Here the first part with the timeline from 1 to 15 August 2012.
Here we are with the second part of the August 2012 Cyber Attacks Timeline. A second part of the month that has been characterized by hacktivism, most of all because of the so-called OperationFreeAssange, which has targeted many high-profile websites.
Among the targets of the month, Philips has been particularly “unlucky”. The Dutch giant has been the victim of three Cyber Attacks, even if there are several doubts about the authenticity of the hacks.
But maybe the biggest operation of the month is the #ProjectHellFire, carried on by the collective @TeamGhostShell, that has unleashed something as 1 million of accounts belonging to different sectors (banks, government agencies, consulting firms, law enforcement and the CIA). And the group promises new action for this Fall and Winter.
The Middle East confirms to be very hot, with a new Cyber Attack, probably another occurrence of Shamoon, targeting RasGas, yet another Oil Company.
Just one note: of course it is impossible to track all the targets of the #OpFreeAssange. You can find a complete list at cyberwarnews.info.
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
Find here February 2012 Cyber Attacks Timelime Part I.
With a small delay (my apologies but the end of February has been very busy for me and not only for Cybercrooks as you will soon see), here it is the second part of my compilation with the main Cyber Attacks for February 2012.
Easily Predictable, the Hacktivism is still the main concern for System Administrators, in particular for the ones of Stratfor who suffered a huge leak of 5 million of emails.
On the same front, the threats of the Anonymous for the Friday actions have come true and as a matter of fact Law Enforcement Agencies suffered other remarkable breaches in this month: Infragard for the second time and also Interpol (a new entry) that was taken down after the arrest of 25 members of the collective. Anti ACTA protest also continue to shake Europe as also the delicate economical and social situation in Greece.
Last but not least, this month has also seen an unforgettable leak, affecting potentially more than 1.000.000 Youporn users.
As usual, the chart does not include the events related to Middle East Cyber War Timeline, that you may find at this link, as they “deserve” a dedicated timeline.
There are really few doubts, this is the most (in)famous hacking collective. There is no new day without a new resounding action. They are Anonymous. They are Legion. They do not forgive. They do not forget. Expect Them.
B like Barrett Brown
Considered one of the early members, Barrett Brown is the alleged spokesperson of Anonymous.
C like Chanology (AKA Project Chanology, AKA Operation Chanology)
A protest movement against the practices of the Church of Scientology by Anonymous. The project (or Operation) was started in response to the Church of Scientology’s attempts to remove material from a highly publicized interview with Scientologist Tom Cruise from the Internet in January 2008 and was followed by DDoS attacks and other actions such as black faxes and prunk calls.
D like DDoS
Distributed Denial of Service (abbreviated DDoS) is the preferred weapon by Hackitivsts, since it does not need particular hacking skills and may also be centrally controlled (with a hive mind who define the target). The preferred tool for perpetrating DDoS attacks is LOIC, although next-gen tools are under development.
E like Encyclopædia Dramatica
A satirical open wiki, launched on December 10, 2004 and defunct on April 14 2011. It is considered one of the sources of inspiration for The Anonymous.
F like Fawkes Guy AKA Fawkes Guido
Guy Fawkes (13 April 1570 – 31 January 1606), also known as Guido Fawkes, belonged to a group of provincial English Catholics who planned the failed Gunpowder Plot, a failed assassination attempt against King James I of England. His stylised mask designed by illustrator David Lloyd and used as a major plot element in the “V for Vendetta“ Comic Book, is the symbol for the Anonymous. The failure of the Gunpowder plot has been commemorated in England since 5 November 1605.
Here it is the complete list of Main Cyber Attacks for July: definitively it looks like the Dog Days did not stop the Cyber Attacks, which have been particularly numerous during August.
Following the trail of July, an attack against PCS Consultants, another U.S Government contractor opened this hot month, even if the controversial shady RAT affair monopolized (and keeps on to monopolize) the infosec landscape (and not only during the first half of the month). Easily predictable nearly every endpoint security vendor (and McAfee competitors) tend to minimize the event considering it only the latest example of RAT based cyber attacks with no particular features (see for instance the comment by Sophos, Kaspersky and Symantec).
