About these ads


Posts Tagged ‘CNAIPIC’

Sixteen Months of Cyber Attacks in Italy

Tomorrow, during the 2012 Security Summit, Edition of Rome, the June Update of the 2012 Italian Report on ICT Security will be unleashed.

I gave a contribution for the section concerning the Cyber Attacks in Italy. The following lines depict a summary of what you will be able to find in the full report (so far only in Italian).

During the period ranging from February 2011 to April 2012, I collected 127 cyber attacks, among which 112, corresponding to the 88% (that is almost the entire sample), driven by hacktivism. In only 15 cases different motivations were found, related to Cyber Crime (14 occurrences) and Cyber Espionage.

The collected sample shows that more than 43% of targets were government sites and political associations. Organizations related to education rank at number three even though most of the attacks were concentrated in a single event in July when as many as 18 universities were affected simultaneously.

Entertainment industry and Law Enforcement Agencies are far behind, but ahead all other categories, probably a consequence of the cyber attacks perpetrated in January and March 2012 during the waves of protests against SOPA and PIPA, (and the subsequent shutdown of MegaUpload). Please notice that not event the Holy See has been safe from hackers with a wave of DDoS attacks targeting several Vatican sites after some controversial declarations of a security vendor.

The trend analysis clearly reflects the influence of external factors on hacktivism in Italy: the first intervention in Libya, then the emotional impact of the collective LulzSec, and finally the protests against the proposed laws considered repressive to freedom of expression on the Internet.

As far as the attack distribution is concerned, Italy has just demonstrated to be a “Spaghetti DDOS” country. On the wake of hacktivism, our country has assisted, in the analyzed period, to a massive wave of Distributed Denial Of Service Attacks. SQL Injection and Defacement attacks are well behind (again remember that most of the SQLi attacks were concentrated on a single event occurring on July). In any case the distribution shows a tendency to perform those kinds of attacks (DDoS and Defacement) capable to gain the most attention from media.

Although the sample may provide an interesting snapshot, please keep in mind that it only includes those attacks that have been detected since the authors claimed them, or simply because the attacks themselves earned plenty of space on media. Given the times we are living in, I’m afraid these are just the tip of the iceberg.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

P.S. I did not include in the sample the controversial attack to CNAIPIC (Italian Cyber Police) since the origin of that event is far from being certain.

About these ads

Discover The Misplaced Detail

December 19, 2011 2 comments

It is time of huge dumps in Italy. Yesterday Cyberwarnews reported of 9000 accounts leaked from qualitapa.gov.it, a website linked to Italian Minister of Public Administration and Innovation. It is not the first time a similar occurrence happens in “Belpaese” (you will remember the Hot Summer with the controversial hack of CNAIPIC, The Italian Cyber Police and the subsequent hack of some contractors), for sure it is the first time such a huge number of accounts is dumped in Italy.

I would not prefer to comment, I only noticed in particular one account that looks familiar, extremely familiar and dangerously reminds the name (and the initial of the surname) of the former Minister of Justice. I hope it is only a coincidence… On the other hand if even the UN Account of The President Barack Obama is dumped, why should not it happen for the account of a former Italian Minister…

A New Hack to Italian Police? A fake!

November 14, 2011 2 comments

Here in Italy the news went almost unnoticed, but today Cyber War News reported about a new dump of data leaked from the Italian Police performed by an hacker called #Securis.

This is not the first time the Italian Police falls victim of an attack: in July the Italian Cyber Police (CNAIPIC) was targeted by a resounding attack which led to the alleged leak of 8 Gb of Data (yes because the whole dump was never released and the attack has many dark points so that someone thinks that it was a fake attack orchestrated by a competitor of one of the contractors currently working with the Police). Moreover, few days later a Police Contractor, Vitrociset, was defaced and the details of 100 users, including the Administrators, released on the Internet.

But as far as the last alleged attack is concerned, while looking at the dump file from the Cyber War News Article (and twitting with @DenisFrati about the strange fact that no police email addresses were included in the file but only personal email addresses), I recognized the accounts of several acquaintances among the leaked records. I immediately reminded that I had already seen the same accounts into another dump file, that is the pastebin containing the Vitrociset data, so I decided to have a look: only a coincidence? Not at all, since the Italian Police dump just released is exactly the old Vitrociset File that a cyber prankster decided to recycle. Have a look at the two files and draw your conclusion: except for the headers the two files are identical.

I wonder why in Italy everything is ridiculous in this period, and hacking is not an expection to this rule.

