About these ads

Archive

Posts Tagged ‘Italy’

16-31 December 2013 Cyber Attacks Timeline

January 12, 2014 Leave a comment

Let’s give the welcome to this new infosec year with the first timeline of 2014 (or better the last of 2013) summarizing the main events occurred in the second half of December 2013.

With no doubt, this holiday season has been characterized by the Target breach, whose size is constantly growing (110 million the number of potential victims according to recent estimates). This massive incident has somehow shadowed another massive breached occurred in Turkey, were Russian hackers have allegedly been able to obtain 54 million citizens’ ID Data. With similar numbers, the 300.000 users potentially affected by the Cyber Attack involving Affinity Gaming appear risible.

Other considerable events include a Christmas Intrusion on a BBC server (with the author possibly selling the backdoor access on the underground) and yet another possible intrusion by Chinese hackers on a US target, specifically the Federal Election Commission.

Nothing particularly significant on the hacktivism front characterized by the consolidated “background noise” of events whose sizes are well far from the levels of the recent years.

As usual, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-31 December 2013 Cyber Attacks Timeline Update2 Read more…

About these ads
Categories: Cyber Attacks Timeline, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

1-15 August 2013 Cyber Attacks Timeline

August 19, 2013 Leave a comment

The first half of August has gone, so it is time for the Cyber Attacks Timeline summarizing the main events occurred in this period.

Looks like the massive breaches have decided to have a break during August. Although the first fifteen days have shown a remarkable number of attacks, no huge leaks have been recorded.

The only exception is the latest attack to the United States Department of Energy (14,000 individuals potentially affected) and the one targeting the Ferris State University with nearly 60,000 records potentially affected.

Other remarkable events include the attacks against Opscode and Crytek. In this latter case four websites have been temporarily taken down.

Last but not least, the Syrian Electronic Army is back in action, and its wave of Social Engineering attack has directly and indirectly hit many primary targets such as Channel 4 and the New York Post (via the hack to the SocialFlow platform).

Important: this period has also seen an high cyber activity between India and Pakistan. The attacks deserve a dedicated timeline to be published very soon. So they will not appear in this timeline.

As usual, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1-15 August 2013 Cyber Attacks Timeline Addendum Read more…

Categories: Cyber Attacks Timeline, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

15-31 May 2013 Cyber Attacks Timeline

And here we are with the second part of the Cyber Attacks Timeline for May (first part here).

The second half of the month has shown an unusual activity with several high-profile breaches motivated by Cyber-Crime or Hacktivism, but also with the disclosure of massive Cyber-Espionage operations.

The unwelcome prize for the “Breach of the Month” is for Yahoo! Japan, that suffered the possible compromising of 22 million users (but in general this was an hard month for the Far East considering that also Groupon Taiwan suffered an illegitimate attempt to access the data of its 4.1 million of customers).

On the cyber-espionage front, the leading role is for the Chinese cyber army, accused of compromising the secret plans of advanced weapons systems from the U.S. and the secret plans for the new headquarter of the Australian Security Intelligence Organization.

On the Hacktivism front, this month has been particularly troubled for the South African Police, whose web site has been hacked with the compromising of 16,000 individuals, including 15,700 whistle-bowlers.

Other noticeable events include the unauthorized access against the well known open source CMS Drupal (causing the reset of 1 million of passwords), the trail of hijacked Twitter accounts by the Syrian Electronic Army and also an unprecedented wave of attacks against targets belonging to Automotive.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

May 2013 Cyber Attacks Timeline Part II Read more…

Categories: Cyber Attacks Timeline, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

1-15 May 2013 Cyber Attacks Timeline

And here we are with our bi-weekly review of the main cyber attacks. This time is the turn of the first half of May.

Probably this month will be remembered for the huge cyber-heist against two Payment Processors, and affecting two banks (National Bank of Ras Al-Khaimah PSC in the United Arab Emirates and the Bank of Muscat in Oman), which suffered a massive loss of $45 million due to an endless wave of unlimited withdrawals from their ATMs.

Other relevant actions related to Cyber-criminal operations include the massive breaches against MSI Taiwan (50,000 records affected) and most of all, the Washington state Administrative Office of the Courts (up to 160,000 SSN and 1 million driver’s license numbers).

On the other hand, the hacktivists concentrated their efforts on the so-called OpUSA (7 May), even if it looks like that most of the attacks were nuisance-level. Instead, and this is a great news, after months of intense activity, the operation Ababil come to a stop.

On the cyber war front, this month reports an unedited conflict between Taiwan and Philippines.

Last but not least, even if this attack dates back to 2007, on the Cyber-Espionage front, Bloomberg has shaken this lazy month revealing the repeated attacks by the infamous Comment Crew hackers against Qinetiq, a very critical Defense contractor. The cyber threats from the Red Dragon (real or alleged) keep on scaring the western world.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

May 2013 Cyber Attacks Timeline Part I Read more…

Anonymous leaks 3500 Private Docs From Italian Police

October 25, 2012 Leave a comment

On the wake of similar operations carried on by Hacktivists against Law Enforcement Agencies all over the World, the Italian Cell of the infamous collective Anonymous has decided to cross the line targeting the Italian Police with a clamorous Cyber Attack under the label of #Antisec movement.

