No Summer Slowdown For Hackers In August
Summer might be winding down, but hackers were just getting warmed up. This month, the hacktivist community asserted themselves squarely on the political stage, launching strategic, politically motivated attacks aimed at everyone from ousted Middle Eastern leaders to oft-targeted whistleblower site WikiLeaks.
Large corporations, such as Research In Motion and San Francisco’s Bay Area Rapid Transit train system [BART], also felt hackers’ wrath when they attempted to thwart political protests by interfering with cell phone and IM communications.
And no month would be complete without attacks against a few government defense and research contractors. Here are a few of the month’s cyber attack highlights.
Cyber Attacks: ManTech
Anonymous hackers kicked off the month of August with a cyber attack against FBI contractor ManTech International, which they claimed compromised almost 400 megabytes of data from the managed cybersecurity provider and was part of its AntiSec campaign -- a collaborative effort between Anonymous and spin-off hacker group LulzSec.Included in the stolen data were numerous documents belonging to NATO, the U.S. Army, the U.S Department of Homeland Security, the U.S. State Department and the U.S. Department of Justice, as well as other personnel information, the group said.
As customary with its hacks, Anonymous posted a 390 BitTorrent file to the Pirate Bay file-sharing web site. The file was coupled with a note that said the hack was intended to push back against the FBI following the arrest of 14 Anonymous hackers suspected of participating in a massive December cyber attack against PayPal.
Cyber Attacks: WikiLeaks
The ultimate whistleblower site, WikiLeaks, was hit with a high profile denial of service attack following the release of 134,000 U.S. diplomatic cables during the last week in August.During prior releases, WikiLeaks had practiced diligence in maintaining the privacy of individuals mentioned by name in the U.S. cables. However, the WikiLeaks site apparently suffered a data breach when Assange shared a passphrase with an external source required to decrypt a batch of cables taken by former colleague Daniel Domscheit-Berg.
Domscheit-Berg returned the cables last November, after which WikiLeaks supporters subsequently made the contents available in a public archive when they failed to notice that the archive contained a hidden directory with the encrypted file holding the cables, and unintentionally exposed the file. Then, as if to add insult to injury, WikiLeaks was knocked down when hackers unleashed what was presumed to be a retaliatory DOS attack days after the cables were leaked.
Cyber Attacks: Vanguard Defense Industries
It didn’t come as a big surprise when yet another defense contractor was targeted by data-stealing hackers in August. The U.S. defense contractor Vanguard Defense Industries was hit with an attack that lifted and published thousands of e-mail and sensitive documents.Among other things, Vanguard is known for developing remote controlled ShadowHawk helicopters used by the U.S. military. Altogether, the hackers, who published an open letter directed at VDI senior vice president Richard Garcia, said that the leak contained internal meeting notes, contracts, schematics, non-disclosure agreements, personal information about VDI employees and several dozen classified “counter-terrorism” documents. “We are doing this not only to cause embarrassment and disruption to Vanguard Defense Industries, but to send a strong message to the hacker community. White hat sellouts, law enforcement collaborators, and military contractors beware: we're coming for your mail spools, bash history files, and confidential documents,” the hackers said.
Cyber Attacks: San Francisco's Bay Area Rapid Transit
Proving that no issue is too small to protest in San Francisco, Anonymous hackers gained local notoriety in the Bay Area after they launched a cyber attack that defaced San Francisco’s Bay Area Rapid Transit (BART) marketing web site, compromising the personal information of more than 2,400 users. The attack forced officials to take the MyBART.org site offline for several hours in order to address the vulnerabilities. As part of the cyber attack, Anonymous hackers published thousands of BART customer names, addresses, e-mail addresses and phone numbers from the transportation system’s marketing web site, designed to promote BART ridership and offer information about news and events in the San Francisco Bay Area.Meanwhile, Anonymous members spearheaded a series of public demonstrations at various BART stations throughout the city, in protest of the transportation agency’s decision to cut cell phone service to thwart yet another scheduled protest.
Cyber Attacks: Nokia
The Nokia developer forum became one of this month’s cyber attack victims when miscreants launched a cyber attack that exposed personal information of developers and defaced the developer.nokia.com discussion forum. This time, attackers managed to infiltrate a Nokia community forum database and expose a slew of personal information, including names, birthdates, e-mail and IM addresses and usernames for AIM, ICQ, MSN, Skype and Yahoo accounts.The hackers then left a calling card by defacing the Nokia developer Web site with a redirect that led visitors to a picture of Homer Simpson hitting his head and uttering his classic “Doh!,” coupled with a snarky written message.