July 2011 Cyber Attacks Timeline

August 2, 2011 5 comments

This awful infosec July is over, and finally we can sum up the Cyber Attacks reported during this month. I collected all the available information and inserted it inside the following chart. Where possible (that is enough information available) I tried to estimate the cost of the attacks using the indications from the Ponemon’s insitute according to which the average cost of a Data Breach is US $214 for each compromised record. The total sum (for the known attacks) is around $7.6 billion, mainly due to the “National Data Breach” of the South Korean Social Network Cyworld.

Approximately 16 attacks were directly or indirectly related to Antisec or Anonymous, they promised an hot summer and unfortunately are keeping their word…

Useful resources for compiling the (very long) chart were taken from:

1 http://www.zeropaid.com/news/94099/abhaxas-dumps-details-of-the-internal-florida-voting-database-online/
2 http://www.pcworld.com/article/235016/hackers_claim_apple_online_data_was_compromised.html
3 http://www.thehackernews.com/2011/07/fox-news-twitter-account-hacked-by.html
4 http://nakedsecurity.sophos.com/2011/07/05/sony-music-ireland-hackers/
5 http://news.cnet.com/8301-27080_3-20077268-245/sophisticated-attack-targets-two-energy-dept-labs
6 http://paulsparrows.wordpress.com/2011/07/08/dump-up-the-kids/
7 http://www.zeropaid.com/news/94250/abhaxas-hacks-floridas-voting-system-again/
8 http://www.v3.co.uk/v3-uk/news/2086749/anonymous-boasts-takedown-turkish-sites
9 http://www.theregister.co.uk/2011/07/08/patriotic_portuguese_hackers_hit_moody/
10 http://paulsparrows.wordpress.com/2011/07/09/another-fbi-contractor-hacked/5
11 http://www.h-online.com/security/news/item/German-Federal-Police-servers-compromised-1276115.html
12 http://www.hackersbay.in/2011/07/anonymous-shuts-down-ministry-of.html
13 http://www.kiplinger.com/securityfaq/
14 http://paulsparrows.wordpress.com/2011/07/12/another-one-bytes-the-dump/
15 http://paulsparrows.wordpress.com/2011/07/12/monsanto-hack-info-of-2500-employees-leaked/
16 http://www.thehackernews.com/2011/07/toshiba-database-hacked-and-user.html
17 http://paulsparrows.wordpress.com/2011/07/15/the-mother-of-all-breaches/
18 http://www.mirror.co.uk/celebs/news/2011/07/16/lady-gaga-website-hacked-and-fans-details-stolen-115875-23274356/
19 http://paulsparrows.wordpress.com/2011/07/19/the-lulzsec-boat-is-back-and-sails-under-the-sun/
20 http://news.cnet.com/8301-1009_3-20081405-83/anonymous-claims-to-have-breached-nato-security
21 http://www.cyberwarnews.info/2011/07/24/philippians-congress-hacked-by-bashcrew/
22 http://nakedsecurity.sophos.com/2011/07/22/anonplus-anonymouss-social-network-is-hacked/
23 http://paulsparrows.wordpress.com/2011/07/24/anonplus-hacked-again-by-syrian-group/
24 http://paulsparrows.wordpress.com/2011/07/25/italian-cyber-police-hacked/
25 http://austrianindependent.com/news/Business/2011-07-26/8537/ORF_hack_attack_worse_than_feared
26 http://www.koreaherald.com/national/Detail.jsp?newsMLId=20110728000881
27 http://paulsparrows.wordpress.com/2011/07/29/anonymous-claims-another-fbi-contractor-hacked/
28 http://paulsparrows.wordpress.com/2011/07/29/italian-anonymous-owned/
29 http://paulsparrows.wordpress.com/2011/07/31/its-a-cruel-summer/
30 http://www.thehackernews.com/2011/07/italys-police-it-network-vitrocisetit.html

Italian Anonymous Owned

July 29, 2011 1 comment

It looks like the CNAIPIC Hack is really a never ending story… I wonder why each event occurring in Italy, however dramatic, must always have an ironic twist. I already discussed about the shadows surrounding the Italian Cyber Police Hack: few hours ago the latest episode of the farce, an hacker called evil18 defaced the Italian Anonymous Blog with an image of His Holiness Benedictus XVI, who fools the Italian Anonymous for the doubts surrounding the event:

In an Italian characterized by a deep German accent, the Pope (“His Holiness owns you”) fools the alleged perpetrators (“Beautiful Children Go Home”), quoting what it seems to be a chat fragment in which the alleged authors declare they will soon release the entire dump (so far only two releases of the promises three have been published).

The mistery continues…

Kudos to Guelfoweb for reporting the link!

