Latin America Battles Human Rights Online

Following centuries of struggle, Latin American countries succeeded in gaining independence in the course of the 19th and 20th centuries. Notwithstanding, it is a well-known fact that today there is no equal financial distribution between the different classes in Latin American society.

In an attempt to overcome these significant class differences and protect the lower classes in Latin American countries, many human rights groups were created. However, this post refers to very different groups that are fighting for their rights in a more modern way – from behind a computer screen.

Most of these groups have a very similar agenda and they know that the best way to succeed lies in garnering the assistance of hacktivists from all over the continent and even further afield.

Via the computer, they are calling out to the people to protest against government laws and restrictions. Take, for example, the case of #4octrodealadictadurawhere Anonymous exposes police brutality and violence against unarmed protesters.

Violent Clashes
Police arrests protestors
Protestors document the violence
Protestors document the violence

Their main activity is hacking and defacing important websites. Sometimes they even leak information from databases. Their targets are mostly webpages affiliated with the government, politicians and candidates, and large enterprises such as railroad companies, newspapers and local authorities.

Almost all of the groups identify with Anonymous. One of the more prominent of these groups is Anonymous Peru, which claims to be striving for a country with no corruption, and calls to protect the human and civil rights of the citizens of Peru. The group created #OpIndependenciaPeru  and claims to have attacked government websites on Peruvian Independence day on July 28, 2014. During this operation, they alleged that they leaked candidate information, defaced ISP in Argentina and hacked a Peruvian government website.

Anonymous Peru Twitter

Another notable group is MexicanH Team from Mexico. The group identifies with Anonymous Mexico and is very popular (with over 21,000 followers on Twitter). The group launched #OpTequilatargeting Mexico’s Independence Day on September 15, 2014. During the campaign, the group hacked the website of the presidency (using an XSS vulnerability). They also leaked government email addresses, usernames and passwords.

XSS vulnerability in the president website
Database leakage

The latest hacktivist group to capture attention is TeamHackArgentino. The goals of this group are to show that the government’s politics are as bad as the security of their websites, and to demonstrate the fact that they posted an archive of their attacks on two different websites.

TeamHackArgentino Twitter
TeamHackArgentino Twitter

In conclusion, all of these groups help each other to fight against their governments, in an effort to rouse them and make them aware of the unjust acts being perpetrated against the people of Latin America, especially the poor.

WhatsHack: WhatsApp in Cyberspace

WhatsApp Messenger is an instant messaging subscription service. In addition to text messaging, users can send each other images, video and audio media messages, as well as location data. As of September 2014, WhatsApp is the most popular global messaging app, with 600 million users. Aside from regular users, more underground communities like to use this application. WhatsApp activity is more complicated to monitor by a third party than regular phone messages and some online services. WhatsApp has proven to be a fast, reliable and inexpensive service for sharing various kinds of information.

The cyber underground is also seeking new platforms for chatting and sharing information. Lately, we have identified an increasing number of hacker-affiliated groups using WhatsApp services. These groups offer members chat services, hacking tips, cyberattack coordination and more. Members from numerous countries, including Bangladesh, Pakistan, Indonesia and others, expose their phone numbers to connect to such groups.

Facebook hacktivist post
Facebook hacktivist post

There are several manuals describing how to access other WhatsApp accounts. One post shared two different methodologies to do just that: spoofing with the help of Mac number, and using spy software. This post received over 738,000 views over a two-week period.

WhatsApp hacking guide
WhatsApp hacking guide

In addition to spy methodology, you can find various tools, such as WhatsApp Hack Spy Tool, WhatsAppSniffer, WhatsApp Xtract, WhatsApp Conversation SPY Hack Tool and more. You can also use third party spyware. These tools can be used for Android, iPhone and BlackBerry devices. Tools provide such features as tracking all voice notes, viewing all user chat logs, updating profile pictures, sending messages to contacts, changing profile status and more, depending on the tool.