On October, the 23rd, the Hactkivists have leaked more than 3500 private documents, claiming to own an additional huge amount of sensitive information such as lawful interception schemes, private files and e-mail accounts.

The Italian Police has indirectly confirmed the attack, downplaying its effects with a scant statement (in Italian) that (easily predictable) has raised a furious reaction by the Hacktivists. According to the above mentioned statement, no server was compromised, but the leaked data were just the consequence of several “illegitimate accesses” to private emails belonging to police officers (as to say that several compromised accounts are less severe than a hacked server).

Strictly speaking, this latest attack is not a surprise since in the past months, mainly after the infamous 50 days of Lulz of the LulzSec collective, Governments and Law Enforcement Agencies all over the world have become the preferred targets for Hacktivists under the Antisec shield. From a broader perspective this trend was apparently decreasing during 2012 because of several factors: the discovery of the double identity of Sabu (an hacktivist during the day and an FBI informant during the night), the arrest of W0rmer and ItsKahuna (two members of the CabinCr3w collective who left behind them a long trail of cyber-attacks against law enforcement agencies, and, last but not least, the arrest of the members of the Team Poison Collective.

Unfortunately This cyber-attack changes the rules and brings the things back in time to Summer 2011. It looks similar to LulzSec’s Operation Chinga La Migra, targeting Arizona Border Patrol, and to another (nearly contemporary) cyber attack that allowed LulzSecBrasil (??) to leak 8 Gb of data from the Brazilian Police.

Hopefully this cyber-attack will change the rules in Italy, it has dramatically demonstrated the real risk for public institutions and the need for a greater level of security. As a consequence it cannot be absolutely underestimated.

Hack the School and Find a Job!

October 7, 2012 Leave a comment

Do you remember Catherine Venusto, the super mom who accessed illegitimately her kids’ school systems to change their grades?  Using the passwords obtained while working as secretary for the same school district (Northwestern Lehigh School District), she was able to access the systems 110 times in 2012 (and 2012) changing the grades.

The half-dozen felony counts she was arraigned on as a consequence of her actions, where not enough to prevent other school hackers to follow the same example.

The latest episode happened in Italy (Technical Institute Marzotto in Valdagno, near Vicenza), where a gang of 10 school hackers (including five minors) have been reported for illegitimately accessing their teacher’s computer, stealing the drafts of the tests and in several cases altering the grades.

The intrusions started during the last school year and could have been undetected If the hackers, maybe feeling too much comfortable with their actions, exaggerated with their improvised “prediction capabilities”. In particular, as in the best tradition, the gang included a dunce, whose grades passed from 3 to 9 (on a 10 points scale proper of the Italian graduation system). This was enough to raise the attention of the school principal and the teacher who reported the gang to the authorities.

The subsequent investigation discovered a file script installed in the (unattended) teacher’s computer capable of stealing the password.

There are several questions raising from this episode:

My first feeling is that, although the school is increasingly adopting new technologies, its approach is still obsolete and not adequate to the digital rage of the native digitals. I am afraid this is the classical “tip of the iceberg” and I wonder how many similar episodes are happening undetected.

My second feeling comes from the inconvenient conclusion of this affair: a local company has offered to provide legal assistance to the material author of the tool used for the intrusion (a student of Indian origin), promising him a job in his IT department. This unhappy decision has obviously raised many controversies: is it correct to emphasize and reward similar behaviors? The implicit message is easy: take an illicit “shortcut” and you will be rewarded.

Unfortunately, I believe that such similar shortcuts, which are generally widespread in Italy, played an important role to bring us to our current crisis condition. Hence they should be discouraged from the beginning, and the digital world makes no exception.

Defacement “Tarantina Style”

August 10, 2012 Leave a comment

The city of Taranto is famous worldwide for its delicious mussels “Tarantina Style” with tomato soup, chilly pepper and garlic. Unfortunately in these days Taranto is also the unvoluntary protagonist of the ILVA affaire, a paradoxical situation typical of Italy.

On July the 31st, The ILVA steel plant, the largest of Europe, has been placed under precautionary judicial seizure, and eight current or former executives under house arrest. This is the consequence of an inquiry into environmental pollution. Unfortunately such a similar decision is leading to heavy consequences for the steel plant workers who went on the warpath, and for the unions as well who have announced an indefinite strike.

A so delicate and complex situation could not be ignored by hacktivists of the infamous collective Anonymous who, in name of OpItaly&OpGreenRights, yesterday have hacked and defaced the Taranto Municipality website and left a message directed to workers against the steel plant activity. The hacktivists have also dumped portion of a database of Ilva and Riva Group (the corresponding holding) on pastebin.

The latest example of the strict interconnections between the real and cyber worlds, even if a so complex and potentially devastating situation deserves much more in-depth reflections (about the national economic strategies and policies), than a “simple” (maybe fashion-motivated) defacement.