Anonymous Denies Paternity For the CNAIPIC Hack

July 27, 2011 4 comments

The CNAIPIC Hack is becoming paradoxical. Yesterday Italian Security Professional (and Italian Newspapers) are literally gone crazy in analyzing the event, divided between those who claimed a huge and real damage (in terms of image and substance) for Cyber Italian Police, and those who raised doubts on the event, supported by the few details provided concerning the incident, together with the uncertain identity and origin of the attackers.

A couple of hours ago the last “coup de théâtre”: an official statement (in Italian) from the Italian Anonymous in which they (and the LulzSec) deny the paternity of the attack and dissociate themselves feom the hack (after dedicating ample space to the leak in their blog, claiming responsibility for it), because of the impossibility to verify the veracity of the information. Similarly, after so much noise, the tweets from the two groups are silent since 5/6 hours.

According to the Italian Anonymous the hack is exclusively attributable to the crew NKWT LOAD which is in no way related to Anonymous or LulzSec, and which is the only to possess the 8gbs of data. As a consequence, they may not confirm the accusations against CNAIPIC. At the same way they do not know which vulnerability was exploited to perform the hack.

At the beginning the action seemed a clear retaliation for the Italian Cyber Police raids against the Italian Anonymous splinter cell, but now differente hypotheses are open: a hoax, real data leaked from an Internal source, a simple 8 Gb USB key lost from a contractor or rather an attack from a foreign cyber army (with the attempt to introduce a red harring against the Anonymous)? To be continued with one clear evidence: when dealing with Italian Affairs, using a local expression, “The situation is always desperate but never serious”.

The Hand of The Lulz Boat For the CNAIPIC Hack?

July 25, 2011 4 comments

After the initial surprise more details are being divulged about the CNAIPIC Hack disclosed this morning. CNAIPIC stands for Centro Nazionale Anticrimine Informatico per la Protezione delle Infrastrutture Critiche) and in practice corresponds to Italian Cyber Police.  The event was so resounding to deserve ample space on foreign press as well, starting from BBC, which shows that it has not a mere technical meaning.

Several quick considerations:

  • As already stated, CNAIPIC played a primary role during the Campaign of July in which 15 alleged Anonymous members were arrested in 32 raids carried on in Italy and Switzerland. At first glance, this hack seems a clamorous retaliation… But this is too much simple and in my opinion there’s more… During the above mentioned raids, the Italian Police (a statement not reported by local press) reported that: Out of all of the current hacker groups, Anonymous is the largest, but is also populated by the least technical people. Some of its members carry out attacks using software downloaded from the Internet and do not carry out the most basic attempts to secure their IP address. A clear reference to the fact that, until then, the activities of the Anonymous/LulzSec  cells in Italy were mainly focused on disruptive DDoS against several sites related to Government, Finance, Telcos and utilities probably made with LOIC without precautions. This attack has shown a much greater level of complexity and this can be easily intended as a kind of “revenge inside the revenge”: Anonymous is not (only) LOIC made DDoS.
  • BBC reported that the Anonymous hacker group received the files from a “source”, implicitly suggesting an internal origin for the leak (also suggested by Gizmodo). Honestly speaking I do not agree with this interpretation. As a matter of fact the first tweet announcing the leak on the @AnonymousIRC account was a mere forward from an original tweet by @anonesc (who admitted not to have further details since only forwarded the info). Guess who gave the first tweet? Yes, it was Sabu (thanks to Punto 1 for reporting the info), an old acquaintance, the alleged leader of the LulzSec Group. I have already indicated that this hack resembled the one perpetrated against HBGary Federal which was already performed by Sabu, which could be involved in this hack as well the fact that he was the first to report the CNAIPIC leak cannot be considered a coincidence. Moreover, so far no details concerning the leak were given, not even from the Italian Anonymous and LulzSec.
  • The statement was first written in English, of course with the purpose to reach a wider audience. Gizmodo suggests that “the broken English indicates a foreign agent—maybe Italian—and might hint at the possibility of this being an inside job” (considered the average level of English knowledge in Italy the fact that the first statement was written in English should exclude an internal origin but this is a personal consideration :-)). Anyway, the first statement lacks the irony (and the grammar) of the Lulz pastebins (but it looks like the Lulz Boat had a dedicated member, Topiary, for “public relations”). Curiously, the same statement in Italian was released several hours later and, honestly speaking, is a broken Italian, suggesting a quick translation from the original statement, perhaps with Google Translator or a similar tool, without further deep revisions. In any case, to me, it sounds more likely that the hack was performed with a foreign hand: if I were in an Italian attacker’s shoes I would have reserved more attention to my own language.

In any case, internal or external origin, the action is destined to raise many controversies in Italy, making even more bloody the fight against Anonymous.


Get every new post delivered to your Inbox.

Join 2,945 other followers