Evolution of Hacktivist Campaigns

In the next week we are going to see a major hacktivist operation, aimed against Israel, called #OpIsraelBirthday which is supposed to start on the 7th of April. The operation is dubbed “birthday“ since it comes to commemorate the last OpIsrael that took place on the same date last year. In recent weeks, there was a lot of internal debate in SenseCy about what has changed from then to now and what can we expect to see in the coming operation. I think that the results of this debate might be interesting to you as well:

–          DDoS Attacks – DDoS attacks are nothing new, but recently, attackers have started utilizing a new-old approach in the form of reflection attacks. If a year ago the height of the attack topped at 30Gb/sec attacks, it’s more than plausible to assume that we’re going to see one order of magnitude higher than that. This might be ok for a large sized country but for Israel this might cause problems in the ISP infrastructure itself and not just create a denial of service to the target site.

–          Self-Developed Code – If up until now, most of what we have seen coming from the anti-Israel hacktivism groups was reuse of anonymous code, with maybe slight improvements in the UI interface, lately we have started to identify unique/ original code developed by the groups themselves, albeit some of it is dependent on existing code and available libraries but this might be an indicator for things to come.

 AnonGhost DDoSer

AnonGhostDDoSer – Developed by AnonGh0st for OpIsraelBirthday

 

–          Dumps vs. Defacements – It seems that the general objective now is less the defacement of sites and more the ability to create harm and panic through the publication of stolen data dumps. We see more and more details regarding allegedly hacked sites (some of them important) with the promise that the databases will be published on the 7th of April. This is probably the first time these hacktivist groups are trying to achieve a more widespread impact that is, at least in spirit, similar to the terror effect.

–          Shells and RATs – It seems that SQL injections and cross site scripting is shifting from being the end result to being the means in which the hacktivist groups place web shells on their targets or infect the targets with RATs and other malware. It might, in effect, suggest a more coherent effort to cause more sophisticated damages to their targets.

All in all, it seems that the motivation for the attack remains similar, but the magnitude and scope of the upcoming operation seems to be larger and more dangerous than the last one (in terms of tools available and number of participants). However, companies and organizations that are aware of the threat can, in turn, take actions to handle and mitigate these attacks.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s