WhatsApp hacking tools
WhatsApp hacking tools

The dissemination of such tools is becoming common also on social networks, such as Facebook, Twitter and LinkedIn. A Facebook page titled “WhatsApp Hack Spy Tool” has 390 members, mostly from India, Italy, France and the U.S. This page also has a related Twitter account with more than 3,500 followers. Another Facebook page titled “WhatsApp Hack Sniffer Spy Tool” has over 13,500 members, mostly from Turkey and India. Furthermore, advertisement for the tool can also be found on LinkedIn.

LinkedIn advertisement for the tool
LinkedIn advertisement for the tool

In addition to the free tools, you can purchase more unique software, such as a tool for hacking WhatsApp, only ten copies of which were released for sale on the DarkNet for 0.0305 BTC.

The tool is sold on the DarkNet
The tool is sold on the DarkNet

The use of WhatsApp by hacktivist communities, together with the development of hacking tools and methodologies, has opened up a new platform for the cyber community. These two directions provide a fast, inexpensive and more secure way for hacktivists to interact, coordinate operations, and exchange information and mobile hacking techniques and data vulnerabilities.

Want to Kickstart a Hacktivist Campaign – Click Here!

We are currently witnessing a new phenomenon of popular uprising against governments in some post-Soviet Union countries. More and more citizens are forming active groups to protest against government corruption, the licentiousness of officials and government policy on various issues. Alongside these opposition groups in the physical world, anti-government campaigns and the struggle for human rights and democracy, we have identified a similar struggle in the realm of cyberspace.

The Anonymous Russia group regularly publishes leaked data from the hacked databases of buyers of elite watches and luxury housing in various Russian cities. These consumers include numerous state officials. The group additionally hacks the email conversations of Russian officials, thus stealing other sensitive information regarding government policy and actions. This information typically includes personal information regarding the victim – passport numbers, telephone numbers, addresses, etc.

Private residence plans of the sales director of the Russian energy company OAO "Ульяновскэнерго"; the information was leaked by Anonymous Russia
Private residence plans of the sales director of the Russian energy company OAO “Ульяновскэнерго”; the information was leaked by Anonymous Russia

In light of the ongoing conflict between Russia and Ukraine, more and more hacktivist groups are taking action against Russian policy in Ukraine. Anonymous Russia claims it is exposing information regarding the presence of Russian fighters on Ukrainian soil, to raise public awareness of Russian Government policy. The information includes official documents and leaked emails. Beside the Russian government itself, the group is targeting organizations that support Russian policy, as well as those not actively opposing it. Thus, during operation #OpCrimea (#ОПКРЫМ), Russian hackers stole a database that included the personal information of people from Kerch – a city in eastern Crimea – “Because they have not defended their city and they have sold out to Putin.”

A post regarding the database leak during #OpCrimea
A post regarding the database leak during #OpCrimea

On the group’s official website, you can ask for help from Anonymous Russia, report any illegal activities by officials in your region, offer your help, or support the project. The team accepts financial support for the project and gladly converts any monetary contributions to Yandex, WMR or WMZ wallets.

Details of money transfer to Anonymous Russia
Details of money transfer to Anonymous Russia

Many activists groups fundraise for “justified activity.” Such actions encompass a variety of fields – hacktivist, jihadi and other groups united by certain causes. These groups are usually totally dependent on their supporters for funds.

A new trend dubbed crowdfunding in the field of fundraising has become very popular among NGO organizations, artists and other social projects. Crowdfunding is a new method of commerce and patronage. This is not an investment or a loan of any kind and the fundraisers usually state the purpose of the project. People who are interested in supporting such a project are welcome to donate whatever sum they wish.

gius
Crowdfunding post by Anonymous Ukraine

We have not seen the Crowdfunding fundraising method before now in cyberspace. Recently, the Anonymous Ukraine group posted a request for help on the popular Russian-language social network VKontakte. The group acts against the Russian government, the Ukrainian opposition and organizations and media that support pro-Russian policy in Ukraine. Their main activity vector is DDoS attacks on media websites. Alongside their successes, there are many failed attempts. Notwithstanding, the group appealed for financial help from supporters to purchase a botnet that purportedly increases the effectiveness of attacks. For this purpose, Anonymous Ukraine used Crowdfunding to raise 1200 Ukrainian Hryvnia (UAH).

