AnonGhost VS Uncle Sam (#OpUSA – May 7, 2015)

Hacking group AnonGhost has published an official video on #OpUSA, its upcoming cyber campaign against the United States. The video, addressed to the U.S. government, does not mention the date of the campaign or the list of targets, but based on the group’s 2013 #OpUSA campaign, it appears that it is set to take place on May 7. The official video’s YouTube page mentions prominent AnonGhost members Mauritania Attacker, An0nx0xtn, DarkCoder, Donnazmi, and Hussein Haxor, all of whom promote the group’s agenda in social networks.

AnonGhost post about #OpUSA
AnonGhost post about #OpUSA

On May 7, 2013, AnonGhost, along with other groups such as the Tunisian Hackers, threatened to hack American government and financial websites. While they were highly motivated, they failed to achieve much other than to deface several websites and leak emails and personal information. A possible reason for their limited success is that several days before the campaign, hackers speculated on social media that #OpUSA was actually a trap set by the federal government in order to expose and arrest the participants.

Partial list of #OpUSA targets in 2013
Partial list of #OpUSA targets in 2013

One of the groups that participated in 2013, N4m3le55 Cr3w, published a long list of recommended DDoS tools at that time, most of which are common hacking tools that are likely to be used in the current campaign as well.

  • HOIC
  • LOIC
  • Slowloris
  • ByteDos
  • TorsHammer, a Python-based DDoS tool created by the group called An0nSec.
  • SYN Flood DOS, a DDoS tool that operates with NMAP and conducts a SYN Flood attack.

Intelligence Review of #OpIsrael Cyber Campaign (April 7, 2015)

Starting at the end of last week, hacktivist groups from around the Muslim world tried to attack Israeli websites, particularly those of government institutions, as part of the #OpIsrael cyber campaign. In the past twenty-four hours they stepped up their activity, but we have seen no signs of major attacks. Despite all the publicity prior to the campaign, the hackers’ successes were limited to defacing several hundred private websites and leaking the email addresses of tens of thousands of Israelis, many of them recycled from previous campaigns. Several dozen credit card numbers were also leaked on information-sharing websites, but our examination shows that some were recycled from past leaks.

AnonGhost, which initiated the campaign, was the main actor behind it. However, other groups of hackers, such as Fallaga, MECA (Middle East Cyber Army), Anon.Official.org, and Indonesian and Algerian groups also participated in the attacks. As the campaign progressed, we saw an increasing number of posts and tweets about it (over 3,000), but this is still significantly less than last year, when there were tens of thousands.

As we noted in previous updates, the campaign was conducted primarily on social networks, especially Facebook and Twitter. IRC channels opened for the campaign were barely active, partly because hackers feared spying by “intelligence agents.” On closed forums and Darknet platforms, we saw no activity related to #OpIsrael.

Participants discuss why the campaign is smaller than in 2013
Participants discuss why the campaign is smaller than in 2013

Following is a summary of the main results of the attacks that we have identified so far:

  • Defacing of hundreds of websites. Victims included Meretz (an Israeli political party), various Israeli companies, sub-domains of institutions of higher education, municipalities, Israeli artists, and more.
  • Leaking of tens of thousands of email addresses and personal information of Israelis. A significant portion of the information was recycled from previous campaigns. Databases from third-party websites were also leaked. In addition, two files were leaked and according to the hackers, one had 30,000 email addresses and the other 150,000 records.
  • Publication of details from dozens of credit cards, some of them recycled.

#OpIsrael Campaign – April 7, 2015: Cyber Intelligence Review

Background

This is the third round of the anti-Israel cyber campaign called #OpIsrael. The hacktivists are highly motivated to attack Israel, and they have been gradually building their campaign infrastructures on social media networks. Many have been posting videos with threatening messages in the leadup to April 7. AnonGhost, which is behind the campaign, has announced that it will cooperate with three anti-Israel groups known from previous campaigns: Fallaga, MECA (Middle East Cyber Army), and Anon Official Arabe.

Official announcement from AnonGhost on future cooperation
Official announcement from AnonGhost on future cooperation

Most of the social media discussions about the campaign are taking place in the Middle East, North Africa, Southeast Asia, Western Europe, and the United States (the attackers appear to be using proxy services). In addition, during March 2015 the number of Twitter tweets about the campaign increased by hundreds per day. Nevertheless, it is important to note that during the campaign, there will likely be several thousand or even tens of thousands of tweets a day, as was the case during previous campaigns.

