This infamous 2011 is nearly gone and here it is the last post for this year concerning the 2011 Cyber Attacks Timeline. As you will soon see from an infosec perspective this month has been characterized by two main events: the LulzXmas with its terrible Stratfor hack (whose effects are still ongoing with the recent release of 860,000 accounts), and an unprecented wave of breaches in China which led to the dump of nearly 88 million of users for a theoretical cost of nearly $19 million (yes the Sony brech is close). For the rest an endless cyberwar between India and Pakistan, some hactivism and (unfortunately) the usual amounts of “minor” breaches and defacement. After the page break you find all the references.
Last but not least… This post is my very personal way to wish you a happy new infosec year.
Hactivism is making possible to bring wars and revolutions on the cyberspace, the fifth domain of war. In particular the Arab Spring has given the definitive consecration to politically driven hacking actions that have proven to be a key factor inside the protests that are changing the political landscape in the Middle East: non conventional weapons used together with “traditional” methods by both parties involved on revolutions: cyber-opponents vs cyber-supporters.
Tunisia has been the first example of this new way to provide backing to social protests: at the beginning of 2011 the Anonymous activists targeted Tunisian government sites. It was the 4th of January and this action (or Operation quoting the same term used by the Anonymous) showed to the world the real, political and social power of the Cyber warfare.
Few days later (June, 26th 2011) the same fate befell to Egypt: government sites were targeted with DDOS attacks which contributed to draw attention to ongoing protests which led to the fall of President Mubarak.
Following the wake of the Arab spring, the Anonymous also took position in the Libyan Revolution declaring their engagement with the rebels. Although, from an information security perspective, no practical consequence followed this statement, it had a huge symbolic significance, since in a clear and decisive manner, an hacker crew crossed the boundary of the cyberspace and took position on a social and political event even before performing any hacking acton.
But in Syria the revolution fought in the fifth domain has reached its “bloody” peak. On August, the 7th 2011 the Anonymous targeted the Syrian Ministry of Defense with a resounding defacement. A couple of days later, in retaliation of the previous defacement, the Syrian Electronic Soldiers defaced Anonplus, the Anonymous Social Network, that had already been, a couple of weeks before, the target of a defacement performed by the same Syrian Crew.
But the “war inside the war” fought between the two groups does not stop here: following the bloody events in Syria, on Sunday, 25th of September, the Anonymous decided to open again the hostilities unleashing a chain of defacement action, against the Syrian Government, hacking and defacing the official sites of seven major Syrian cities, which stayed up in their defaced version for more than 16 hours. The defacement actions kept on the following day in which 11 Syrian Government Sites were defaced as part of the same operation.
Of course a retaliation of the Syrian Electronic Soldier was predictable (and close in time) and targeted, in an unexpected manner, one of the most important US Universities, the University of Harvard which was victim of a resounding defacement on Monday, the 26th of September.
So far the two Cyber Armies have shown an unprecedented impetus in countering their respective acts of cyberwar. Probably the story will not end up here and, most of all, we will have to get used to watch the wars and the revolutions on a double perspective involving real battlefields and virtual battlefields. The problem here is that information security professionals and system administrators are not likely to be mere spectators, but the real soldiers of this non conventional war.
An interesting article from The Wall Street Journal confirmed what I have been writing in my posts since a couple of weeks: Mobile Technologies are destined to play a crucial role in modern conflicts (what I defined Mobile Warfare) and the traditional Military Corps of Engineers will necessarily have to be complemented by Corps of Network and Security Engineers dedicated to establish and maintain connectivity in war zones.
This is exactly what happened in Libya where the rebels, with the support of a Libyan-American telecom executive Ousama Abushagur and oil-rich Arab nations, were able to hijack Libyana Phone Network, the cellular network owned by one of the Colonel’s sons, to steal from Libyana a database of phone numbers, and to build from (partial) scratch a new cell network serving 2 million Libyans, renamed “Free Libyana”. This action was aimed to restore internal Cellular communications after Gaddafi shut down the country’s cellular and data networks.
