Let’s give the welcome to this new infosec year with the first timeline of 2014 (or better the last of 2013) summarizing the main events occurred in the second half of December 2013.
With no doubt, this holiday season has been characterized by the Target breach, whose size is constantly growing (110 million the number of potential victims according to recent estimates). This massive incident has somehow shadowed another massive breached occurred in Turkey, were Russian hackers have allegedly been able to obtain 54 million citizens’ ID Data. With similar numbers, the 300.000 users potentially affected by the Cyber Attack involving Affinity Gaming appear risible.
Other considerable events include a Christmas Intrusion on a BBC server (with the author possibly selling the backdoor access on the underground) and yet another possible intrusion by Chinese hackers on a US target, specifically the Federal Election Commission.
Nothing particularly significant on the hacktivism front characterized by the consolidated “background noise” of events whose sizes are well far from the levels of the recent years.
As usual, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
This last week has seen some remarkable events an undoubtable revamp of data leaks inside the Middle East Cyberwar.
Not only the infamous 0xOmar, the initiator of the Middle East Cyber War, reappeared, leaking alleged secret data from some Israeli Virtual Israeli Air Force School websites; but also the Pakistani zCompany Hacking Crew has re-entered the scene unchaining the original weapon, that is the Credit Card leak. As a matter of fact ZHC published 5,166 records containing working credit cards, usernames, emails and addresses of individual supporters of the Zionist Organisation of UK & Ireland (zionist.org.uk).
On a different front, the massive defacements of websites all over the world in support of #OpFreePalestine continued. Under the label of the same operation, the Anonymous also “doxed” several companies and individuals on pastebin.
As far as the two main contenders (Iran and Israel) are concerned, the strategies seem quite different.
Iran has shown a cyber activity culminated in the alleged attack against the BBC Persian Service. For this nation, it is also important to notice its “cyber autarky”, maybe a choice forced by the embargo, that led to the creation of an internal email service, in contrast to the traditional Gmail, Yahoo, etc. This happens few weeks after the decision to develop an internal Antivirus.
On the opposite front, Israel keeps on its apparent cyber silence. Is it the prelude for the feared military action against Iran?
After the initial surprise more details are being divulged about the CNAIPIC Hack disclosed this morning. CNAIPIC stands for Centro Nazionale Anticrimine Informatico per la Protezione delle Infrastrutture Critiche) and in practice corresponds to Italian Cyber Police. The event was so resounding to deserve ample space on foreign press as well, starting from BBC, which shows that it has not a mere technical meaning.
Several quick considerations:
- As already stated, CNAIPIC played a primary role during the Campaign of July in which 15 alleged Anonymous members were arrested in 32 raids carried on in Italy and Switzerland. At first glance, this hack seems a clamorous retaliation… But this is too much simple and in my opinion there’s more… During the above mentioned raids, the Italian Police (a statement not reported by local press) reported that: Out of all of the current hacker groups, Anonymous is the largest, but is also populated by the least technical people. Some of its members carry out attacks using software downloaded from the Internet and do not carry out the most basic attempts to secure their IP address. A clear reference to the fact that, until then, the activities of the Anonymous/LulzSec cells in Italy were mainly focused on disruptive DDoS against several sites related to Government, Finance, Telcos and utilities probably made with LOIC without precautions. This attack has shown a much greater level of complexity and this can be easily intended as a kind of “revenge inside the revenge”: Anonymous is not (only) LOIC made DDoS.
- BBC reported that the Anonymous hacker group received the files from a “source”, implicitly suggesting an internal origin for the leak (also suggested by Gizmodo). Honestly speaking I do not agree with this interpretation. As a matter of fact the first tweet announcing the leak on the @AnonymousIRC account was a mere forward from an original tweet by @anonesc (who admitted not to have further details since only forwarded the info). Guess who gave the first tweet? Yes, it was Sabu (thanks to Punto 1 for reporting the info), an old acquaintance, the alleged leader of the LulzSec Group. I have already indicated that this hack resembled the one perpetrated against HBGary Federal which was already performed by Sabu, which could be involved in this hack as well the fact that he was the first to report the CNAIPIC leak cannot be considered a coincidence. Moreover, so far no details concerning the leak were given, not even from the Italian Anonymous and LulzSec.
- The statement was first written in English, of course with the purpose to reach a wider audience. Gizmodo suggests that “the broken English indicates a foreign agent—maybe Italian—and might hint at the possibility of this being an inside job” (considered the average level of English knowledge in Italy the fact that the first statement was written in English should exclude an internal origin but this is a personal consideration :-)). Anyway, the first statement lacks the irony (and the grammar) of the Lulz pastebins (but it looks like the Lulz Boat had a dedicated member, Topiary, for “public relations”). Curiously, the same statement in Italian was released several hours later and, honestly speaking, is a broken Italian, suggesting a quick translation from the original statement, perhaps with Google Translator or a similar tool, without further deep revisions. In any case, to me, it sounds more likely that the hack was performed with a foreign hand: if I were in an Italian attacker’s shoes I would have reserved more attention to my own language.
In any case, internal or external origin, the action is destined to raise many controversies in Italy, making even more bloody the fight against Anonymous.
- Italian Cyber Police Hacked? (paulsparrows.wordpress.com)