SlideShare ist ein Scribd-Unternehmen logo

The impact of Hacktivism upon Australian Organisations

S
siswarren

Talk to the Australian Computer Society - SIG (Victoria) Information Security. About the impact of hacktivism on Australia. Presenter: Prof Matt Warren (www.mjwarren.com)

Technologie
1 von 13
Downloaden Sie, um offline zu lesen
23/10/2012 Hackers The Impact of Hacktivism on Australian Organisations Motivation is an important aspect of hacking, whether it is: PROFESSOR MATT WARREN, SCHOOL OF INFORMATION SYSTEMS,  Traditional - Gaining knowledge (hacker manifesto); DEAKIN UNIVERSITY  For financial gain (current situation – organised WWW.MJWARREN.COM crime). Motivation has changed over time from single hackers to groups of hackers. LulzSec Profile  Small Group of Hackers (6/7);  “For the past 50 days we've been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could”. (Last Message?);  Aim to Cause Disruption. 1
23/10/2012 Attacks Of Interest  X-Factor contestant Database Released;  Traditional model of a hacking group.  CIA Web-site Defaced;  InfraGard – FBI Think Tank – defaced site and  Extensive use of Social Media Twitter Followers – related database of user details; 356,000 and use of sites such as Pastebin.  Released 62,000 email address and passwords including Australian organisation details, e.g. Universities, local government, NPO.  Desire to highlight security weaknesses. Hacktivsm Anonymous  In the broadest term it is the use of technology as a means of protest to promote political ends. The aims of the protest would depend upon the group;  Term developed from the mid 90’s by the hacking group “Cult of the Dead Cow”;  Techniques can include hacking, malware, denial of service and information disclosure. 2
23/10/2012 Anonymous Key Campaigns  Anonymous is NOT  The Church of Scientology, Vatican;  an organization, a club, a party or even a movement.  Software Piracy;  There is no charter, no manifest, no membership fees.  Political Campaigns against governments– Australia,  Anonymous has no leaders, no gurus, no ideologists. In fact, it Burma, Iran, UK, USA, Russia, Syria, and India; does not even have a fixed ideology.  Supporting the Arab Spring;  Anonymous has no centralized infrastructure but use  Sony; existing facilities of the Internet, especially social  Wikileaks; networks.  Cyber Bullying. “We are ready to hop on to the next one if this one seems compromised, is under attack, or starts to bore Australian examples are linked to government decisions us”. relating to Internet Filtering and Data Retention. http://www.cyberguerrilla.org Sony Hacking Example (2011) Sony Hacking Example (2011)  Anonymous had vowed retribution against Sony for taking legal action against hackers who cracked PS3 defences to change console operating software;  A message signed by Anonymous at the website anonnews.org announced an "Operation Payback" campaign aimed at Sony because of its cases against the two hackers. 3
23/10/2012 Sony Hacking Example (2011) Australian – Data Retention Strategy  77 million customers details were stolen;  The Australian Government proposing:  Data Retention Strategy where Internet Service Providers  The data that was disclosed included; holds customers data for a period of two years.  passwords, logins to the Sony PlayStation network as well as user  Law enforcement agencies would have access to this data as email addresses; required.  It has been assessed that 700,000 Australian customers were impacted;  Anonymous don’t agree with the proposal.  