And here we are with the second part of the Cyber Attacks Timeline for May (first part here).
The second half of the month has shown an unusual activity with several high-profile breaches motivated by Cyber-Crime or Hacktivism, but also with the disclosure of massive Cyber-Espionage operations.
The unwelcome prize for the “Breach of the Month” is for Yahoo! Japan, that suffered the possible compromising of 22 million users (but in general this was an hard month for the Far East considering that also Groupon Taiwan suffered an illegitimate attempt to access the data of its 4.1 million of customers).
On the cyber-espionage front, the leading role is for the Chinese cyber army, accused of compromising the secret plans of advanced weapons systems from the U.S. and the secret plans for the new headquarter of the Australian Security Intelligence Organization.
On the Hacktivism front, this month has been particularly troubled for the South African Police, whose web site has been hacked with the compromising of 16,000 individuals, including 15,700 whistle-bowlers.
Other noticeable events include the unauthorized access against the well known open source CMS Drupal (causing the reset of 1 million of passwords), the trail of hijacked Twitter accounts by the Syrian Electronic Army and also an unprecedented wave of attacks against targets belonging to Automotive.
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
On the wake of similar operations carried on by Hacktivists against Law Enforcement Agencies all over the World, the Italian Cell of the infamous collective Anonymous has decided to cross the line targeting the Italian Police with a clamorous Cyber Attack under the label of #Antisec movement.
On October, the 23rd, the Hactkivists have leaked more than 3500 private documents, claiming to own an additional huge amount of sensitive information such as lawful interception schemes, private files and e-mail accounts.
The Italian Police has indirectly confirmed the attack, downplaying its effects with a scant statement (in Italian) that (easily predictable) has raised a furious reaction by the Hacktivists. According to the above mentioned statement, no server was compromised, but the leaked data were just the consequence of several “illegitimate accesses” to private emails belonging to police officers (as to say that several compromised accounts are less severe than a hacked server).
Strictly speaking, this latest attack is not a surprise since in the past months, mainly after the infamous 50 days of Lulz of the LulzSec collective, Governments and Law Enforcement Agencies all over the world have become the preferred targets for Hacktivists under the Antisec shield. From a broader perspective this trend was apparently decreasing during 2012 because of several factors: the discovery of the double identity of Sabu (an hacktivist during the day and an FBI informant during the night), the arrest of W0rmer and ItsKahuna (two members of the CabinCr3w collective who left behind them a long trail of cyber-attacks against law enforcement agencies, and, last but not least, the arrest of the members of the Team Poison Collective.
Unfortunately This cyber-attack changes the rules and brings the things back in time to Summer 2011. It looks similar to LulzSec’s Operation Chinga La Migra, targeting Arizona Border Patrol, and to another (nearly contemporary) cyber attack that allowed LulzSecBrasil (??) to leak 8 Gb of data from the Brazilian Police.
Hopefully this cyber-attack will change the rules in Italy, it has dramatically demonstrated the real risk for public institutions and the need for a greater level of security. As a consequence it cannot be absolutely underestimated.
Do you remember Catherine Venusto, the super mom who accessed illegitimately her kids’ school systems to change their grades? Using the passwords obtained while working as secretary for the same school district (Northwestern Lehigh School District), she was able to access the systems 110 times in 2012 (and 2012) changing the grades.
The half-dozen felony counts she was arraigned on as a consequence of her actions, where not enough to prevent other school hackers to follow the same example.
The latest episode happened in Italy (Technical Institute Marzotto in Valdagno, near Vicenza), where a gang of 10 school hackers (including five minors) have been reported for illegitimately accessing their teacher’s computer, stealing the drafts of the tests and in several cases altering the grades.
The intrusions started during the last school year and could have been undetected If the hackers, maybe feeling too much comfortable with their actions, exaggerated with their improvised “prediction capabilities”. In particular, as in the best tradition, the gang included a dunce, whose grades passed from 3 to 9 (on a 10 points scale proper of the Italian graduation system). This was enough to raise the attention of the school principal and the teacher who reported the gang to the authorities.
The subsequent investigation discovered a file script installed in the (unattended) teacher’s computer capable of stealing the password.
There are several questions raising from this episode:
My first feeling is that, although the school is increasingly adopting new technologies, its approach is still obsolete and not adequate to the digital rage of the native digitals. I am afraid this is the classical “tip of the iceberg” and I wonder how many similar episodes are happening undetected.
My second feeling comes from the inconvenient conclusion of this affair: a local company has offered to provide legal assistance to the material author of the tool used for the intrusion (a student of Indian origin), promising him a job in his IT department. This unhappy decision has obviously raised many controversies: is it correct to emphasize and reward similar behaviors? The implicit message is easy: take an illicit “shortcut” and you will be rewarded.
Unfortunately, I believe that such similar shortcuts, which are generally widespread in Italy, played an important role to bring us to our current crisis condition. Hence they should be discouraged from the beginning, and the digital world makes no exception.
The city of Taranto is famous worldwide for its delicious mussels “Tarantina Style” with tomato soup, chilly pepper and garlic. Unfortunately in these days Taranto is also the unvoluntary protagonist of the ILVA affaire, a paradoxical situation typical of Italy.
