About these ads

Archive

Posts Tagged ‘Julian Assange’

1-15 September 2012 Cyber Attacks Timeline

September 19, 2012 Leave a comment

Here it is the usual compilation for the Cyber Attacks in the first half of September, a period which has apparently confirmed the revamping of hacktivism seen in August.

Several operations such as #OpFreeAssange (in support of Julian Assange), #OpTPB2 against the arrest of The Pirate Bay Co-Founder Gottfrid Svartholm Warg, and #OpIndipendencia in Mexico have characterized the first half of September. Curiously the hacktivists have also characterized this period for a couple of controversial events: the alleged leak of 1 million of UDIDs from FBI (later proven to be fake) and the alleged attack to GoDaddy (later proven to be a network issue, that is the reason why I not even mentioned it in this timeline). Other actions motivated by hacktivists have been carried on by Pro-Syrian hackers.

From a Cyber Crime perspective, there are two events particularly interesting (even if well different): the alleged leak of Mitt Romney’s tax returns and yet another breach against a Bitcoin Exchange (Bitfloor), worthing the equivalent of 250,000 USD which forced the operator to suspend the operations.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Read more…

About these ads

August 2012 Cyber Attacks Statistics

September 7, 2012 4 comments

It’s time for the stats related to the Cyber Attacks Timeline of August. I do not remember a month so characterized by Hacktivism like this! The reason is mainly due to the actions motivated by the so-called OpFreeAssange, the waves of cyber attacks in favor of Julian Assange and, most of all in the first part of the month, to the OpDemonoid, the attacks targeting Ukrainan sites after the shutdown of the famous torrent tracker.

Let us begin with the Motivations Behind Attacks Chart. More than one half of the attacks of my sample (58%) were motivated by hacktivism, in line with the data of July (when the value was 55%). Cyber Crime motivated attacks rank at number two, with the 36% of occurrences, even in this case a value substantially in line with the previous month when it was at 31%. Cyber Espionage and Cyber Crime are well behind with the 3% respectively.

Moving forward to the chart regarding the Distribution Of Attack Techniques, there is a predominance of SQLi, which confirms to be the preferred weapon for Hacktivists or Cyber Criminals. DDoS (real or claimed) counts for nearly one third of the occurrence (32,4% real plus a further 2,9% claimed). Of Course, keep always in mind that data refer only to my sample and do not take into account all the defacements (make a jump to Zone-H and you will realize that is simply impossible) unless they are particularly meaningful.

Last but not least, the Distribution Of Targets chart clearly reflects the predominance of hacktivism in this month. In fact target belonging to governments rank at number one with the 19% of occurrences. Industries and organizations are immediately behind with respectively the 16.2% and the 15.2%. Inside industry, technology has been the most targeted sector, this is mainly due to the (controversial) Philips hack, but also to other remarkable cyber attacks such as AMD and AVX Corporation.

Of course, as usual, data must be taken very carefully since they do refer only to discovered attacks (the so-called tip of the iceberg), and hence do not pretend to be exhaustive but only aim to provide an high level overview of the “cyber landscape” of the considered period. Moreover, remember that the most dangerous threats are the invisible ones.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated). Also have a look at the 2012 Cyber Attacks Statistics and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16 – 31 August 2012 Cyber Attacks Timeline

September 5, 2012 Leave a comment

Here the first part with the timeline from 1 to 15 August 2012.

Here we are with the second part of the August 2012 Cyber Attacks Timeline. A second part of the month that has been characterized by hacktivism, most of all because of the so-called OperationFreeAssange, which has targeted many high-profile websites.

Among the targets of the month, Philips has been particularly “unlucky”. The Dutch giant has been the victim of three Cyber Attacks, even if there are several doubts about the authenticity of the hacks.

But maybe the biggest operation of the month is the #ProjectHellFire, carried on by the collective @TeamGhostShell, that has unleashed something as 1 million of accounts belonging to different sectors (banks, government agencies, consulting firms, law enforcement and the CIA). And the group promises new action for this Fall and Winter.

The Middle East confirms to be very hot, with a new Cyber Attack, probably another occurrence of Shamoon, targeting RasGas, yet another Oil Company.

Just one note: of course it is impossible to track all the targets of the #OpFreeAssange. You can find a complete list at cyberwarnews.info.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Read more…

Categories: Cyber Attacks Timeline, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

School of Hacktivism

March 2, 2012 2 comments

A like Anonymous

There are really few doubts, this is the most (in)famous hacking collective. There is no new day without a new resounding action. They are Anonymous. They are Legion. They do not forgive. They do not forget. Expect Them.

B like Barrett Brown

Considered one of the early members, Barrett Brown is the alleged spokesperson of Anonymous.