 

Gods, Monsters and Pandas – Threats Lurking in the Cyber Realm

With new viruses constantly being developed and new groups being formed all the time, hackers should use their creative minds to come up with original names to distinguish their tools/group from the rest. While some names are rather trite and corny, others are more amusing and curious. Generally speaking, the names usually fall under one of about ten categories. Here are a few examples:

The following are some elaborations on specific names:

Torshammer666: Thor’s hammer, or Mjölnir in Norse mythology, is depicted as one of the most powerful weapons, forged by the skillful hands of the dwarves. However, it seems that one Nordic god was not enough for this specific hacker, so he walked the extra mile and added the ominous number 666 to the tool name, to create an intimidating effect stemming from the thought of a Nordic-Satanic-almighty-weapon.

Fallaga: The famous Tunisian hacker group Fallaga is named after the anti-colonial movement that fought for the independence of Tunisia (there were also Fallaga warriors in Algeria). The character in the group’s logo resembles the original Fallaga fighters.

熊猫烧香 (Panda Burning Incense) – Everybody loves those adorable, chubby, harmless bears called Pandas! They are native to China, and serve as its national animal and mascot. As such, it is no wonder that panda-themed characters and cartoons figure extensively in China in various contexts, often symbolically representing China internationally. And now the pandas have even invaded the virus realm! In 2006-2007 the 熊猫烧香 virus infected millions of computers throughout China and led to the first-ever arrests in the country under virus-spreading charges. The ultimate goal of the virus was to install password-stealing Trojans, but it was its manifestation on the victim’s device that attracted a lot of attention: the virus replaced all infected files icons with a cute image of a panda holding three incense sticks in its hands, hence the name “Panda Burning Incense.”

Bozok (Turkish) – It may refer to one of the two branches (along with Üçok) in Turkish and Turkic legendary history from which three sons of Oghuz Khan (Günhan, Ayhan, and Yıldızhan) and their 12 clans are traced (from Wikipedia.)

推杆熊猫 (Putter Panda, putter=golf stick) – Another Panda-themed name. It is widely recognized that golf is the sport of white collar professionals, usually those on the upper end of the salary ladder. That is why, when these prominent figures travel abroad to a convention or on a business trip (and engage in semi-business/semi-pleasure golf activities), they are sometimes subjected to sophisticated hacker attacks, usually initiated by their host country, as suspected in the case of Putter Panda and its ties with the Chinese government.

As you read these lines, more tools are being written, and we can expect to continue to see more intriguing names. The Chinese idiom 卧虎藏龙 (literally: “crouching tiger, hidden dragon”), which was the inspiration for the successful namesake movie, nowadays actually means “hidden, undiscovered talents.” Maybe it is time the gifted tigers and dragons of the hacker community climbed out of their dark caves, stopped performing illegal activities, and put their pooled talents (be they computing or copywriting) to good use?

 

Hacker Idol

The cyber world is anxiously awaiting the next big event and you can feel the buzz in the air since the Anon Official Arab hacker group announced their survey of the “Best Hacker Group in the Arab World for Year 2014”. People have been asked to vote for the best hacker group according to its achievements during 2014. The survey will be available to the public for 48 hours, after which time the organizers will announce the winners.

The Survey
The Survey

The nominees for the title “Best Hacker Group” are Anonymous, AnonGhost, Gaza Hacker Team, Fallaga, Moroccan Kingdom and Moroccan Islamic Union Mail. All are very popular groups with undisguised agendas against Israel, the U.S. and other governments around the world.
We have already voted for our favorite group. Have you? 🙂

The Rebirth of #OpIsraelReborn

#OpIsraelReborn 2014

Since 2001, the date 9/11 has held symbolic meaning for all terror groups and Islamist hacktivists. Every year, come September, many countries raise their alert status, fearing that a terror attack might be executed on this date to amplify its resonance and attach more significance to it. Ergo, it came of little surprise that this date was chosen in 2013 for the #OpUSA campaign that mainly targeted the websites of different American governmental and financial institutions. To further leverage the momentum, a second campaign, #OpIsraelReborn, was launched by AnonGhost concurrently with #OpUSA. However, the 2013 #OpIsraelReborn campaign failed to produce the desired results, and perhaps for this reason, this year the group has decided to have another go at it.