The operation was led from Abu Dhabu by Ousama Abushagur, a 31-year-old Libyan telecom executive. Mr. Abushagur and two childhood friends started fund-raising on Feb. 17 to support the political protests that were emerging in Libya. During one mission to bring humanitarian aid convoys to eastern Libya, they found their cellphones jammed or out of commission, making nearly impossible planning and logistics. This was the reason why Mr.Abushagur decided to draw a plan for hijacking the Libyana Network, divert the signal and establish a new backbone free of Tripoli’s control, also with the intention to provide backing to the rebels forces which were beginning to feel the effects of the loyalist counteroffensive.
In a race against time to solve technical, engineering and legal challenges, U.A.E. and Qatar (whose officials didn’t respond to requests for comment) provided diplomatic (and economical) support to buy the telecommunications equipment needed in Benghazi. A direct support was provided also by Etilsat, Emirates Teleccomunications Corporation, which refused to comment as well). The support of the Gulf nation was necessary also because, meanwhile, it looks like that Huawei Technologies Ltd., the Chinese Company among the original contractors for Libyana’s cellular network backbone, refused to sell equipment for the rebel project, causing Mr. Abushagur and his engineers to implement a hybrid technical solution to match other companies’ hardware with the existing Libyan network.
By March 21, most of the main pieces of equipment had arrived in the U.A.E. and Mr. Abushagur shipped them to Benghazi with a team composed by three Libyan telecom engineers, four Western engineers and a team of bodyguards: the Corps of Network Engineers committed to build the new infrastructure in the war zone.
Since Col. Gaddafi’s forces were bombing the rebel capital, Mr. Abushagur diverted the Corps of Network Engineers and their equipment to an Egyptian air base on the Libyan border (another indirect show of Arab support for rebels). Once in Libya, the Corps paired with Libyana engineers and executives based in Benghazi. Together, they fused the new equipment into the existing cellphone network, creating an independent data and routing system free from Tripoli’s command. To be free from Tripoli was also a security requirement, since Col. Gaddafi had built his telecommunications infrastructure in order to route all calls (and data) through the capital in order to be easily intercepted and eavesdropped.
After implementing the network, the new Telco had to attract “customers”. A war zone is not the ideal place for advertisement, so nothing better than capturing the Tripoli-based database of phone numbers, and inserting Libyana customers and phone numbers into the new system called “Free Libyana.” The last piece of the puzzle was securing a satellite feed, through Etisalat, with which the Free Libyana calls could be routed.
An important detail: all the operation was successfully performed without the support of allied forces, the result is that rebels now can use cellphones to communicate between the front lines and opposition leaders.
If for a moment we forget that we are speaking about cellular networks, we could assimilate this event as part of a civil war operation, in which friendly countries and dissidents from abroad endeavor to provide weapons to rebels in order to turn the tide of a conflict (examples of which the history is full). In this circumstance this operation did not turn the tide of the conflict (at least so far but mobile warfare, while important, has still a smaller weight in a conflict than real warfare), nevertheless, for sure, restored mobile communications are supporting the leaders of the rebellion to better communicate among them and to better organize the resistance against the loyalists: as a matter of fact the March cutoff forced rebels to use flags to communicate on the battlefield. I will never tire of saying that the events in the Mediterranean area do (and did) not rely solely on conventional weapons but also on weapons of communications (the mobile warfare) through which rebels forces provided abroad the information necessary to witness exactly the brutal internal events and rallied international backing.
After so much theory depicted in my posts, finally the first real and meaningful example of the importance of mobile warfare in the events of Northern Africa, and that example! One single event has unleashed the importance of mobile technologies in war zone and the crucial role played by specialized teams dedicated to establish and maintain communications: the Corps of (Network and Security) Engineers.