Talk to the Australian Computer Society - SIG (Victoria) Information Security. About the impact of hacktivism on Australia. Presenter: Prof Matt Warren (www.mjwarren.com)
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
The impact of Hacktivism upon Australian Organisations
1. 23/10/2012
Hackers
The Impact of Hacktivism
on Australian Organisations Motivation is an important aspect of hacking,
whether it is:
PROFESSOR MATT WARREN,
SCHOOL OF INFORMATION SYSTEMS,
Traditional - Gaining knowledge (hacker manifesto);
DEAKIN UNIVERSITY For financial gain (current situation – organised
WWW.MJWARREN.COM
crime).
Motivation has changed over time from single
hackers to groups of hackers.
LulzSec Profile
Small Group of Hackers (6/7);
“For the past 50 days we've been disrupting and
exposing corporations, governments, often the
general population itself, and quite possibly
everything in between, just because we could”.
(Last Message?);
Aim to Cause Disruption.
1
2. 23/10/2012
Attacks Of Interest
X-Factor contestant Database Released; Traditional model of a hacking group.
CIA Web-site Defaced;
InfraGard – FBI Think Tank – defaced site and Extensive use of Social Media Twitter Followers –
related database of user details; 356,000 and use of sites such as Pastebin.
Released 62,000 email address and passwords
including Australian organisation details, e.g.
Universities, local government, NPO.
Desire to highlight security weaknesses.
Hacktivsm Anonymous
In the broadest term it is the use of technology as a
means of protest to promote political ends. The aims
of the protest would depend upon the group;
Term developed from the mid 90’s by the hacking
group “Cult of the Dead Cow”;
Techniques can include hacking, malware, denial of
service and information disclosure.
2
3. 23/10/2012
Anonymous Key Campaigns
Anonymous is NOT The Church of Scientology, Vatican;
an organization, a club, a party or even a movement. Software Piracy;
There is no charter, no manifest, no membership fees. Political Campaigns against governments– Australia,
Anonymous has no leaders, no gurus, no ideologists. In fact, it Burma, Iran, UK, USA, Russia, Syria, and India;
does not even have a fixed ideology. Supporting the Arab Spring;
Anonymous has no centralized infrastructure but use Sony;
existing facilities of the Internet, especially social Wikileaks;
networks. Cyber Bullying.
“We are ready to hop on to the next one if this one
seems compromised, is under attack, or starts to bore Australian examples are linked to government decisions
us”.
relating to Internet Filtering and Data Retention.
http://www.cyberguerrilla.org
Sony Hacking Example (2011) Sony Hacking Example (2011)
Anonymous had vowed retribution against Sony for
taking legal action against hackers who cracked PS3
defences to change console operating software;
A message signed by Anonymous at the website
anonnews.org announced an "Operation Payback"
campaign aimed at Sony because of its cases against
the two hackers.
3
4. 23/10/2012
Sony Hacking Example (2011) Australian – Data Retention Strategy
77 million customers details were stolen; The Australian Government proposing:
Data Retention Strategy where Internet Service Providers
The data that was disclosed included; holds customers data for a period of two years.
passwords, logins to the Sony PlayStation network as well as user
Law enforcement agencies would have access to this data as
email addresses;
required.
It has been assessed that 700,000 Australian customers
were impacted;
Anonymous don’t agree with the proposal.
The breach occurred on April 17-19…Sony notified its
customers on the 27 April.
Anonymous Steal Data from AAPT Australian Organisations Listed
Australian Federal Police;
Anonymous steal 40GB worth of user data from ISP -
Australian Securities and Investments Commission;
AAPT and released the information to the public; Reserve Bank of Australia;
The aim was to show that ISP’s cannot securely ABC Ultimo;
NSW Attorney General's Department;
protect data; Brisbane City Council, Road and Traffic Authority;
Some of data was sanitised and released via Labour Council of NSW;
Pastebin; Bureau of Meteorology;
Department of Premier and Cabinet Queensland;
The initial release was 180,000 records posted via Australian Post;
Pastebin. Australian Crime Commission;
Productivity Commission;
Refugee Review Tribunal;
Energy Australia and;
Department of Defence Southern Region.
4
5. 23/10/2012
Anonymous Profile New Developments
Strong Global Presence; Development of new sub-group.
Warren and Leitch (2010). Hacker Taggers: A new type of hackers, Information
Strong use of Social media networks;
Systems Frontiers, Vol, 12, No 4.
Twitter
Anonymous – 648,085 Followers Hacker taggers – the same as traditional hackers but
Australian Anonymous 3,483 followers also politically motivated.
YouTube – Anonymous Channel
Message to the American People – 7.6 million views (National
Defense Authorization Act).
Hacker Taggers Hacker Taggers
A new Hacking Sub Group:
are very competitive;
have a strong desire to succeed;
exchange information amongst themselves, e.g.
successful defacements;
respect each other based upon their success;
cause minimal damage to websites or no damage to
websites;
only deface websites, do not steal information or
damage websites long term;
rely upon media reports to cause political damage or
embarrassment;
can be individuals or groups of people.
5
6. 23/10/2012
Hacker Tagger – Australian Case Study
In late 2005, the Chief Minister of the Australian
Capital Territory (ACT) caused controversy by
posting the Australian Federal draft counter-
terrorism legislation on his website without the
approval of the Federal Government.