Thanks to Cybwerwarnews.info for publishing the news.

July 2012 Cyber Attacks Timeline (Part II)

August 3, 2012 1 comment

Click here for Part I.

The Dog Days are nearly here. Weather forecast are announcing for Italy one of the hottest summers since 2003, and the same can be said for the Infosec temperature, although, July 2012 has been very different from the same month of 2011, which was deeply characterized by hacktvism.

Instead looks like that hacktivists have partially left the scene in favor of cyber criminals who executed several high profile breaches also in the second part of the month: Maplesoft, Gamigo, KT Corporation and Dropbox are the most remarkable victims of cyber-attacks, but also other important firms, even if with different scales, have been hit by (improvised) Cyber Criminals. One example for all? Nike who suffered a loss of $80,000 by a 25-year improvised hacker, who decided that exploiting a web vulnerability was the best way to acquire professional merchandise.

But probably the prize for the most “peculiar” cyber-criminal is completely deserved by Catherine Venusto, who successfully changed her sons’ grade for 110 times between 2011 and 2012.

As far as the Hacktivism is concerned, although we were not in the same condition of one year ago (a leak every day kept security away), this month has offered the massive leak of the Australian Provider AAPT, with 40 gb of data allegedly stolen by the Anonymous.

Last but not least, a special mention for the cyber espionage campaigns, that had an unprecedented growth in this month: Israel, Iran, Japan, the European Union and Canada, are only few of the victims. Iran gained also an unwelcome record, the first nation to be hit by a malware capable of blasting PC speakers with an AC/DC song…

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Read more…

The First “Serie A” Team Hacked

Cyber War News has just reported the details of a small database leak against Udinese Calcio, one of the  oldest and most important Italian “Serie A” Football teams (Udinese ended the last Italian season at the third place and is going to play the preliminary phase of the prestigious UEFA Champions League).

As far as I remember, this is the first time that a “Serie A” Football Team gets hacked, and among the remarkable records that Udinese collected during the 2011-2012 season, this is probably the most unwelcome. The leak has been performed by norton-z, who has exploited an SQL Injection vulnerability on the team’s web site and has hence dumped on pastebin some details including administrative accounts.

If you follow my timelines you will have probably noticed that norton-z has been very active in the last period, so it looks like he has decided to turn his attention to Italy and just to a Football team (in the same days in which the continent is watching the European Championship EURO 2012 in Poland and Ukraine).

If you are just wondering if the leak is somehow related to the recent scandal (AKA Calciopoli AKA Operation Last Bet) which has dramatically hit the Italian Football Landscape, you will probably be disappointed. According to the autohor’s pastebin statement, there is no other reason than fun!

Is it time for football teams to allocate some budget for securing their online services?

Thanks to @Cyber_War_News for the fresh info!

Sixteen Months of Cyber Attacks in Italy

Tomorrow, during the 2012 Security Summit, Edition of Rome, the June Update of the 2012 Italian Report on ICT Security will be unleashed.

I gave a contribution for the section concerning the Cyber Attacks in Italy. The following lines depict a summary of what you will be able to find in the full report (so far only in Italian).

During the period ranging from February 2011 to April 2012, I collected 127 cyber attacks, among which 112, corresponding to the 88% (that is almost the entire sample), driven by hacktivism. In only 15 cases different motivations were found, related to Cyber Crime (14 occurrences) and Cyber Espionage.

The collected sample shows that more than 43% of targets were government sites and political associations. Organizations related to education rank at number three even though most of the attacks were concentrated in a single event in July when as many as 18 universities were affected simultaneously.

Entertainment industry and Law Enforcement Agencies are far behind, but ahead all other categories, probably a consequence of the cyber attacks perpetrated in January and March 2012 during the waves of protests against SOPA and PIPA, (and the subsequent shutdown of MegaUpload). Please notice that not event the Holy See has been safe from hackers with a wave of DDoS attacks targeting several Vatican sites after some controversial declarations of a security vendor.

The trend analysis clearly reflects the influence of external factors on hacktivism in Italy: the first intervention in Libya, then the emotional impact of the collective LulzSec, and finally the protests against the proposed laws considered repressive to freedom of expression on the Internet.

As far as the attack distribution is concerned, Italy has just demonstrated to be a “Spaghetti DDOS” country. On the wake of hacktivism, our country has assisted, in the analyzed period, to a massive wave of Distributed Denial Of Service Attacks. SQL Injection and Defacement attacks are well behind (again remember that most of the SQLi attacks were concentrated on a single event occurring on July). In any case the distribution shows a tendency to perform those kinds of attacks (DDoS and Defacement) capable to gain the most attention from media.

Although the sample may provide an interesting snapshot, please keep in mind that it only includes those attacks that have been detected since the authors claimed them, or simply because the attacks themselves earned plenty of space on media. Given the times we are living in, I’m afraid these are just the tip of the iceberg.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

P.S. I did not include in the sample the controversial attack to CNAIPIC (Italian Cyber Police) since the origin of that event is far from being certain.

Follow

Get every new post delivered to your Inbox.

Join 2,714 other followers