Increase in the number of tweets about #OpIsrael per day in March 2015
Increase in the number of tweets about #OpIsrael per day in March 2015

Prominent Participants

At the time of writing, the number of participants is about 5,000. The most prominent groups in the campaign are from North Africa, the Middle East, and Southeast Asia. Groups of hackers from South America, such as Anonymous Chile and Anon Defense Brasil, and hackers affiliated with Anonymous have also expressed support for the campaign. We have not yet seen evidence of active involvement or public support for the campaign by cyberterrorist groups.

Attack Targets

The attack targets recommended by those participating in the campaign are government websites, financial websites such as the Tel Aviv Stock Exchange’s or the Bank of Israel’s, academic websites, telecom websites, and media websites. These lists are familiar from previous anti-Israel campaigns.

In addition, AnonGhost and Fallaga leaked a list of hundreds of telephone numbers of Israeli officials from an unknown source to point out potential targets for anti-Israel text messages or phishing attacks, such as those that took place during #OpSaveGaza.

Post from AnonGhost threatening to send messages to Israeli telephone numbers
Post from AnonGhost threatening to send messages to Israeli telephone numbers

Attack Tools

The attack tools we have identified so far mostly appear in lists that include links for downloading the tools. Most of these lists are well-known from previous anti-Israel campaigns. However, we identified several unique self-developed tools created specifically for the campaign:

  • AnonGhost DDoS – A DDoS tool developed by AnonGhost, which initiated the campaign.
  • LOIC Fallaga – A DDoS tool developed by Fallaga. This tool was developed for an anti-Israel hacktivist operation that took place on March 20 of this year, but we expect that hacktivists will use it in the #OpIsrael campaign as well.

How Hackers Use Social Media Networks to Put Your Organization at Risk

SenseCy’s teams monitor underground and password-protected forums and communities in many languages – Russian, Arabic, Persian, Chinese, Portuguese, English, and more. By gaining access to the Deep Web and Darknet, we identify suspicious activity and new hacker tools and enable our clients to mitigate or eliminate cyber threats.

Hacker communities on social networks continue to evolve. More and more communities are creating Twitter accounts as well as pages and groups in popular social networks such as Facebook and VKontakte (a Russian social network) to share information, tools, and experience.

In the past, hackers came together on social networks to hold operational discussions, share targets, and join forces for DDoS attacks, but less to upload or download hacking tools. Since this is changing, we are now monitoring hacking tools offered for download on Twitter, Facebook, and VKontakte.

Source code published on Twitter
Source code published on Twitter

These hacker communities can be classified into three main categories:

  1. Open public groups and accounts that make common, well-known tools available.

    Open Facebook group of well-known Arab hackers
    Open Facebook group of well-known Arab hackers
  2. Closed, secret groups sharing rare or sector-related tools or programs in a specific language.

    Secret Facebook group from Southeast Asia
    Secret Facebook group from Southeast Asia
  3. Groups sharing or even selling self-developed tools.
    Facebook post in closed Asian hacker group
    Facebook post in closed Asian hacker group

    A prominent example is the self-developed DDoS tool created by hacker group AnonGhost for the #OpIsrael cyber campaign, which is expected to take place on April 7, 2015. This tool uses three flooding methods, TCP, UDP, and HTTP and can operate through a proxy if needed. AnonGhost posted its new tool on its official Facebook page with a link to a tutorial on YouTube, and soon it was widely distributed among hacktivists through social media.

    From AnonGhost's official Facebook Page
    From AnonGhost’s official Facebook Page

    We regularly monitor trends and developments in social networks, since they are becoming the preferred platform for groups of hackers to share and improve attack tools. SenseCy also takes part in these communities, which gives us the edge in preventing attacks in real time. We continue to track new trends and developments to detect cyber threats for our clients.

Cyber Campaign against French Websites

In response to the recent escalations in France and the Anonymous #OpCharlieHebdo cyber campaign against Islamic extremists platforms, hundreds of French websites have been defaced by Muslim hacktivist groups (mostly from North Africa, such as the Tunisian hacker group dubbed Fallaga).

The famous hacktivist group Middle East Cyber Army (MECA) created an #OpFrance Facebook event page for organizing cyber-attacks against French websites on January 15, 2015. Another famous hacktivist group Fallaga created a similar event page that organized an anti-France cyber-attack on January 10, 2015.