The breach occurred on April 17-19…Sony notified its customers on the 27 April. Anonymous Steal Data from AAPT Australian Organisations Listed  Australian Federal Police;  Anonymous steal 40GB worth of user data from ISP -  Australian Securities and Investments Commission; AAPT and released the information to the public;  Reserve Bank of Australia;  The aim was to show that ISP’s cannot securely  ABC Ultimo;  NSW Attorney General's Department; protect data;  Brisbane City Council, Road and Traffic Authority;  Some of data was sanitised and released via  Labour Council of NSW; Pastebin;  Bureau of Meteorology;  Department of Premier and Cabinet Queensland;  The initial release was 180,000 records posted via  Australian Post; Pastebin.  Australian Crime Commission;  Productivity Commission;  Refugee Review Tribunal;  Energy Australia and;  Department of Defence Southern Region. 4
23/10/2012 Anonymous Profile New Developments  Strong Global Presence;  Development of new sub-group. Warren and Leitch (2010). Hacker Taggers: A new type of hackers, Information  Strong use of Social media networks;  Systems Frontiers, Vol, 12, No 4.  Twitter  Anonymous – 648,085 Followers  Hacker taggers – the same as traditional hackers but  Australian Anonymous 3,483 followers also politically motivated.  YouTube – Anonymous Channel  Message to the American People – 7.6 million views (National Defense Authorization Act). Hacker Taggers Hacker Taggers A new Hacking Sub Group:  are very competitive;  have a strong desire to succeed;  exchange information amongst themselves, e.g. successful defacements;  respect each other based upon their success;  cause minimal damage to websites or no damage to websites;  only deface websites, do not steal information or damage websites long term;  rely upon media reports to cause political damage or embarrassment;  can be individuals or groups of people. 5
23/10/2012 Hacker Tagger – Australian Case Study  In late 2005, the Chief Minister of the Australian Capital Territory (ACT) caused controversy by posting the Australian Federal draft counter- terrorism legislation on his website without the approval of the Federal Government. "Fatal Error was here ohh yeahh let's go! irc.gigachat.net #Ferror". The response by the Media Australian Impact  Stanhope's website defaced – The Age  Between 22/10/12 – 12/10/12 (10 days);  379 Australian Websites were hacked and tagged.;  Approximately 38 hacks per day.  ACT Chief Minister targeted by hackers – Computer World  Attacks were simple exploits and hacked sites were SMEs, schools and local government.  Hackers shut down Stanhope website – Sydney Morning Herald. 6
23/10/2012 http://organicmountaingarlic.com.au/ Queensland Fungi Society A Pro Turkey Message and includes an audio of the Turkish national anthem. Cyber Militias Estonia  Hackers who carry out activities because of a  1.4 million people national political cause, acting out of patriotism.  Substantial ethnic Russian minority  Brought together for a certain period of time.  Member of EU and NATO.  Cyber militias need to be co-ordinated and  Extensive Internet use information distributed, e.g. tool-kits.  – Banking, voting, petrol purchase, etc.  The role of governments?  – 60% use Internet daily  A Developed Information Society. 7
23/10/2012 The Physical Cause Protests & Cyber Attacks  On April 27, 2007, officials in Estonia relocated the "Bronze Soldier," a Soviet-era war memorial  Relocation of Russian statue triggered protests commemorating an unknown Russian who died outside Estonia as well as inside. fighting the Nazis. The move incited rioting by ethnic  Defacement and DDoS Russians and the blockading of the Estonian  Attacks were dominated by BOTS. Embassy in Moscow.  Almost all traffic came from outside Estonia.  Attacks against Estonia government, media and banking organisations. 8