On July the 31st, The ILVA steel plant, the largest of Europe, has been placed under precautionary judicial seizure, and eight current or former executives under house arrest. This is the consequence of an inquiry into environmental pollution. Unfortunately such a similar decision is leading to heavy consequences for the steel plant workers who went on the warpath, and for the unions as well who have announced an indefinite strike.
A so delicate and complex situation could not be ignored by hacktivists of the infamous collective Anonymous who, in name of OpItaly&OpGreenRights, yesterday have hacked and defaced the Taranto Municipality website and left a message directed to workers against the steel plant activity. The hacktivists have also dumped portion of a database of Ilva and Riva Group (the corresponding holding) on pastebin.
The latest example of the strict interconnections between the real and cyber worlds, even if a so complex and potentially devastating situation deserves much more in-depth reflections (about the national economic strategies and policies), than a “simple” (maybe fashion-motivated) defacement.
Thanks to Cybwerwarnews.info for publishing the news.
Cyber War News has just reported the details of a small database leak against Udinese Calcio, one of the oldest and most important Italian “Serie A” Football teams (Udinese ended the last Italian season at the third place and is going to play the preliminary phase of the prestigious UEFA Champions League).
As far as I remember, this is the first time that a “Serie A” Football Team gets hacked, and among the remarkable records that Udinese collected during the 2011-2012 season, this is probably the most unwelcome. The leak has been performed by norton-z, who has exploited an SQL Injection vulnerability on the team’s web site and has hence dumped on pastebin some details including administrative accounts.
If you follow my timelines you will have probably noticed that norton-z has been very active in the last period, so it looks like he has decided to turn his attention to Italy and just to a Football team (in the same days in which the continent is watching the European Championship EURO 2012 in Poland and Ukraine).
If you are just wondering if the leak is somehow related to the recent scandal (AKA Calciopoli AKA Operation Last Bet) which has dramatically hit the Italian Football Landscape, you will probably be disappointed. According to the autohor’s pastebin statement, there is no other reason than fun!
Is it time for football teams to allocate some budget for securing their online services?
Thanks to @Cyber_War_News for the fresh info!
I gave a contribution for the section concerning the Cyber Attacks in Italy. The following lines depict a summary of what you will be able to find in the full report (so far only in Italian).
During the period ranging from February 2011 to April 2012, I collected 127 cyber attacks, among which 112, corresponding to the 88% (that is almost the entire sample), driven by hacktivism. In only 15 cases different motivations were found, related to Cyber Crime (14 occurrences) and Cyber Espionage.
The collected sample shows that more than 43% of targets were government sites and political associations. Organizations related to education rank at number three even though most of the attacks were concentrated in a single event in July when as many as 18 universities were affected simultaneously.
Entertainment industry and Law Enforcement Agencies are far behind, but ahead all other categories, probably a consequence of the cyber attacks perpetrated in January and March 2012 during the waves of protests against SOPA and PIPA, (and the subsequent shutdown of MegaUpload). Please notice that not event the Holy See has been safe from hackers with a wave of DDoS attacks targeting several Vatican sites after some controversial declarations of a security vendor.
The trend analysis clearly reflects the influence of external factors on hacktivism in Italy: the first intervention in Libya, then the emotional impact of the collective LulzSec, and finally the protests against the proposed laws considered repressive to freedom of expression on the Internet.
As far as the attack distribution is concerned, Italy has just demonstrated to be a “Spaghetti DDOS” country. On the wake of hacktivism, our country has assisted, in the analyzed period, to a massive wave of Distributed Denial Of Service Attacks. SQL Injection and Defacement attacks are well behind (again remember that most of the SQLi attacks were concentrated on a single event occurring on July). In any case the distribution shows a tendency to perform those kinds of attacks (DDoS and Defacement) capable to gain the most attention from media.
Although the sample may provide an interesting snapshot, please keep in mind that it only includes those attacks that have been detected since the authors claimed them, or simply because the attacks themselves earned plenty of space on media. Given the times we are living in, I’m afraid these are just the tip of the iceberg.
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @paulsparrows on Twitter for the latest updates.
P.S. I did not include in the sample the controversial attack to CNAIPIC (Italian Cyber Police) since the origin of that event is far from being certain.
Yesterday, during the Italian Security Summit 2012, the Italian Clusit Association has unveiled the first Italian Cybercrime Report for which I acted as a contributor (in particular I compiled the section dedicated to the Italian Cyber Attacks), putting also at disposal my 2011 Cyber Attacks Timeline for the Report’s introduction.
This is a great result for our Security Community, not only because such a similar holistic work had never been compiled before in Italy, but also because it pinpoints the possible trends and scenarios for 2012 and hence provide guidelines useful to delineate security strategies for professionals and organizations.
Most of all, the Report has been enriched by data collected by the Italian Cyber Police. An unprecedented event in Italy that provides a real deep insight the Cybercrime impacts in everyday life as never done before in our country.
Said in few words, it worths a read, and even if, so far, it is in Italian, we are working for a short English Version.
In the meantime I provide you with an amusing preview. In compiling the report, Andrea Zapparoli Manzoni, a dear friend and most of all one of the report contributors, did a great job by cataloguing all the 406 international attacks that I collected in my 2011 timeline. I consequently decided to summarize the results of this huge work in the following Infographic. The result is quite impressive, isn’t it?