Analogously the Dog Days did not stop hactivism with the infamous hacking group Anonymous (and its local “chapters”) author of several attacks in different countries and most of all of author of a kind of arm wrestling against BART (Bay Area Rapid Transit), sometimes carried out with questionable methods. Research in Motion was indirectly involved on the Anonymous Campaign during the London Riot, but also Anonymous was hit by (another) defacement attack carried on by Syrian hackers which affected Anonplus, the alternative Social Network.
South Korea was also hit with other massive breaches (involving also Epson Korea) and a defacement against the local branch of HSBC.
According to my very personal estimates, based on the Ponemon Institute indications, the cost for the data breach for which enough information was available, is around $ 126 million mainly due to the impressive Epson Data Breach.
Useful resources for compiling the table include:
And my inclusion criteria do not take into consideration simple defacement attacks (unless they are really resounding) or small data leaks.
Enjoy the complete list!
Another U.S. Government contractor, PCS Consultants gets hacked by Anonymous & Antisec. Hackers extract website Database and leak it on the internet via Twitter on Pastebin (as usual!). Leaked Data include Admin’s and 110 users emails, plus passwords in encrypted hashes.
72 hours after the first defacement, Vitrociset, a contractor of Italian Cyber Police, is hacked and defaced again by Anonymous.
|Aug 3||United Nations (Shady RAT)
In an interview to Vanity Fair (as to say, information Security is a fashion), a McAfee Security Researcher declares UN and other international institutions have been victims of a large scale Remote Access Tool based attack from a Foreign Country. The attack is dubbed shady RAT and suspects are directed to China.
|Remote Access Tool|
Anonymous and Colombian Hackers shut down the websites of Colombia’s president, the interior and justice ministry, the intelligence service DAS and the governing party. The hacker attack was meant as a protest against government censorship.
|Aug 3||The SUN and News Corp. International
Britain’s Rupert Murdoch-owned tabloid The Sun sends a message to readers warning them that computer hackers may have published their data online after an attack on the paper’s website last month. A hacker styled ‘Batteye‘ claims to have posted details taken from The Sun on the Pastebin.
|Aug 3||Front National
As a consequence of the Massacre of Oslo, Anonymous France claims to have hacked a server belonging to Front National, leaking a list of 100 leaders of the party
Eight weeks after a hacker cracked its credit card database, the company’s credit card unit in Japan, Citi Card, reported in a message to its user base that “certain personal information of 92,408 customers has allegedly been obtained and sold to a third party illegally.” Estimated cost of the breach is about $19.8 million.
|Aug 6||Law Enforcement Agencies
After the first attack to Law Enforcement Institutions in July, Anonymous and LulzSec, as part of what they define the ShootingSheriffsSaturday, leak again 10 Gb of Data from the same Law Enforcement Agencies, including private police emails, training files, snitch info and personal info. The attack was made in retaliation for anonymous arrests
|Aug 6||SAPPE (Sindacato Autonomo Polizia Penitenziaria)||SQLi?|
|Aug 6||Policia Federal (Brazilian Police)
LulzSec Brazil hacks Brazilian Police and discloses 8 gb of data from what they defined the Pandora’s Box
|USB Key Stolen?|
|Aug 7||Syrian Ministry of Defense
The Syrian Ministry of defense is hacked by Anonymous which defaces the web site and post a note supporting the Syrian people
|Aug 9||Anonplus (Anonymous Social Network)
In retaliation for the defacement of the Syrian Ministry of Defence, a Syrian Group of hackers dubbed Syrian Electronic Army, has defaced (for the third time), Anonplus, the alternative Social Network in phase of deployment by Anonymous, posting several gruesome images.
|Aug 9||Research In Motion
As an (in)direct consequence of the London Riots, a crew of hackers called TeaMp0isoN defaces The Official BlackBerry Blog after RIM has indicated to assist London police, who are investigating the use of the messaging service in organizing riots, with a “very extensive monitoring of the BlackBerry Messenger model”.