23/10/2012 The Attack  In Estonia the attack took the form of coordinated mass requests for information and spam e-mail which slowed down key Web sites so they did not function or crashed due to the attacks.  The attacks, which started around April 27th 2007 and lasted about three weeks. Peaking May 9th 2007 – Victory Day – Russia.  The important role of BOTs. 9
23/10/2012 Bot Net  (roBOT NETwork) Also called a "zombie army," a botnet is a large number of compromised computers that are used to create and send spam or viruses or flood a network with messages as a denial of service attack.  The computer is compromised via a Trojan that often works by opening an Internet Relay Chat (IRC) channel that waits for commands from the person in control of the botnet. Attack Profile ICMP Flood  Security Analysts observed 128 unique DDoS attacks  ICMP (Internet Control Message Protocol) flood, on Estonian websites in May 2007. also known as Ping flood or Smurf attak, is type of  Of these, Denial of Service attack.  115 were ICMP floods,  4 were TCP SYN floods, and  It sends large amounts of (or just over-sized) ICMP  9 were generic traffic floods. packets to a machine in order to attempt to crash the TCP/IP stack on the machine and cause it to stop  http://asert.arbornetworks.com responding to TCP/IP requests. 10
23/10/2012 TCP SYN  An assault on a network that prevents a TCP/IP server from Foreign Affairs servicing other users.  It is accomplished by not sending the final acknowledgment to the server's SYN-ACK response (SYNchronize-ACKnowledge) in the handshaking sequence, which causes the server to keep signalling until it eventually times out.  The source address from the client is, of course, counterfeit.  SYN flood attacks can either overload the server or cause it to Government of crash. Estonia Dates of Attacks Duration of Attacks  Dates of Attacks  Attacks Duration  21 attacks on 3rd May 2007  17 less than 1 minute  17 attacks on 4th May 2007  78 1 min - 1 hour  31 attacks on 8th May 2007  16 1 hour - 5 hours  58 attacks on 9th May 2007  8 5 hours to 9 hours  1 attack on 11th May 2007  7 10 hours or more May 9th – Victory Day – Russia 11
23/10/2012 Duration of Attacks Aftermath  Attacks Bandwidth measured  Dmitri Galushkevich was fined 17,500 kroons (£830)  42 Less than 10 Mbps for an attack which blocked the website of the  52 10 Mbps - 30 Mbps Reform Party of Prime Minister Andrus Ansip.  22 30 Mbps - 70 Mbps  12 70 Mbps - 95 Mbps  NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD COE) was set up on Estonia with the support of NATO.  The largest attacks measured:  10 attacks measured at 90 Mbps, lasting upwards of 10 hours.  The role of Russian Youth Groups – Nashi was considered key in sharing and co-ordinating activities. Hacktivism Australian Context Grey Areas  Australian Organisations are at a low risk of Hacktivism unless in particular industries or a  The boundaries are blurred between: particular sector;  Hackers;  Mass disclosure of data could impact all  Hacker Taggers; organisations;  Hacktivsm;  Cyber Militias;  Hacker Taggers is a greater risk for smaller  Cyber Terrorists and; organisations with lower levels of security  Cyber Warfare.  Unknown political issues could trigger attacks. 12
23/10/2012 Conclusion  Is Hacktivsim a modern form of civil disobedience and just a form of expression? Thank You  Or is Hacktivism a threat to Australian organisations and their customers? For Your Time  The impact of unforeseen events. Next Talk  26th November  Title: Security Learning from Incident Response  Speaker: Dr Atif Ahmad, University of Melbourne 13