MECA #OpFrance event page
MECA #OpFrance event page

Additionally, the famous hacktivist group AnonGhost has made calls on several social media platforms to hack French websites. The group also uploaded a video to YouTube, in which they explain their motive to act against French websites: “In reaction of France’s crimes against Muslims in Mali, Syria, Center Africa & Iraq, bombing mosques, killing innocents, under the banner of ‘fighting terrorism.'”

Finally, motivation to hack French websites is high and the anti-France message is quickly spreading via social media platforms.

Cyber in Chinatown – Asian Hacktivists Act against Government Corruption

Social networks are well-known tools used by activists to mobilize the masses. As witnessed during the Arab Spring and in recent incidents in Hong Kong, government opposition groups can organize dissatisfied citizens by means of a massive campaign. More closed countries, such as North Korea or China try to limit access by their citizens to international social networks such as Twitter or Facebook. We have noticed an increasing tendency toward anti-government campaigns in Asian countries and the cyber arena plays an important role in this process. We have identified this kind of activity in China, Malaysia, Taiwan, Japan and North Korea. Local cyber hacktivist groups are calling for people to unite against infringements on freedom by violating privacy rights. Hacktivists are organizing anti-government groups and events on popular social media platforms and are posting tutorials on how to circumvent the blocking of certain websites and forums in countries where such Internet activity is forbidden. Furthermore, the groups are posting provocative materials and anti-government appeals in local Asian languages, alongside to English. Thus, we can see an attempt to recruit support from non-state activists for a national struggle.

Anonymous Japan and Anonymous North Korea Facebook Posts
Anonymous Japan and Anonymous North Korea Facebook Posts

These groups are eager to reach a large number of supporters, and not only for political and psychological purposes. Together with publishing tutorials for “safe browsing” in the Internet for large masses of people the groups translate popular cyber tools for mass attacks and they disseminate instructional manuals translated into local languages on how to use these tools.

Popular DDoS Tool in Japanese
Popular DDoS Tool in Japanese

One example of exactly such an organization is Anonymous Japan – an anti-government hacking group. The group develops and uses DDoS tools and is also involved in spam activity. Furthermore, members of the group develop their own tools and publish them on Facebook for wider audiences.

#OpJapan Attack Program
#OpJapan Attack Program

Amongst the large-scale campaigns launched by this organization, you can find #OpLeakageJp – an operation tracking radiation pollution in Japan.

TweetStorm post against the Nuclear Regulatory Commission in Japan
TweetStorm post against the Nuclear Regulatory Commission in Japan

In addition to internal struggles, hacktivist groups are operating against targets in the area. One such example is operations by hacktivism groups personifying themselves with North Korean insignia and targeting sources in South Korea. Examples of such cyber campaigns are #Opsouthkoreatarget and #OpNorthKorea.

#OpJapan Attack Program
#OpJapan Attack Program

In China, we found an example of the #OpChinaCW campaign. A cyber campaign hosted by Anonymous was launched on November 2, 2014 against Chinese government servers and websites. The campaign was organized on a Facebook event page and was further spread on Twitter.

#OpChinaCW Twitter Post
#OpChinaCW Twitter Post

Hacktivists have also published cyber tools for this campaign. See below an example of a DDoS tool sold on Facebook for only US$10.

DDoS Tool for Sale
DDoS Tool for Sale

As previously mentioned, cyber activity in the Asia region is directed not only against enemy states, but also against the “internal enemy” – the government. Hacktivism groups not only organize such campaigns on underground platforms, but they also make wide use of open popular social networks to recruit supporters. Moreover, they also develop their own cyber tools.

Turkish Hacking Group Cyber Warrior’s e-Magazine : TeknoDE

Cyber Warrior is one of the biggest hacker groups in Turkey. The group was established in 1999. Their first significant cyber-attack was in 2003, when they launched a massive operation against 1,500 U.S. websites in protest against the American invasion of Iraq and a specific incident where Turkish military personnel in northern Iraq were captured and interrogated by the U.S. Army.

Turkish Hacking Group Cyber Warrior
Turkish Hacking Group Cyber Warrior

Cyber Warrior (CW) comprises teams for strategy, intelligence, logistics, R&D and a dedicated unit for waging cyber-attacks named Akincilar. In recent weeks, for examples, Akincilar has attacked official government websites of countries that discriminate against their Muslim populations, in their opinion.