| Aug 9
As part of Operation Antisec, LulzSec and Anonymous, release 5gb of documents, photos, audio files and videos, exposing that wich was one of the greatest corruption scandals in the recent history of Brazil
||University Of Wisconsin Milwaukee
The Social Security numbers of 75,000 students and employees at the University of Wisconsin-Milwaukee arE exposed after hackers planted malware in a campus server.ty-of-wisconsin-server. Estimated Cost of the Breach is $16 million.
||Hong Kong Stock Exchange (HKEx)
The Hong Kong stock exchange (HKEx) halts trading for seven stocks in the afternoon trading session after its website was attacked during the morning trading session. The seven stocks in question were all due to release sensitive results to the website that could impact the price of their stocks. Initially the attack was believed to have compromised the web site. Later it was discovered to be a DDoS.
An hacker called Headpuster, to protest against the sale of user data to a third party operator, hacks Welt.de using an SQL Injection (http://boot24.welt.de/index_welt..php?ac =***) and steals a large amount of data including credit card information of 30,264 users from the database He then publishes censored excerpts. Estimated cost of the breach is around $6.5 million.
||Hong Kong stock exchange (HKEx)
The Hong Kong stock exchange comes under attack for the second day in a row on Thursday. The exchange blamed a Distributed Denial of Service (DDoS) attack against its news web server, hkexnews.hk. A Suspect has been arrested on Aug, the 23rd.
As part of their #OpBART and #Bart-Action in response to a temporary shutdown of cell service in four downtown San Francisco stations to interfere with a protest over a shooting by a BART police officer, Anonymous attacks the myBART.org website belonging to San Francisco’s BART (Bay Area Rapid Transit) system. They perform a SQL injection (SQLi) attack against the site and extract 2,450 records containing names, usernames, passwords (plain text), emails, phone numbers, addresses and zip codes. Estimated Cost of the Breach is $524,300.
After SK, Another South Korean service provider reports a large-scale data breach of usernames and passwords for subscribers worldwide. This time, it’s the turn of Seoul-based streaming media service GOMTV to suffer a data-spilling intrusion. According to GOM TV, the breach happened early in the morning of Friday 12 August 2011 Korean time; the company sent out a warning email to its subscribers on Sunday 14 August 2011.
|Aug 16||Vanguard Defense Industries
Antisec targets Richard Garcia, the Senior Vice President of Vanguard Defense Industries (VDI). During the Breach nearly 4,713 emails and thousands of documents are stolen. The attack has been performed on August the 16th, but, as a consolidated tradtion, the torrent has been released on Friday, August the 19th.
|Vulnerability in WordPress Hosting Platform|
Hacker group Cslsec (Can’t stop laughing security) leaks some accounts from Ebay and post them on pastebin.
|Aug 17||BART Police
A database belonging to the BART Police Officers Association is hacked, and the names, postal and email addresses of officers are posted online. Over 100 officers are listed in the document posted, as usual, on pastebin. Estimated cost of the breach is $21,400.
A turkish based hacker hacks and defaces the Korean branch of HSBC, the global banking group.
|Aug 21||pr0tect0r AKA mrNRG
The developer forum section of Nokia Website is hacked by Indian Hacker “pr0tect0r AKA mrNRG“. He was able to deface the site and access to email records. According to an official statement from Nokia a “significantly larger” number of accounts has been accessed although they do not contain sensitive information.
|Aug 21||Danish Government
Anonymous Hackers upload a file on Torrent containing the snapshot of the Danish Government database of companies. The snapshot was obtained during the summer of 2011 by systematically harvesting data from the public parts of the cvr.dk website.
Hacking in South Korea: After GOMTV.NET Epson Korea is hit by a massive data breach, involving the personal information of 350,000 registered customers. Hackers break into Epson Korea’s computer systems, and steal information including passwords, phone numbers, names, and email addresses of customers who had registered with the company. Estimated cost of the breach is $74,900,000.
||Libyan domain name registry
Hackers deface the nic.ly website, the main registry which administers .ly domain names (the “.ly” stands for “Libya”) and replace it with anti-Gaddafi message.