Empfohlen

Hacking - how accessible is it?
Hacking - how accessible is it?Hacking - how accessible is it?
Hacking - how accessible is it?
CPPGroup Plc
 
Wk online trust solutions overview january 2012
Wk online trust solutions overview january 2012Wk online trust solutions overview january 2012
Wk online trust solutions overview january 2012
Creus Moreira Carlos
 
Cyber security
Cyber securityCyber security
Cyber security
jvsihag
 
Uk wireless network hijacking 2010
Uk wireless network hijacking 2010Uk wireless network hijacking 2010
Uk wireless network hijacking 2010
CPPGroup Plc
 
Publication in the International Journal Sangeetha
Publication in the International Journal SangeethaPublication in the International Journal Sangeetha
Publication in the International Journal Sangeetha
Sangeetha M Kannuchamy
 
Paralegal Rainmakers Digest Jan 2013
Paralegal Rainmakers Digest Jan 2013Paralegal Rainmakers Digest Jan 2013
Paralegal Rainmakers Digest Jan 2013
Paralegal Rainmakers
 
Data breach at sony
Data breach at sonyData breach at sony
Data breach at sony
BlueBit Technologies
 
Assignment 1
Assignment 1Assignment 1
Assignment 1
NWAce
 

Empfohlen

Hacking - how accessible is it?
Hacking - how accessible is it?Hacking - how accessible is it?
Hacking - how accessible is it?
CPPGroup Plc
 
Wk online trust solutions overview january 2012
Wk online trust solutions overview january 2012Wk online trust solutions overview january 2012
Wk online trust solutions overview january 2012
Creus Moreira Carlos
 
Cyber security
Cyber securityCyber security
Cyber security
jvsihag
 
Uk wireless network hijacking 2010
Uk wireless network hijacking 2010Uk wireless network hijacking 2010
Uk wireless network hijacking 2010
CPPGroup Plc
 
Publication in the International Journal Sangeetha
Publication in the International Journal SangeethaPublication in the International Journal Sangeetha
Publication in the International Journal Sangeetha
Sangeetha M Kannuchamy
 
Paralegal Rainmakers Digest Jan 2013
Paralegal Rainmakers Digest Jan 2013Paralegal Rainmakers Digest Jan 2013
Paralegal Rainmakers Digest Jan 2013
Paralegal Rainmakers
 
Data breach at sony
Data breach at sonyData breach at sony
Data breach at sony
BlueBit Technologies
 
Assignment 1
Assignment 1Assignment 1
Assignment 1
NWAce
 
Security And Privacy Cagliari 2012
Security And Privacy Cagliari 2012Security And Privacy Cagliari 2012
Security And Privacy Cagliari 2012
Marco Morana
 
Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0
Ulf Mattsson
 
IT Risk Management In The Age of Wikileaks
IT Risk Management In The Age of WikileaksIT Risk Management In The Age of Wikileaks
IT Risk Management In The Age of Wikileaks
Anderson Ruysam, BBA (IS) CISSP, CRISC, DevSecOps
 
CWFI Presentation Version 1
CWFI Presentation Version 1CWFI Presentation Version 1
CWFI Presentation Version 1
Brett L. Scott
 
CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...
CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...
CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...
jsnyder40
 
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Alisha Deboer
 
Tech Topic Privacy
Tech Topic PrivacyTech Topic Privacy
Tech Topic Privacy
netapprad
 
Cyber Crime in Government
Cyber Crime in GovernmentCyber Crime in Government
Cyber Crime in Government
Jacqueline Fick
 
Data Theft Restrospective
Data Theft RestrospectiveData Theft Restrospective
Data Theft Restrospective
olambel
 
Clarke. nb. PRIVATE EYES. privacy and suveillance
Clarke. nb. PRIVATE EYES. privacy and suveillanceClarke. nb. PRIVATE EYES. privacy and suveillance
Clarke. nb. PRIVATE EYES. privacy and suveillance
NANDI AYANA
 
Government Access Cards: A key to fraud and identity theft reduction?
Government Access Cards: A key to fraud and identity theft reduction?Government Access Cards: A key to fraud and identity theft reduction?
Government Access Cards: A key to fraud and identity theft reduction?
Robert Bromwich
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
Ian-Edward Stafrace
 
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf MattssonISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
Ulf Mattsson
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016
InfinIT - Innovationsnetværket for it
 
Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security Protection
Shawn Crimson
 
Cyber(in)security: systemic risks and responses
Cyber(in)security: systemic risks and responsesCyber(in)security: systemic risks and responses
Cyber(in)security: systemic risks and responses
blogzilla
 
Systemic cybersecurity risk
Systemic cybersecurity riskSystemic cybersecurity risk
Systemic cybersecurity risk
blogzilla
 
Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerce
SensePost
 
LifeLock Javelin Presentation
LifeLock Javelin PresentationLifeLock Javelin Presentation
LifeLock Javelin Presentation
LifeLockBusinessSolutions
 