1111

On August 21, 2014, AnonGhost tweeted “Next operation is #OpIsrael Reborn. On 11 September, be ready Israel – you will taste something sweet as usual”. While we do not expect them to hand out vanilla-flavored ice-cream to random Israelis on the street, we also do not believe this campaign poses an exceptionally grim threat. Nevertheless, the AnonGhost group, together with many other hackers, are undoubtedly highly motivated to launch cyberattacks against Israeli targets, especially after the recent Protective Edge campaign, and they should therefore be afforded appropriate attention.

Based on last year’s experience, we expect that the main attack vectors will include DDoS attacks, defacements and SQL injections, and the prime victims of these attacks will be the websites of small businesses that maintain a low level of security.

9/11 is drawing closer and we will soon find out what cake AnonGhost has baked for us this time.        

2222

Our New SenseCy.com is Here!

We are happy to announce the launch of the new version of our portal!

After many sleepless hours and minor hiccups along the way, we have launched our new website this past week. Let’s have a quick tour and introduce the new changes:

Firstly, we shifted our approach to accommodate our customers’ needs. Instead of focusing on our sources, we now focus on five main sectors. This enables you to choose the sector of your interest and get information from all available sources (whether if it’s OSINT, Hacktivism or Deep-Web).

1st

Our feed representation has also changed. It’s much more intuitive and user friendly. We’ve expanded the search capabilities which enables you to conduct various correlations and to locate the proper information that you require.

2nd

We’ve also introduced our all new bundles. Get substantial discounts and our unique reports when purchasing one of our cyber intelligence feed bundles.

3rd

What’s next? We are now working hard on our next release which will add more features and improvements.

So definitely stay tuned and stay connected!

Ukraine Accuses Russia of Invasion – Ukrainian Hackers Set to Retaliate

Earlier today (August 28, 2014) Ukrainian President Petro Poroshenko said that Russia has sent troops to eastern Ukraine. Ukrainian hacker groups are quickly aiming to retaliate – Anonymous Ukraine plans to attack a number of Russian bank websites and the official websites of the Russian President . The first target was sberbank.ru, and the attack was planned to take place on August 28 at 16:00.

Anonymous Ukraine is threatening to carry out DDoS attacks
Anonymous Ukraine is threatening to carry out DDoS attacks

Other websites on the list include:

Threats to wage cyber attacks on sberbank.ru
Threats to wage cyber attacks on sberbank.ru

#OpSaveGaza Campaign – Insights from the Recent Anti-Israel Cyber Operation

The #OpSaveGaza Campaign was officially launched on July 11, 2014, as a counter-reaction to operation “Protective Edge”. This is the third military operation against Hamas since the end of December 2008, when Israel waged operation “Cast Lead”, followed by operation “Pillar of Defense” in November 2012.

These military operations were accompanied by cyber campaigns emanating from pro-Palestinian hacker groups around the world. #OpSaveGaza was not the only recent cyber campaign against Israel, but it is the most organized, diverse and focused. During this campaign, hacker groups from Malaysia and Indonesia in the East to Tunisia and Morocco in the West have been participating in cyber attacks against Israel.

The Use of Social Networks

Hacktivist groups recruit large masses for their operations by means of social networks. Muslim hacker groups use mostly Facebook and Twitter to upload target lists, incite others to take part in cyberattacks and share attack tools.

The #OpSaveGaza campaign was planned and organized using these two social media platforms. The organizers of the campaign succeeded in recruiting tens of thousands of supporters to their anti-Israel ideology.

OpSaveGaza - Facebook Event

Attack Vectors

When examining the types of attacks perpetrated against Israeli cyber space, it appears that this campaign has been the most diverse in terms of attack vectors. It not only includes simple DDoS, defacement and data leakage attacks, but also phishing (even spear-phishing based on leaked databases), SMS spoofing and satellite hijacking (part of the Hamas psychological warfare), in addition to high-volume/high-frequency DDoS attacks.