@ThEhAcKeR12, an admirer of Anonymous acts independently to breach an outsourced provider and steal a customer list with 20,000 log-in credentials. Many on the list were U.S. government employees. Estimated cost of the breach is around $4,280,000.
|Aug 22||UK MET Police
As part of the Murder Military Monday, Metropolitan UK Police is hacked for #Antisec by CSL Security using SQL injection Vulnerability and the vulnerable link is also shown on Twitter and pastebin. Other attacked sites include: USarmy.com, GoArmy.com.
|Aug 23||U.S. Government
F-Secure discovers that on 17th of July, a military documentary program titled “Military Technology: Internet Storm is Coming” was published on the Government-run TV channel CCTV 7, Millitary and Agriculture (at military.cntv. While they are speaking about theory, they actually show camera footage of Chinese government systems launching attacks against a U.S. target.
||U.S. Military Base
Another example of military emails leaked by hackers.
|Aug 27||Division Hackers Crew
Division Hackers Crew hacks the Database of Borlas.net (Free SMS Site) and leaks the usernames, Passwords, emails and phone numbers of 14800 registered users. As usual, leaked database has been posted on pastenbin. Estimated cost of the breach is $3,167,200.
Anonymous Hacker hacks Orange.fr and uploads the database and Site source code backup on file sharing site.
|Aug 29||Iranian Hackers
A user named alibo on the Gmail forums posts a thread about receiving a certificate warning about a revoked SSL certificate for SSL-based Google services. The certificate in question was issued on July 10th by Dutch SSL certificate authority DigiNotar. The fake certificate was forged by Iranian Hackers, and revoked immediately. This is the second episode of a MITM attack against Google after the Comodo Affair in May.
||Gabia (South Korean domain registrar)
Another Cyber Attack in South Korea: Gabia a South Korean domain registrar is hacked on Saturday Aug 27, according to a report Monday by the Korea Herald. The hack exposed over 100,000 domains and 350,000 users data. The information included names, user IDS, passwords and registration numbers.
Sometimes they come back: one of the lulzsec members seems to have made a quick returning hacking a child porn trading forum and leaking over 7000 accounts.
|Aug 30||Wikileaks (1)
Der Spiegel reports that a WikiLeaks file containing the original leaked US State Department cables has inadvertently been released onto the Internet. The documents have not been edited to protect sources, meaning that the lives of informants could be at risk.
The WikiLeaks website, which contains thousands of U.S. embassy cables, has crashed in an apparent cyberattack. The anti-secrecy organization said in a Twitter message Tuesday that Wikileaks.org “is presently under attack.”
@neatstuffs leaks over 23,000 emails and passwords from a Star Wars Fan Club, and all the passwords are in clear text…sad isnt it? that a website would store so many users information with no security.
The Pwnie Awards is an annual awards ceremony celebrating the achievements and failures of security researchers and the security community.
The awards are given out once an year. The fifth annual ceremony will take place on Aug 3rd, 2011 in Las Vegas at the BlackHat USA security conference.
In 2011 there will be nine award categories:
- Pwnie for Best Server-Side Bug
- Pwnie for Best Client-Side Bug
- Pwnie for Best Privilege Escalation Bug
- Pwnie for Most Innovative Research
- Pwnie for Lamest Vendor Response
- Pwnie for Best Song
- Pwnie for Most Epic FAIL
- Pwnie for Lifetime Achievement
- Pwnie for Epic Ownage
Do you remember the hacking matrix I posted several days ago, emphasizing impact and innovation as two key factors in hacking? Well, it looks like the panel of the judges did recognized the value of these two factor (together with a certain amount of shallowness in case of Sony).
(Nearly) all the events drawn in the matrix, which happened in 2011 deserved a nominee for the prize, with the exception of Epsilon Data Breach, whose likely category, Most Epic Fail, has been literally monopolized by Sony with 5 nominations.
