Hacktivists are threatening to launch #OpClosedMedia, a month-long cyber campaign against websites and platforms of “mainstream media,” on September 22, 2016, for failing to inform the public about the real news.
The campaign’s official target list includes the websites of the BBC, The Daily Mail, The Independent, Reuters, Channel One (Russia) and others.
Thus far, participants have claimed responsibility for hacking several websites related to the media sector from around the world, but they also claimed to have hacked other websites with a loose connection to this sector.
This is not the first time that the media sector has been targeted by hacktivists. In June 2016, the Ghost Squad Hackers group launched the #OpSilence campaign against prominent news agencies, such as Fox News and CNN, protesting against what they called the “silence and lies” regarding the Palestinian situation. However, it seems that the Ghost Squad Hackers are not involved in this campaign.
In conclusion, popular news platforms and the media sector in general are targeted by hacktivists who wish to shut them down. Only time will tell if they will succeed or not.
Starting at the end of last week, hacktivist groups from around the Muslim world tried to attack Israeli websites, particularly those of government institutions, as part of the #OpIsrael cyber campaign. In the past twenty-four hours they stepped up their activity, but we have seen no signs of major attacks. Despite all the publicity prior to the campaign, the hackers’ successes were limited to defacing several hundred private websites and leaking the email addresses of tens of thousands of Israelis, many of them recycled from previous campaigns. Several dozen credit card numbers were also leaked on information-sharing websites, but our examination shows that some were recycled from past leaks.
AnonGhost, which initiated the campaign, was the main actor behind it. However, other groups of hackers, such as Fallaga, MECA (Middle East Cyber Army), Anon.Official.org, and Indonesian and Algerian groups also participated in the attacks. As the campaign progressed, we saw an increasing number of posts and tweets about it (over 3,000), but this is still significantly less than last year, when there were tens of thousands.
As we noted in previous updates, the campaign was conducted primarily on social networks, especially Facebook and Twitter. IRC channels opened for the campaign were barely active, partly because hackers feared spying by “intelligence agents.” On closed forums and Darknet platforms, we saw no activity related to #OpIsrael.
Following is a summary of the main results of the attacks that we have identified so far:
Defacing of hundreds of websites. Victims included Meretz (an Israeli political party), various Israeli companies, sub-domains of institutions of higher education, municipalities, Israeli artists, and more.
Leaking of tens of thousands of email addresses and personal information of Israelis. A significant portion of the information was recycled from previous campaigns. Databases from third-party websites were also leaked. In addition, two files were leaked and according to the hackers, one had 30,000 email addresses and the other 150,000 records.
Publication of details from dozens of credit cards, some of them recycled.
SenseCy’s teams monitor underground and password-protected forums and communities in many languages – Russian, Arabic, Persian, Chinese, Portuguese, English, and more. By gaining access to the Deep Web and Darknet, we identify suspicious activity and new hacker tools and enable our clients to mitigate or eliminate cyber threats.
Hacker communities on social networks continue to evolve. More and more communities are creating Twitter accounts as well as pages and groups in popular social networks such as Facebook and VKontakte (a Russian social network) to share information, tools, and experience.
In the past, hackers came together on social networks to hold operational discussions, share targets, and join forces for DDoS attacks, but less to upload or download hacking tools. Since this is changing, we are now monitoring hacking tools offered for download on Twitter, Facebook, and VKontakte.
These hacker communities can be classified into three main categories:
Open public groups and accounts that make common, well-known tools available.
Closed, secret groups sharing rare or sector-related tools or programs in a specific language.
Groups sharing or even selling self-developed tools.
A prominent example is the self-developed DDoS tool created by hacker group AnonGhost for the #OpIsrael cyber campaign, which is expected to take place on April 7, 2015. This tool uses three flooding methods, TCP, UDP, and HTTP and can operate through a proxy if needed. AnonGhost posted its new tool on its official Facebook page with a link to a tutorial on YouTube, and soon it was widely distributed among hacktivists through social media.
We regularly monitor trends and developments in social networks, since they are becoming the preferred platform for groups of hackers to share and improve attack tools. SenseCy also takes part in these communities, which gives us the edge in preventing attacks in real time. We continue to track new trends and developments to detect cyber threats for our clients.
Social networks are well-known tools used by activists to mobilize the masses. As witnessed during the Arab Spring and in recent incidents in Hong Kong, government opposition groups can organize dissatisfied citizens by means of a massive campaign. More closed countries, such as North Korea or China try to limit access by their citizens to international social networks such as Twitter or Facebook. We have noticed an increasing tendency toward anti-government campaigns in Asian countries and the cyber arena plays an important role in this process. We have identified this kind of activity in China, Malaysia, Taiwan, Japan and North Korea. Local cyber hacktivist groups are calling for people to unite against infringements on freedom by violating privacy rights. Hacktivists are organizing anti-government groups and events on popular social media platforms and are posting tutorials on how to circumvent the blocking of certain websites and forums in countries where such Internet activity is forbidden. Furthermore, the groups are posting provocative materials and anti-government appeals in local Asian languages, alongside to English. Thus, we can see an attempt to recruit support from non-state activists for a national struggle.