Hackers targeting Israeli ISPs
Hackers targeting Israeli ISPs

Furthermore, these attacks have been much more focused as the attackers attempt to deface and knock offline governmental websites, defense contractors, banks and energy companies. Simultaneously, a large number of small and private websites were defaced (over 2,500) and several databases were leaked online.

Pro-Palestinian hackers defacing Israeli websites
Pro-Palestinian hackers defacing Israeli websites

Motivation and the Involvement of other Threat Actors

The motivation for waging cyberattacks against Israel during a military operation is clear. This is not the first time that a physical conflict has had implications on the cyber sphere. However, we believe that other factors are contributing to the cyber campaign. In July 2014, the Muslim world observed the month of Ramadan, a holy month in Muslim tradition. There are two significant dates in this month – “Laylat al-Qadr” (the Night of Destiny), the night the first verses of the Quran were revealed to the Prophet Muhammad; and “Quds Day” (Jerusalem Day), an annual event held on the last Friday of Ramadan and mentioned specifically by Iran and Hezbollah. We identified an increase in the number of attacks, as well as their quality, surrounding these dates.

Last year, several days before “Quds Day” a hacker group named Qods Freedom, suspected to be Iranian, launched a massive cyber operation against Israeli websites. In other words, we believe that not only hacktivist elements participated in this campaign but also cyber terrorism units and perhaps even state-sponsored groups from the Middle East.

The Islamic Cyber Resistance (ICR) leaking an internal database
The Islamic Cyber Resistance (ICR) leaking an internal database

To summarize, this campaign was far better organized than the recent cyber operations we experienced in 2009 and 2012 alongside physical conflicts with Hamas. We have seen changes in several aspects:

  • Improvement in attack tools and technical capabilities
  • Information-sharing between the groups (targets, attack tools, tutorials)
  • The involvement of hacker groups from Indonesia in the East and Morocco in the West.
  • Possible involvement of cyber terrorism groups
  • Well-managed psychological warfare and media campaign by the participating groups

The scope and manner in which this campaign was conducted shows improved capabilities of the perpetrators, which is in-line with Assaf Keren’s assessment of the evolution of hacktivist capabilities.

#OpSaveGaza – Interim Summary

Written by Yotam Gutman

When the cannons roar, the muses stay silent (but the hacktivists hack).

As we reported last week, operation “Protective Edge” instigated a flurry of activity by Muslim hacktivists, targeting Israel. In the following post we will review the activities which took place so far and try to characterize them.

Attacker Types

Attackers can by divided into three types: individuals, hacktivist groups and cyber terror organizations. Individuals usually join larger campaigns by hacktivists groups and show their support on social media sites.

Hacktivist groups taking a stance make extensive use of Facebook as a “command and control” platform. The largest “event” dubbed #OpSaveGaza was created by Moxer Cyber Team, a relatively new group who probably originated from Indonesia whose event page has 19,000 followers.

Moxer Cyber Team event page
Moxer Cyber Team event page

The event included many lesser known Islamic groups, mainly from Indonesia, who did not participate in previous campaigns against Israel. Another event page by the Tunisian AnonGhost announced that the attack will include 38 groups from around the Muslim world. The campaign is planned to continue until the 14th of July.

Cyber terror organization in the form of the SEA (Syrian Electronic Army and ICR (Islamic Cyber Resistance) have not officially declared their participation in the campaign but have waged several high profile attacks, such as hacking into the IDF spokesman blog and Twitter account (SEA) and leaking a large database of job seekers (ICR).

Attacker Tools

The participants in this campaign use similar tools as previous campaigns – Generic DDoS tools, SQLi tools, shells and IP anonymization tools.

Results (Interim Summary)

#OpSaveGaza campaign included to date mainly defacement attacks (about 500 sites have been defaced), DDoS attacks of minor scale and some data dumps. Two interesting trend we’re seeing are recycling older data dumps and claiming it to be a new one, and posting publicly available information which was allegedly breached.

Summary

We estimate that these activities will continue until the hostilities on the ground subside, with perhaps more substantial denial of service or data leak attempts.