RSA deserved a nomination as well in the category “Lamest Vendor Response”, while the category Epic Ownage has been monopolized by LulzSec. Even if LulzSec has been appointed only once for “hacking everyone”, there is also a nomination for Anonymous for “hacking HBGary Federal”, probably this is a mistake since it looks clear that HBGary Federal was hacked by the Lulz Boat as well (as also ironically stressed by the LulzSec group itself).
The other two nominations for the Epic Ownage? Bradley Manning and Wikileaks (but I would also have inserted Lady Gaga since a fake Lady Gaga CD was used to perform the leak, and… most of all Stuxnet, who ranked at the top for impact an innovation in this matrix. Stuxnet is considered the first of a new generation of Cyber-weapons even if, so far, no other malware of similar sophistication has been detected (but U.S. Department of Homeland Security fears a modified Stuxnet variant could soon attack U.S. Infrastructure).
Interesting to notice, as suggested by Network World, whoever will win the Epic Ownage prize will be, in theory, a criminal for the law, consequently Law enforcement could be seriously interested to see if anyone actually shows up to this year to accept the prize for Epic Ownage at Black Hat, since all the nominees will face possible criminal charges.
At this link a complete list of the nominations.
Probably LOIC is not so safe as it was supposed to be.
Yesterday FOX News (curiously the American province of the Murdoch Empire which had suffered an hacking attack by the Lulz Boat the day before) was the first to report of three FBI Raids at the New York homes of three suspected members of notorious hacking group Anonymous early Tuesday morning. Later on the same day more details came clear, including the fact that the raids were part of a wider ongoinhg operation involving, to date, more than 35 search warrants issued by FBI (for a total of 75 searches to date), after which sixteen suspected members of Anonymous were arrested in Florida, New Jersey and California (more details in the official FBI press release including the names of the arrested individuals).
The arrested individuals were considered responsable for the DDoS attacks against Visa, Mastercards, PayPal and more, after the companies decided to suspend donations for WikiLeaks.
In the same hours, again according to Fox News, officers from the Metropolitan Police’s E-Crime Unit in London arrested a 16-year-old boy in South London Tuesday afternoon, on suspicion of breaching the Computer Misuse Act. The suspected individual could be Tflow, a key member of the infamous hacker group LulzSec, and he has beeen charged of the Infragard hacking, an affiliate to FBI, on June, the 3rd 2011.
If we exclude the arrest of the alleged Lulzsec member, as I already suggested, probably in many cases the alleged Anonymous members are “Would-be” hacker, recklessly involved in hactivism campaigns on the wave of enthusiasm butwithout the necessary skills. This explains the low average age of the teens purportedly involved. As a confirm I found this interesting post on ReddIt in which a family man tells, triggering the predictable comments from taxpayers, of an FBI in his house with a search warrant (20 agents, guns drawn) because they seemed to believe his 13 year old son was an integral part of the ANON ddos attack on Paypal (I must confess that for an European grown with Sci-Fi U.S. Movies like I am, the imagine of 4 cars and a black van filled with FBI agents invading a common house is priceless). It looks like this is not the only example.
No One has ever been arrested for using LOIC? Not anymore…
- No One has ever been arrested for using LOIC (paulsparrows.wordpress.com)
- FBI searches homes of suspected Anonymous hacktivists in New York (nakedsecurity.sophos.com)
Update July 14: Database Re-leaked
A couple of hours ago Anonymous re-leaked the info of 2,500 Monsanto employees enriched with further data. The reasons are explained in the following statement:
We previously leaked 2551 emails and names of MonsantoCo employees and associates for the whole internets to see.
Immediately following this, attacks were made attempting to access/change the password on the OpMonsanto Twitter account as well many failed login attempts on 2 corresponding email accounts.
The paypal account used to finance the operation was reported and all assets frozen. Somebody, most certainly, is mad at us :(
We didn’t appreciate that very much, so we updated the leaked database to include
the previously redacted city/state/country and phone numbers.