Additionally, CW has been active developing cyber tools and improving others. They even write instructional manuals on cyber security and have established a Cyber Academy, where they provide online training.

In September 2014, the group published their first monthly e-Magazine. The magazine is published on their online platforms and it includes cyber news items from the IT world, new technologies, cyber security, hacking news, programming and more.

September 2014 issue of TeknoDE
September 2014 issue of TeknoDE

In their first issue, they featured a cryptography contest with the top prize of a book, mug and mouse pad.

Cryptography Contest
Cryptography Contest

In their October issue, they reviewed the recently discovered Shellshock vulnerability, shared information on how to locate a lost mobile phone and discussed ways to hack into Gmail accounts, and aircraft and satellite systems.

October 2014 issue of TeknoDE
October 2014 issue of TeknoDE

A couple of weeks ago, they produced the November 2014 issue, featuring articles about credit card frauds, new Android malware and interviews with Cyber Warrior founders.

November 2014 issue of TeknoDE

 

Currently, the magazine is in Turkish and it increases awareness of the Cyber world for users, while promoting an interest in cyber security among them.

Members of the website and readers of CWTeknoDE will not only be motivated to hack, but with this magazine they will have chance to learn more about the cyber world, and methods and vulnerabilities.

Related Posts


Did Turkish Hackers Actually Hack the Israeli “Iron Dome”? on August 18, 2014 by Sheila Dahan

Turkish Government Bans Twitter and Hijacks IP Addresses for Popular DNS Providers on March 31, 2014 by Sheila Dahan

RedHack – A Turkish Delight on February 5, 2014 by Sheila Dahan

HACKoDROID: An Increasing Tendency Toward Smartphone-Based Attacks

New Smartphone technologies have made our lives easier. At the touch of a button, you can call a cab, pay bills, connect with your friends and even reach your personal trainer. On the other hand, the world of hacking and cracking now also has a lot of useful tools to hack your system and steal your data, using a smartphone.

We have recently seen the development and publishing of hack applications for smartphones on underground forums. The wide range of such tools means that anybody can find a suitable tool for dubious purposes. The items available include a variety of DDoS tools, wireless crackers, sniffers, network spoofers and more.

HackForum Post
HackForum Post

Most tools are only available for Android smartphones, and many require root permissions. The most popular tool for cookie theft is DroidSheep. With the help of this tool, an attacker can collect all browsing data, including logins, passwords and more, merely by using the same Wi-Fi network as the victim.

Moreover, the attacker can connect to the victim’s password-protected Wi-Fi network. There are several Wi-Fi cracking tools, for example, WIBR+ uses uploaded password databases to identify passwords common to the victim’s network. The users can also upload and update these databases. Another tool – Wi-Fi Kill – is capable of shutting down any other device connected to the same network and can intercept pictures and webpages recently visited by users of this network.

More and more tools now include more than one hacking capability. The DSploit tool features such functions as password sniffers, cookie sniffers, browsing history sniffers, and webpage redirecting. Another program, Bugtroid, contains cracking and protection applications. The owner can choose the most suitable program from a list and install it in one click. The tool offers a variety of tools to suit almost every cracking purpose.

Sniffers and DDoS Tools
Sniffers and DDoS Tools

For iOS systems, there is a limited number of hacking tools, mostly in the realm of game cracking. Examples of such tools are GameGem and iGameGuardian. These tools break games for the purpose of stealing monetary units. The most common tool for iOS is Metasploit, which contains a number of useful applications for different fields.

The tools presented above are not new, but they represent the main capabilities in the field. We are seeing a growing tendency to use portable devices, such as smartphones and tablets, to conduct attacks in public places. Mobile devices and public Wi-Fi networks tend to be less protected and more vulnerable. With the help of collected data by mobile device, the attackers can perform more complex attacks via PC. As long as there is no protection awareness regarding mobile devices, we expected a continued increase in the number of smartphone-based attacks.

List of Hacking Tools
List of Hacking Tools

Latin America Battles Human Rights Online

Following centuries of struggle, Latin American countries succeeded in gaining independence in the course of the 19th and 20th centuries. Notwithstanding, it is a well-known fact that today there is no equal financial distribution between the different classes in Latin American society.

In an attempt to overcome these significant class differences and protect the lower classes in Latin American countries, many human rights groups were created. However, this post refers to very different groups that are fighting for their rights in a more modern way – from behind a computer screen.

