacked-by-alienz/
    
27. http://pastebin.com/Wr7mi1Hj
    
28. http://pastebin.com/bPETvQWp
    
29. http://pastebin.com/yhkQ5NGt
    
30. http://www.investigativeproject.org/3389/kuwaiti-cleric-calls-for-hacker-jihad
    
31. http://www.haaretz.com/news/diplomacy-defense/israeli-hackers-reveal-details-of-4-800-saudi-credit-cards-1.408042
    
32. http://pastebin.com/EmCq3iHC
    
33. http://pastebin.com/MGPAAQyq
    
34. http://www.cyberwarnews.info/2012/01/18/opfreepalestine-still-attacking-sites-bnsl-indias-biggest-telecom-hacked/
    
35. http://www.zone-h.com/archive/notifier=Pak%20Cyber%20Combat%20Squad
    
36. http://zionops.wordpress.com/2012/01/19/israel-anti-drug-authority-iada-defaced-by-gaza-hacker-script-kiddies/
    
37. http://www.cyberwarnews.info/2012/01/19/union-of-arab-banks-hacked-and-more-threats-made/
    
38. http://zionops.wordpress.com/2012/01/19/the-hackers-army-official-website-got-pwned/
    
39. http://www.cyberwarnews.info/2012/01/19/council-of-jewish-institutions-of-france-hacked-13000-accounts-leaked-by-fca/
    
40. http://www.cyberwarnews.info/2012/01/20/lebanoni-com-yellow-pages-hacked-and-database-destroyed-by-alienz/
    
41. http://www.cyberwarnews.info/2012/01/20/dump-of-accounts-from-codecity-ir-by-anonymous-972/
    
42. http://zionops.wordpress.com/2012/01/20/whitebishop-now-enteres-the-game-with-2000-saudi-credit-cards-leak/
    
43. http://zionops.wordpress.com/2012/01/20/nayessnet-com-israeli-religious-news-site-was-brutalized-by-watchful-eye-hacker/
    
44. http://pastebin.com/mVuhpE7M
    
45. http://www.cyberwarnews.info/2012/01/21/this-week-in-palestine-hacked-and-4000-accounts-leaked-by-alienz/
    
46. http://www.imemc.org/article/62877
47. http://pastebin.com/PpKq8qx4
    
48. http://pastebin.com/CWWRgD1t
    
49. http://www.cyberwarnews.info/2012/01/22/e-teacherdiploma-com-hacked-and-accounts-leaked-by-alienz/
    
50. http://zionops.wordpress.com/2012/01/21/smiles-co-il-hacked-and-defaced-by-islamic-ghosts-team/
    
51. http://zionops.wordpress.com/2012/01/21/revivo-co-il-israeli-insurance-website-hacked-customer-data-might-be-in-danger/
    
52. http://zionops.wordpress.com/2012/01/22/memorial-site-in-memory-of-singer-ofra-haza-defaced/
    
53. http://paulsparrows.files.wordpress.com/2012/01/haza.gif
    
54. http://zionops.wordpress.com/2012/01/22/site-hacked-and-defaced-under-israeli-news-site-haaretz/
    
55. http://zionops.wordpress.com/2012/01/22/security-defense-arabia-hacked-by-thej0k3rs/
    
56. http://zionops.wordpress.com/2012/01/22/saudi-arabias-king-saud-university-database-hacked-and-leaked/