C like Chanology (AKA Project Chanology, AKA Operation Chanology)

A protest movement against the practices of the Church of Scientology by Anonymous. The project (or Operation) was started in response to the Church of Scientology’s attempts to remove material from a highly publicized interview with Scientologist Tom Cruise from the Internet in January 2008 and was followed by DDoS attacks and other actions such as black faxes and prunk calls.

D like DDoS

Distributed Denial of Service (abbreviated DDoS) is the preferred weapon by Hackitivsts, since it does not need particular hacking skills and may also be centrally controlled (with a hive mind who define the target). The preferred tool for perpetrating DDoS attacks is LOIC, although next-gen tools are under development.

E like Encyclopædia Dramatica

A satirical open wiki, launched on December 10, 2004 and defunct on April 14 2011. It is considered one of the sources of inspiration for The Anonymous.[1]

F like Fawkes Guy AKA Fawkes Guido

Guy Fawkes (13 April 1570 – 31 January 1606), also known as Guido Fawkes, belonged to a group of provincial English Catholics who planned the failed Gunpowder Plot, a failed assassination attempt against King James I of England. His stylised mask designed by illustrator David Lloyd and used as a major plot element in the “V for Vendetta“ Comic Book, is the symbol for the Anonymous. The failure of the Gunpowder plot has been commemorated in England since 5 November 1605.

Read more…

Privacy e Cinguettii…

January 8, 2011 Leave a comment

Una volta i piccioni viaggiatori trasportavano i messaggi, oggi i canarini azzurri trasportano gli ordini della Corte Federale USA.

Parlando di sicurezza sembra proprio che il Social Network sia destinato a diventare (nel bene e nel male) il protagonista del 2011, e questo non solo perché le previsoni dei principali produttori lo identificano come vettore privilegiato delle nuove forme di Malware.

E’ di oggi la notizia che, in data 14 dicembre il Dipartimento Di Giustizia degli Stati Uniti avrebbe ordinato a Twitter di fornire tutte le informazioni relative all’account (corrispondenza, tweet, etc.) di alcuni utenti legati a Wikileaks dal 1 novembre 2009 ad oggi. Al Social Network sarebbero stati forniti 3 giorni per fornire le informazioni richieste.

Gli utenti in questione sono:

  • Birgitta Jónsdóttir (@birgittaj), uno dei 63 membri del parlamento isalndese;
  • Bradley Manning, il soldato dell’esercito U.S: accusato di avere svelato informazioni classificate;
  • Jacob Appbelbaum (@ioerror), volontario di WIkileaks;
  • Rop Gonggrijp (@rop_g), hacker olandese e co-fondatore del Provider XS4ALL);
  • Ed infine, l’immancabile Julian Assange, ormai noto fondatore di Wikileaks.

Gli (inizialmente) ignari uttenti sono stati oggetto di un provvedimento 2703(d), che consente alla polizia di ottenere determinate informazioni da un sito Web o da un provider nel caso in cui le stesse siano

“relevant and material to an ongoing criminal investigation.”

La notizia è stata diffusa il 7 gennaio dal membro del parlamento islandese Birgitta Jónsdóttir, coinvolta nella richiesta, poiché, in maniera apparentemente inspiegabile, ieri pomeriggio è stata avvisata dal Canarino Azzurro Twitter dell’esistenza dell’ordine e della possibilità di opporsi entro 10 giorni alla richiesta di informazioni.

A questo link il testo della mail.

Il motivo di questo dietrofront, è solo apparentemente inspiegabile. Secondo il commentatrore di CNET il provvedimento 2703(d), così come imposto a Twitter, potrebbe essere incostituzionale in quanto richiede la notifica al diretto destinatario. Questo fatto ha probabimente indotto il Giudice Magistrato Theresa Buchanan, autore del provvedimento, di rivelarlo lo scorso giovedì (PDF) e autorizzare di conseguenza Twitter a

“disclose that order to its subscribers and customers,”

La questione riapre in maniera drammatica il problema del concetto di privacy del social network, ed io personalmente ci vedo anche un problema più ampio relativo alla disponibilità e all’utilizzo dei miei dati da parte del Provider di Servizi:  è vero che questo è un caso limite, ma non posso fare a meno di pensare che anche il sottoscritto, come molti altri compagni di (s)ventura utilizza il social netework. Certo è vero che non mi verrebbe mai in mente di utilizzarne la mail per scopi connessi ad attività diverse da quelle del mio tempo libero, anche se posso facilmente immaginare che nella remota eventualità in cui fossi coinvolto in questioni del genere, gli eventuali indagatori controllerebbero qualsiasi mia traccia, reale o virtuale, su questo pianeta.
Follow

Get every new post delivered to your Inbox.

Join 2,995 other followers