Nokia downplayed the issue in an advisory alerting users to a vulnerability in its developer forum database storing e-mail addresses and other personal information, whichenabled hackers to execute a simple SQL injection attackand obtain the personal data of its developers.
Cyber Attacks: Epson Korea/Gabia
Following July’s massive Korean cyber attack, the country was the source of another breach when the personal information of 350,000 registered users was stolen from Epson Korea. During the attack, hackers infiltrated the computer networks of Epson Korea, the Korean division of Japan's Seiko Epson Corp., and pilfered a bundle of sensitive personal information that included passwords, phone numbers, names and e-mail addresses of registered customers.Epson posted an advisory on its site alerting users to the breach, warning users to change their passwords as soon as possible.
Also in August, the country suffered yet another attack when hackers accessed the computer systems of South Korean domain registrar Gabia, impacting the online connection of 100,000 registered domains. The Epson and Gabia breaches follow weeks after the country was hit with a massive cyber attack that compromised the accounts of 35 million users from a social networking site.
Cyber Attacks: Hong Kong Stock Exchange
Don’t like the way the stocks are headed? Well, you could hack into the Web site of the stock exchange. That could have been the motivation when hackers took down the Hong Kong Stock Exchange web site this month, forcing it to suspend trading shares of the London-based HSBC and six other companies for two days in a row.Altogether, the hackers crashed a web site that companies relied on to announce price sensitive information. The Hong Kong Stock Exchange responded by halting trade on seven companies slated to post announcements on the site, including HSBC, China Power International, Cathay Pacific and the Hong Kong Stock Exchange site.
Officials determined said that the DDoS attacks were sourced to a wide variety locations, while the attacking computers located outside of Hong Kong, indicating that the hackers were likely employing a botnet.
Cyber Attacks: Syrian Ministry of Defense
In order to predict the next attack with relative certainty, all one might have to do is read the news blogs. Anonymous hackers started beating the drums of politics with a hack that defaced the web site of Syria’s Ministry of Defense.Specifically, visitors to the web site were treated to an Anonymous logo, coupled with images and links of videos depicting the death of thousands of Syrian protestors. The hack followed after reports of thousands of Syrian deaths when military cracked down on protests with tanks and deadly force.
Members of Anonymous also embedded a message in both English and Arabic that read:
"To the Syrian military: You are responsible for protecting the Syrian people, and anyone who orders you to kill women, children, and the elderly deserves to be tried for treason. No outside enemy could do as much damage to Syria as Bashar Al-Assad has done. Defend your country – rise up against the regime! – Anonymous"
Cyber Attacks: Libya's Top Domain
If you’re a beleaguered tyrannical autocrat on the run from angry guerrilla insurgents, chances are you’re also going to be the target of a cyber attack perpetrated by political hacktivists. So be prepared.Hacktivists, calling themselves Elctr0n, remotely joined forces against the former Libyan leader Colonel Gaddafi by defacing the country’s top level domain, which ends with nic.ly. Staying true to form, hackers replaced the web site’s content with a message that read :
:[+] HACKED By Electr0n[+] & |~| ali monder |~| bye bye Qadaffi Feb 17 Libya Greetz to Dr.exe | Qnix | Rock-Master | LoverBoy | r1z And All Muslim Hackers :)
:[+] HACKED By Electr0n[+] & |~| ali monder |~| bye bye Qadaffi Feb 17 Libya Greetz to Dr.exe | Qnix | Rock-Master | LoverBoy | r1z And All Muslim Hackers :)
The date February 17th corresponds to the date that Libyan protesters initiated their demonstrations against the notorious Libyan dictator. Ironically, in an audacious move that even China might not completely comprehend, Libya cut itself off from any online connection March shortly after the beginning of the rebel uprising.
Cyber Attacks: RIM BlackBerry
The official blog of Research In Motion was hacked apparently in retaliation for its pledge to assist Britain’s Metropolitan police quell student riots by issuing a BlackBerry Messenger (BBM) “curfew” to thwart communication between protesters. During the attack, a hacker group, calling themselves, "TriCk - TeaMp0isoN,” defaced the BlackBerry site and replaced the content with a message that read:Dear Rim; You Will _NOT_ assist the UK Police because if u do innocent members of the public who were at the wrong place at the wrong time and owned a blackberry will get charged for no reason at all,” the hackers wrote on the RIM blog. “if you do assist the police by giving them chat logs, gps locations, customer information & access to peoples BlackBerryMessengers you will regret it”
The hackers said they got a list of customer addresses, names, and phone numbers, stolen from a compromised RIM database, which they promised to make public if RIM continued with its plans to intercept BBM communication.
