November has gone and it’s time to review this month’s cyber landscape.
From a Cyber Crime perspective, November 2012 will be probably remembered for the breach to Nationwide, one of the largest insurance and financial services providers in the US, a breach that has potentially left up to 1 million users exposed. Unfortunately, in terms of massive breaches, this is not the only remarkable event of the month, just at the end Acer India has suffered a massive cyber attack culminated in the leak of nearly 15,000 records. Not comparable with the breach that affected Nationwide, but for sure of big impact.
Also on the cyber-espionage front this month has been interesting: JAXA, the Japan Space agency has been targeted by yet another targeted attack (after January 2012) and Symantec has discovered W32.Narilam, a new destructive malware targeting several nations in Middle East.
The hacktivist front has been characterized by the dramatic events in Gaza, the attacks have reached a peak around the first half of the month (as in the first part, I did not take into consideration the attacks carried on in name of OpIsrael for which I wrote a dedicated timeline), in any case the Anonymous have found another way to mark this month, leaking 1 Gb of documents from the Syrian Ministry of Foreign Affairs.
Last but not least, this month has seen three large-scale DNS Poisoning attacks (against the Pakistani Registrar PKNIC, Inc., GoDaddy, and the Romanian Registrar). A very rare occurrence!
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
- 1-15 November 2012 Cyber Attacks Statistics (hackmageddon.com)
- Timeline of Opisrael (hackmageddon.com)
After the ceasefire of the 21st of November, the cyber attacks against Israel, executed in name of OpIsrael, have come to a break.
The contemporaneous ceasefire in the real world and in the cyber space has confirmed the two dimensional nature of this conflict. A conflict in which even the social media played a crucial role: IDF chose Twitter to make the first official announcement of the airstrike that killed Ahmed Al-Jaabari, and subsequently during the stages of operation Pillar of Defence Twitter has been intensively used by the two opposite factions for actions of propaganda, psyops, and even to divulge official news of the war operations.
Since the Ion Cannons are not shooting, this is the best moment to analyze the cyber attacks. At this purpose, in the following table I tried to summarize the timeline of the main events that have characterized this operation (and in general all the cyber attacks executed against Israel since the 14th of November).
Of course I do not pretend to be exhaustive: more than 44 million of cyber attacks in a week are impossible to enumerate singularly.
October 2012 has deserved a bad surprise for the members of the famous rock band Garbage, who had their official Twitter account hacked from an unknown cybercrook who enjoyed posting bogus messages to their nearly 60k followers.
Unfortunately, among the music stars, they are not the only ones who have suffered this sad fate, and actually, since 2009 to present, the list is quite long.
Britney Spears opens this special chart, which also includes high-profile singers such as Lady Gaga, Justin Bieber and Kesha. Brit currently holds the unwelcome record to have been hacked twice, but the group of the victims is quite varied and covers different genres: pranksters and cybercrooks, at least from this point of view, have proven to be impartial.
The accounts have been hacked for different motivations: scam, hacktivism, or simple fun, and accessed via lost phones or by mean of brute-force or password-guessing techniques.
Famous singers are used to be on top of selling charts.I believe they willingly avoid to rank at the top of this unwelcome chart (after the jump you will find the related links).
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.
Fate, it seems, is not without a sense of irony. And this rule worths also for the Infosec Matrix…
Yesterday, while a five-hour outage, due to an alleged DDoS cyber attack initially claimed by the Anonymous, left GoDaddy unable to serve millions of websites (panicking millions of Internet Users), a digital publishing company named BlueToad came forward to take responsibility for the leak of a million iOS unique device identifiers (UDIDs). For sure you will remember that the same infamous collective claimed to have stolen the UDIDs from an FBI laptop few days ago.
Probably the FBI had really nothing to deal with the hack, since yesterday BlueToad admitted (and apologized) to have been breached and that the UDIDs were stolen just in that circumstance.
And as if that was not enough, hour after hour even the alleged cyber attack to GoDaddy has taken a paradoxical turn: after the initial claims, the Anonymous have denied the responsibility for the action (at first marked as the latest form of protest against GoDaddy’s support to SOPA), and have also mocked @AnonymousOwn3r, the alleged author of the attack, who self-proclaimed (sic) “security leader of Anonymous because I’m behind many things such like irc, ops, attacks, and many“.
Now the latest coup de théâtre: there’s no IRC bot behind GoDaddy’s outage (as claimed by the alleged author), but a much less romantic series of (unspecified) internal network events that corrupted data tables, apparently “simple” (for those famliar with networking) routing issues.
And they are two… In the same day, two alleged cyber attack initially claimed by the Anonymous, and then proven to be false. And even if it is not so common to discover two in the same day, fake cyber attacks are becoming quite frequent (think for instance to the alleged hack to Philips, old data leaked in February according to the Dutch Giant, and to Sony). Of course the point are not the Anonymous, the point is that claiming hacks and leaks (made by others, or worst totally false) is becoming too simple… Nowadays with Twitter and Pastebin you can (claim to) hack whatever you want (as an example I often find on pastebin dumps repeated several times and claimed by different authors).
Maybe it is time to take with caution and skepticism the news of massive leaks.
Update 4 Sep 23:38 GMT+2: The FBI issued a tweet denying that it ever had the 12 million Apple IDs in question:
Statement soon on reports that one of our laptops with personal info was hacked. We never had info in question. Bottom Line: TOTALLY FALSE—
FBI PressOffice (@FBIPressOffice) September 04, 2012
Here the complete Statement from the FBI Press Office.
Original Post: Few hours ago, the @AnonymousIRC Twitter account has announced yet another resounding cyber attack carried on in name of the #Antisec movement:
(@AnonymousIRC) September 04, 2012
In a special edition of their #FFF refrain (literally quoting the authors of the attack: “so special that’s even not on friday”), the Hacktivists claim to have obtained from FBI 12,000,000 Apple Devices UDIDs (UDID is the short form for Unique Device Identifier, the unique string of numbers that univocally identifies each iOS device), and have consequently published 1,000,001 of them in pastebin post.
In the same post they explain how they were able to obtain them:
During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of “NCFTA_iOS_devices_intel.csv” turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.
Did you notice the misplaced detail? Actually I could not help but notice that the UDIDs were obtained exploiting a Java vulnerability, the AtomicReferenceArray vulnerability (CVE-2012-0507). A detail is not so important in other circumstances, if it had not disclosed only few days after the controversies following the discovery of a potentially devastating 0-day for Java, and the subsequent issues deriving from the release of a vulnerable patch.
There could be no worse moment for this event to happen, and I am afraid it will contribute to add fuel to the raising concerns regarding Java security… Hard days for Java… And for the FBI