These groups are eager to reach a large number of supporters, and not only for political and psychological purposes. Together with publishing tutorials for “safe browsing” in the Internet for large masses of people the groups translate popular cyber tools for mass attacks and they disseminate instructional manuals translated into local languages on how to use these tools.
One example of exactly such an organization is Anonymous Japan – an anti-government hacking group. The group develops and uses DDoS tools and is also involved in spam activity. Furthermore, members of the group develop their own tools and publish them on Facebook for wider audiences.
Amongst the large-scale campaigns launched by this organization, you can find #OpLeakageJp – an operation tracking radiation pollution in Japan.
In addition to internal struggles, hacktivist groups are operating against targets in the area. One such example is operations by hacktivism groups personifying themselves with North Korean insignia and targeting sources in South Korea. Examples of such cyber campaigns are #Opsouthkoreatarget and #OpNorthKorea.
In China, we found an example of the #OpChinaCW campaign. A cyber campaign hosted by Anonymous was launched on November 2, 2014 against Chinese government servers and websites. The campaign was organized on a Facebook event page and was further spread on Twitter.
Hacktivists have also published cyber tools for this campaign. See below an example of a DDoS tool sold on Facebook for only US$10.
As previously mentioned, cyber activity in the Asia region is directed not only against enemy states, but also against the “internal enemy” – the government. Hacktivism groups not only organize such campaigns on underground platforms, but they also make wide use of open popular social networks to recruit supporters. Moreover, they also develop their own cyber tools.
On February 9, 2014, anti-Israeli hacker groups announced a cyber operation against Israel scheduled for March 10. According to a press release issued on Pastebin, all hacktivists worldwide are called upon “to wipe Israel yet again off the cyber web on March 10th, 2014 on the anniversary of Israels attack on Palestinian leader Yasser Arafat’s office in Gaza City”.
The attackers published a target list of about 1,360 websites, including government websites, banks and financial institutions, media outlets, academic institutions, defense industry, etc. We have identified several hacker groups that will participate in the campaign. One of them is AnonGhost that initiated the April 7, 2014 campaign. Another interesting group is RedHack – a Turkish hacker group that recently wagedseveral high-profile attacks.
The attackers have also created an official Twitter account and a Facebook page, where they have posted links to download various attack tools, such as DDoS, SQL, RAT, keyloggers and more.
As was the case in previous campaigns, we assume that pro-Palestinian hacker groups will launch cyberattacks against Israeli websites, but with a low success rate, especially with regard to banks and critical infrastructure websites.
SenseCy is coming to town! Come meet us at the RSA USA 2014 conference, February 24-28, in San Francisco.
Arab hacker groups often share cyber information. From time to time, Arab hackers even upload self-written guide books or translate them from other languages. They post them on closed Facebook groups or password-protected forums, reaching a sizeable audience and thus improving the technological capabilities of potential attackers.
By way of example, we traced a series of guide books in Arabic for SQL injection attacks written by an Egyptian hacker nicknamed “Black Rose”. He shared them with his Facebook friends and on closed Arabic forums associated with hacking.
One of his guides, published in late 2013, addresses different ways to overcome obstacles in SQL injections. It is written mostly in Arabic, with technical terms in English. The instructions are accompanied by various screen shots to illustrate everything as clearly as possible.
We have noticed these kinds of books and instruction guides on different hacker group platforms, as well as personal ones. Although the level of the technical content is mediocre, over the last six months we have discerned an improvement in the hacking capabilities of hacktivist groups.
In recent weeks, our Cyber Intelligence team has identified Muslim hacktivist group intentions to launch a cyber operation against Israel on April 7, 2014 – one year after the last April 7 campaign that attempted to shut-down Israeli cyber space.
AnonGhost Team was the first to announce on December 23, 2013 that it would launch cyberattacks against Israel on April 5-7, 2014. The group, that initiated the previous April 7 campaign, also published a video entitled “#OpIsrael Birthday” (likely intended as a warning that this campaign will launch annually on April 7).
Shortly after the AnonGhost announcement, other groups, such as AnonGhost Tunisie (sic.) and the Norwegian Ghost Cyber Attackers opened event-pages on anti-Israel Facebook. In addition, several other groups, such as the pro-Palestinian Fallaga and Virus Noir Ps, were listed as participants for future cyber operations. The main targets are mostly government websites, but we assume that more targets, largely financial, will be advised soon.
A new trend has emerged – Hacktivist campaigns against high-profile sporting events.
Anonymous Caucasus, also known as “The Electronic Army of the Caucasus Emirate”, an Islamist hacker group, has already threatened to carry out cyber attacks before and during the Sochi 2014 Winter Olympic Games.
The next major sporting event is the World Cup, schedule to take place in June 2014 in Brazil. In recent days Anonymous hackers have launched cyber attacks against Brazilian government websites in protest against the 2014 World Cup.
The hacktivists have also created an event page on Facebook threatening that every Saturday until the beginning of the games on June 12, 2014, they will wage cyber attacks against different websites that are affiliated with the Brazilian government and FIFA, the international governing body of association football.
Thus far, hundreds of people have joined the event and the number of participants will most likely increase during the next months.