Most of these groups have a very similar agenda and they know that the best way to succeed lies in garnering the assistance of hacktivists from all over the continent and even further afield.

Via the computer, they are calling out to the people to protest against government laws and restrictions. Take, for example, the case of #4octrodealadictadurawhere Anonymous exposes police brutality and violence against unarmed protesters.

Violent Clashes
Police arrests protestors
Protestors document the violence
Protestors document the violence

Their main activity is hacking and defacing important websites. Sometimes they even leak information from databases. Their targets are mostly webpages affiliated with the government, politicians and candidates, and large enterprises such as railroad companies, newspapers and local authorities.

Almost all of the groups identify with Anonymous. One of the more prominent of these groups is Anonymous Peru, which claims to be striving for a country with no corruption, and calls to protect the human and civil rights of the citizens of Peru. The group created #OpIndependenciaPeru  and claims to have attacked government websites on Peruvian Independence day on July 28, 2014. During this operation, they alleged that they leaked candidate information, defaced ISP in Argentina and hacked a Peruvian government website.

Anonymous Peru Twitter

Another notable group is MexicanH Team from Mexico. The group identifies with Anonymous Mexico and is very popular (with over 21,000 followers on Twitter). The group launched #OpTequilatargeting Mexico’s Independence Day on September 15, 2014. During the campaign, the group hacked the website of the presidency (using an XSS vulnerability). They also leaked government email addresses, usernames and passwords.

XSS vulnerability in the president website
Database leakage

The latest hacktivist group to capture attention is TeamHackArgentino. The goals of this group are to show that the government’s politics are as bad as the security of their websites, and to demonstrate the fact that they posted an archive of their attacks on two different websites.

TeamHackArgentino Twitter
TeamHackArgentino Twitter

In conclusion, all of these groups help each other to fight against their governments, in an effort to rouse them and make them aware of the unjust acts being perpetrated against the people of Latin America, especially the poor.

Anonymous versus ISIS

Alongside the war being waged against ISIS in Iraq and Syria, there is another battle front against ISIS in cyber space. Anonymous has declared war against ISIS platforms, to destroy ISIS propaganda and influence throughout the web. Anonymous supporters and opponents of ISIS are using social networks to spread their message. The following is a short summary of Anonymous efforts to block ISIS ideology on Facebook, Twitter and YouTube:
On October 4, 2014, a cyber-campaign was launched against ISIS. 110 Facebook users joined the event page that was created to organize DDoS attacks against websites affiliated with ISIS.

Event Page against ISIS
Event Page against ISIS

However, a more potent campaign against ISIS and its supporters is running on Twitter and Facebook, under the hashtags #OpIceISIS and #No2ISIS. There is also a Twitter account named Operation Ice ISIS.

There is also another anti-ISIS campaign on Twitter calling for an ISIS Media Blackout. The most active Twitter account in this operation named Bomb Islamic State.

Some tweets say that supporting ISIS is like supporting Assad or even Israel.

It should be noted that we also found an anti-ISIS group on the Darknet. The founder of the group, that has 32 members, invited all who wishes to eradicate ISIS to join the group.

ISIS in Cyber Space

We tried to search for ISIS cyber forces, if there is such thing, and we found some evidence on Twitter indicating the existence of an Islamic State Electronic Brigades. These brigades also have a YouTube channel and chat room. Here you can see a screenshot of an image in Arabic announcing that ISIS Electronic Brigades hacked the Twitter account @SawaTblanc.

Furthermore, the trend to support ISIS among hackers from the Muslim world is becoming more popular by the day. On Facebook, you can find many hacker groups affiliated with ISIS, such as the Army of the Electronic Islamic State that has 146 members. This group tried to launch a cyber-campaign against Arab TV Channels on September 27, 2014. There is another Facebook group that gives hacking lessons to ISIS supporters. Moreover, a Twitter account named Lizard Squad claimed that he uploaded an ISIS flag to Sony servers.

It should be noted that there can sometimes be conflicts among Arab hacker groups affiliated with Anonymous that also support the ISIS agenda, such as Anonymous Official Arabe, who posted on its Facebook page that they would not hack ISIS websites, despite their Anonymous affiliation.In conclusion, our examples show that ISIS has a presence in cyber space but there is also high motivation to hack their platforms to delete their spreading influence.