So, after announcing an alleged hack to Italian Prison Guards, the threatening tweets anticipating the latest hack, have suddenly disappeared from @LulzSecITALY and replaced by a tweet announcing a day of relax. Of course the doubt if the announcement was a hoax or not remains… But in my opinion this is not the most relevant point of the story.
As a matter of fact this is only the last occurrence of a strange phenomenon that is changing the rules of hacking. In the old world, the attacks were performed silently, and disclosed (if discovered) only several months later and never because they were directly announced by the alleged authors.
What is happening after the example of Anonymous and LulzSec is a kind of “Consumerization of Hacking”, not only because the public availability of tools such as LOIC or TOR has allowed to enroll many “would-be” hackers, but most of all because in these strange days, advertising an attack, too often before performing it, has become even more important than the effect of the attack itself, that is the quality of the data leaked. In this scenario the social media play as a sounding board allowing a viral spreading of the information (which grants more importance to the action itself rather than to its content)
This trend has several consequences:
- Sometimes the attack are advertised even if they are not particularly sophisticated (for instance the massive DD0S campaigns), or the quality of the data stolen is irrelevant;
- Attacks are often anticipated or followed by many claims which make hard to identify the real author. Before or after an attack appears, different alleged authors claim the paternity (consider for instance the case of Italian Cyber Police Hack), also because many attacks of the last days are poor in quality, so that the author does not need to prove its skills.
- Also the quality of hacking is decreasing, as it often happens when something become available for (too) many, most of all because the many lack the necessary skills.
This dos not mean that information security professionals do not need to be worried, but only that the landscape is changing: more attacks, maybe less sophisticated, with an impact more quantitative than qualitative.
Have you ever tried to think to Stuxnet developers announcing with a pastebin their intention to stop the Iranian Nuclear Program, or a tweet announcing the Shady RAT, rather than the Mother of All Breaches disclosed by The Pentagon?
One could say that this attacks were mostly driven by military reasons, nevertheless honestly speaking, at this point I would not be surprised from Cyberwar Tweets announcing sensational operations in the fifth domain of war. Probably they are already between us even if hidden between us: this explains the intention for Department of Defense to invest millions in Twitter Tracking.
Actually I cleaned it up a little bit in order to show only some of the events happened in 2011, which were inserted in the original matrix. As a reference I left some events of the previous years (inserted in the original matrix as well) in order to have a kind of normalization. They include the infamous Ufo Hacker, the Greek Cellphone Caper, and finally the Palin’s Email Hacking.
As you may easily notice, Stuxnet deserves the Top of the Rock for Innovation and Impact. The infamous malware (the terror the nuclear power plants) has divided the infosec community in different factions: those who consider the malware as the first example of next-gen cyber-weapons developed (maybe by Israel and the U.S.) to seriously damage and delay the Iranian nuclear program (whose development took at least ten years of work), or those who consider it the work of an amateur, a script kid, possibly an astronomer with knowledge of the Holy Bible. Regardless of the real origin, because of its huge exploitation of 0-day vulnerabilities (which make it really contagious) the malware has established a new level, and probably a new standard for the information security landscape.
The RSA breach ranks in a considerable position as well. As known, compromised seeds were used to attack several main contractors of U.S. Defense (L-3, at the beginning of April but disclosed at the end of May, Lockheed Martin, on May, the 22nd, and Northrop Grumman on May, the 26th). As I told in one few posts ago I am afraid that also the Mother of All Breaches, that is the breach of 24,000 files by a Contractor, happened in March but disclosed by Pentagon last week, may be somehow related to the RSA Breach. As a consequence of the latter breach, a classified US military weapons system will have to be redesigned. Because of the impact, this breach should also be included in the matrix.
Probably the effects of the Epsilon Data Breach have been underestimated, since it is likely that security concerns, in terms of phishing, for the owners of breached e-mail addresses will last for years.
Obviously the matrix could not miss the infamous Anonymous and LulzSec Hacking groups. Their actions are considered quite simple with a major impact for the Lulz Boat. The Anonymous group is perhaps unfairly considered only for DDoS, and probably the matrix was drawn before the events of the last days such as the Monsanto Hack performed by Anonymous (whose impact is quite huge and denotes a growing interest of the group towards social problems), or the Sun Hacking (at this link some technical details on the hack).
Finally a quick consideration, of course it is a coincidence, but I could not help noticing that the author of the Ufo Hack, Gary McKinnon, has been diagnosed with the Asperger’s Syndrome, a form of Autism. Curiously the same disease has been diagnosed to Ryan Cleary, the alleged LulzSec member arrested in U.K. on June, the 21st. Probably some individuals suffering of autism spectrum disorders establish with machines the links and relationships they are not able to establish with the other human beings. This explains in part why they are so able with hacking…
Again, thanks to Massimo for reporting this really interesting (and enjoying) link.
- The LulzSec Boat is Back (and sails under The SUN) (paulsparrows.wordpress.com)
Update July 15: Reuters reports that hat a classified US military weapons system will now need to be redesigned after specs and plans for the system were stolen from a defense contractor database during the breach of March,
According to an AP Statement, on Thursday the Pentagon revelead to have suffered a breach of 24,000 documents in March, during a single intrusion. Particularly interesting is the fact that sources believe the attack was perpetrated by a Foreign Country, confirming the fact that cyberspace has really become the fifth domain of war (earlier in this year China had been charged to have hacked some gmail accounts including those of senior US and South Korean government officials, and similarly at the end of 2009 some gmail accounts belonging to dissidents).
According to the original statement by AP:
William Lynn, the deputy secretary of defense, said in a speech outlining the strategy that 24,000 files containing Pentagon data were stolen from a defense industry computer network in a single intrusion in March. He offered no details about what was taken but in an interview before the speech he said the Pentagon believes the attacker was a foreign government. He didn’t say which nation.
“We have a pretty good idea” who did it, Lynn said the interview. He would not elaborate.
For the chronicle, DoD operates over 15,000 networks and seven million computing devices across hundreds of installations in dozens of countries around the globe.
It is not a coincidence that at the beginning of the year Pentagon declared that computer sabotage coming from another country can constitute an act of war, a finding that
for the first time opened the door for the U.S. to respond using traditional military force (probably at that time they were alre
ady aware of the above attack, which explains the change in strategy).
In the same wake, yesterday the Department of Defence announced its Strategy for Operating in Cyberspace, which relies on five strategic initiatives. At first glance the strategy aims to defend and prevent with a measured, reasonable approach focused on good network hygiene and data-sharing, rather than bombing hackers into submission.
- Strategic Initiative 1: Treat cyberspace as an operational domain to organize, train, and equip so that DoD can take full advantage of cyberspace’s potential;
- Strategic Initiative 2: Employ new defense operating concepts to protect DoD networks and systems;
- Strategic Initiative 3: Partner with other U.S. government departments and agencies and the private sector to enable a whole-of-government cybersecurity strategy;
- Strategic Initiative 4: Build robust relationships with U.S. allies and international partners to strengthen collective cybersecurity;
- Strategic Initiative 5: Leverage the nation’s ingenuity through an exceptional cyber workforce and rapid technological innovation.
Honestly Speaking I must confess that, as soon as I stumbled upon this report I could not help thinking (but this is a mere personal speculation) to the RSA Breach. Details of the Pentagon breach are not known so far, but I would not be surprised if they were somehow related. On the other hand the RSA breach happened in mid-March and was followed to attacks towards three US Defense Contractors (L-3, happened at the beginning of April but disclosed at the end of May, Lockheed Martin, discovered on May, the 22nd, and Northrop Grumman on May, the 26th). Only a coincidence?