Operations remain unaffected, this is just the beginning.
In response to some attempts to hack the #OpMonsanto Twitter account, Anonymous decided to disclose further information about the leaked records (Cities and Phone Numbers). The last phrase of the statement sounds particularly threatening: This is just the beginning… And it is further confirmed by a gloomy tweet. A warning for Exxon (#OpExxon) as well, the next alleged target?
Few hours after the attack to consulting firm (and military contractor) Booz Allen Hamilton, Anonymous has performed another resounding operation. As part of their #OpMonsanto, the Anonymous have leaked info of 2500 employees belonging to Monsanto, including their home address.
The reasons behind the attacks have been explained with a subsequent tweet:
are an aftermath of the WikiLeaks affair and concern the alleged strategy used by Monsanto to push GMO. Few days ago Anonymous warned Monsanto to expect something “more serious than a DDOS” after the company filed lawsuits against organic farmers for labeling their product as not containing growth hormones. At the end something more serious than a DDOS happened…
- Another One Bytes The Dump (paulsparrows.wordpress.com)
It looks like that security issues for US Military contractors never end. The consulting firm Booz Allen Hamilton is only the last which has fallen under the blows of anonymous. In the name of the #AntiSec operation hackers claimed today that they compromised a server released internal data, including about 90,000 military e-mail addresses. Due to the huge amount of data leaked, the operation was called #MilitaryMeltdownMonday.
We infiltrated a server on their network that basically had no security measures in place. We were able to run our own application, which turned out to be a shell and began plundering some booty. Most shiny is probably a list of roughly 90,000 military emails and password hashes (md5, non-salted of course!). We also added the complete sqldump, compressed ~50mb, for a good measure.
The entire statement is available on pastebin, while the leaked data have been inserted into a torrent at The Pirate Bay, and are also already available on pastebin, although password are hashed (but not salted).
We also were able to access their svn, grabbing 4gb of source code. But this was deemed insignificant and a waste of valuable space, so we merely grabbed it, and wiped it from their system.
It was clear that something was in the air since a couple of days, as some tweets announced “the biggest day in #anonymous‘ history according to sabu”:
This might be an indication that the ghost of the infamous group LulzSec played a crucial role in the attack to Booz Allen Hamilton. As a matter of fact Sabu, is the alleged leader of the infamous group LulzSec, and also the alleged author of the hack to HBGary Federal, another military contractor hacked earlier this year becouse of its CEO Aaron Barr claimed to have unmasked some Anonymous members. In response to his actions, the hackers dumped 71,000 emails which revealed, among the others things, that HBGary had worked with Booz Allen Hamilton to develop a response plan for Bank of America based on what the bank feared might be an upcoming leak of its internal documents by WikiLeaks.
The Anonymous statement also paints the contractor as another player involved (together with HBGary) on a military project, dubbed Operation Metal Gear by Anonymous (for lack of an official title) designed to manipulate social media, and as a revolving door of military-related conflicts of interest, and argues that the firm has been involved in mass surveillance projects.
The company wrote on its Twitter feed that “as part of @BoozeAllen security policy, we generally do not comment on specific threats or actions taken against our systems.”
This is only the last attack to a U.S. Contractor. On July, the 9th, Anonymous attacked IRC Federal, an FBI contractor, and dumped the content of the attack on a torrent available once again at The Pirate Bay. The dumped content apparently included databases, private emails, contracts, development schematics, and internal documents for various government institutions. The attack was performed as a sequel to the first one against Infragard, another FBI affiliate, on June, the 3rd performed (what a coincidence) from LulzSec.
After HBGary Federal, between April and May 2011 three U.S. Defense contractors: L-3, Lockheed Martin and Northrop Grumman were attacked by using compromised RSA seeds, although in this case no one has been identified as the author of the attacks, and also no connection with anonymous has been found.
- Hackers claim they exposed Booz Allen Hamilton data (news.cnet.com)
- 50 Days of Hunt (paulsparrows.wordpress.com)