"Fatal Error was here ohh yeahh let's go!
irc.gigachat.net #Ferror".
The response by the Media Australian Impact
Stanhope's website defaced – The Age Between 22/10/12 – 12/10/12 (10 days);
379 Australian Websites were hacked and tagged.;
Approximately 38 hacks per day.
ACT Chief Minister targeted by hackers – Computer
World
Attacks were simple exploits and hacked sites were
SMEs, schools and local government.
Hackers shut down Stanhope website – Sydney
Morning Herald.
6
7. 23/10/2012
http://organicmountaingarlic.com.au/ Queensland Fungi Society
A Pro Turkey Message and includes an audio of the Turkish national anthem.
Cyber Militias Estonia
Hackers who carry out activities because of a 1.4 million people
national political cause, acting out of patriotism. Substantial ethnic Russian minority
Brought together for a certain period of time. Member of EU and NATO.
Cyber militias need to be co-ordinated and Extensive Internet use
information distributed, e.g. tool-kits. – Banking, voting, petrol purchase, etc.
The role of governments? – 60% use Internet daily
A Developed Information Society.
7
8. 23/10/2012
The Physical Cause Protests & Cyber Attacks
On April 27, 2007, officials in Estonia relocated the
"Bronze Soldier," a Soviet-era war memorial Relocation of Russian statue triggered protests
commemorating an unknown Russian who died outside Estonia as well as inside.
fighting the Nazis. The move incited rioting by ethnic Defacement and DDoS
Russians and the blockading of the Estonian
Attacks were dominated by BOTS.
Embassy in Moscow.
Almost all traffic came from outside Estonia.
Attacks against Estonia government, media and
banking organisations.
8
9. 23/10/2012
The Attack
In Estonia the attack took the form of coordinated
mass requests for information and spam e-mail which
slowed down key Web sites so they did not function or
crashed due to the attacks.
The attacks, which started around April 27th 2007 and
lasted about three weeks. Peaking May 9th 2007 –
Victory Day – Russia.
The important role of BOTs.
9
10. 23/10/2012
Bot Net
(roBOT NETwork) Also called a "zombie army," a
botnet is a large number of compromised computers
that are used to create and send spam or viruses or
flood a network with messages as a denial of service
attack.
The computer is compromised via a Trojan that often
works by opening an Internet Relay Chat (IRC)
channel that waits for commands from the person in
control of the botnet.
Attack Profile ICMP Flood
Security Analysts observed 128 unique DDoS attacks ICMP (Internet Control Message Protocol) flood,
on Estonian websites in May 2007. also known as Ping flood or Smurf attak, is type of
Of these, Denial of Service attack.
115 were ICMP floods,
4 were TCP SYN floods, and It sends large amounts of (or just over-sized) ICMP
9 were generic traffic floods. packets to a machine in order to attempt to crash the
TCP/IP stack on the machine and cause it to stop
http://asert.arbornetworks.com responding to TCP/IP requests.
10
11. 23/10/2012
TCP SYN
An assault on a network that prevents a TCP/IP server from Foreign Affairs
servicing other users.
It is accomplished by not sending the final acknowledgment to
the server's SYN-ACK response (SYNchronize-ACKnowledge) in
the handshaking sequence, which causes the server to keep
signalling until it eventually times out.
The source address from the client is, of course, counterfeit.
SYN flood attacks can either overload the server or cause it to Government of
crash. Estonia
Dates of Attacks Duration of Attacks
Dates of Attacks Attacks Duration
21 attacks on 3rd May 2007 17 less than 1 minute
17 attacks on 4th May 2007 78 1 min - 1 hour
31 attacks on 8th May 2007 16 1 hour - 5 hours
58 attacks on 9th May 2007 8 5 hours to 9 hours
1 attack on 11th May 2007 7 10 hours or more
May 9th – Victory Day – Russia
11
12. 23/10/2012
Duration of Attacks Aftermath
Attacks Bandwidth measured Dmitri Galushkevich was fined 17,500 kroons (£830)
42 Less than 10 Mbps for an attack which blocked the website of the
52 10 Mbps - 30 Mbps Reform Party of Prime Minister Andrus Ansip.
22 30 Mbps - 70 Mbps
12 70 Mbps - 95 Mbps NATO Cooperative Cyber Defence Centre of
Excellence (NATO CCD COE) was set up on Estonia
with the support of NATO.
The largest attacks measured:
10 attacks measured at 90 Mbps, lasting upwards of 10 hours. The role of Russian Youth Groups – Nashi was
considered key in sharing and co-ordinating
activities.
Hacktivism Australian Context Grey Areas
Australian Organisations are at a low risk of
Hacktivism unless in particular industries or a The boundaries are blurred between:
particular sector; Hackers;
Mass disclosure of data could impact all Hacker Taggers;
organisations; Hacktivsm;
Cyber Militias;
Hacker Taggers is a greater risk for smaller
Cyber Terrorists and;
organisations with lower levels of security
Cyber Warfare.
Unknown political issues could trigger attacks.
12
13. 23/10/2012
Conclusion
Is Hacktivsim a modern form of civil disobedience
and just a form of expression? Thank You
Or is Hacktivism a threat to Australian organisations
and their customers?
For Your Time
The impact of unforeseen events.
Next Talk
26th November
Title: Security Learning from Incident Response
Speaker: Dr Atif Ahmad, University of Melbourne
13