Data data every where!! Thomas O'Grady
Data data every where!! Thomas O'GradyData data every where!! Thomas O'Grady
Data data every where!! Thomas O'Grady
tomo006
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Andrey Devyatkin
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
Zilliz
 

Weitere ähnliche Inhalte

Ähnlich wie The impact of Hacktivism upon Australian Organisations

CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...
CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...
CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...
jsnyder40
 
Tech Topic Privacy
Tech Topic PrivacyTech Topic Privacy
Tech Topic Privacy
netapprad
 
Cyber Crime in Government
Cyber Crime in GovernmentCyber Crime in Government
Cyber Crime in Government
Jacqueline Fick
 
Data Theft Restrospective
Data Theft RestrospectiveData Theft Restrospective
Data Theft Restrospective
olambel
 
Clarke. nb. PRIVATE EYES. privacy and suveillance
Clarke. nb. PRIVATE EYES. privacy and suveillanceClarke. nb. PRIVATE EYES. privacy and suveillance
Clarke. nb. PRIVATE EYES. privacy and suveillance
NANDI AYANA
 
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf MattssonISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
Ulf Mattsson
 

Ähnlich wie The impact of Hacktivism upon Australian Organisations (20)

Security And Privacy Cagliari 2012
Security And Privacy Cagliari 2012Security And Privacy Cagliari 2012
Security And Privacy Cagliari 2012
 
Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0
 
IT Risk Management In The Age of Wikileaks
IT Risk Management In The Age of WikileaksIT Risk Management In The Age of Wikileaks
IT Risk Management In The Age of Wikileaks
 
CWFI Presentation Version 1
CWFI Presentation Version 1CWFI Presentation Version 1
CWFI Presentation Version 1
 
CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...
CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...
CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...
 
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
 
Tech Topic Privacy
Tech Topic PrivacyTech Topic Privacy
Tech Topic Privacy
 
Cyber Crime in Government
Cyber Crime in GovernmentCyber Crime in Government
Cyber Crime in Government
 
Data Theft Restrospective
Data Theft RestrospectiveData Theft Restrospective
Data Theft Restrospective
 
Clarke. nb. PRIVATE EYES. privacy and suveillance
Clarke. nb. PRIVATE EYES. privacy and suveillanceClarke. nb. PRIVATE EYES. privacy and suveillance
Clarke. nb. PRIVATE EYES. privacy and suveillance
 
Government Access Cards: A key to fraud and identity theft reduction?
Government Access Cards: A key to fraud and identity theft reduction?Government Access Cards: A key to fraud and identity theft reduction?
Government Access Cards: A key to fraud and identity theft reduction?
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
 
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf MattssonISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016
 
Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security Protection
 
Cyber(in)security: systemic risks and responses
Cyber(in)security: systemic risks and responsesCyber(in)security: systemic risks and responses
Cyber(in)security: systemic risks and responses
 
Systemic cybersecurity risk
Systemic cybersecurity riskSystemic cybersecurity risk
Systemic cybersecurity risk
 
Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerce
 
LifeLock Javelin Presentation
LifeLock Javelin PresentationLifeLock Javelin Presentation
LifeLock Javelin Presentation
 
Data data every where!! Thomas O'Grady
Data data every where!! Thomas O'GradyData data every where!! Thomas O'Grady
Data data every where!! Thomas O'Grady
 

Kürzlich hochgeladen

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 

Kürzlich hochgeladen (20)

AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 

The impact of Hacktivism upon Australian Organisations

  • 1. 23/10/2012 Hackers The Impact of Hacktivism on Australian Organisations Motivation is an important aspect of hacking, whether it is: PROFESSOR MATT WARREN, SCHOOL OF INFORMATION SYSTEMS,  Traditional - Gaining knowledge (hacker manifesto); DEAKIN UNIVERSITY  For financial gain (current situation – organised WWW.MJWARREN.COM crime). Motivation has changed over time from single hackers to groups of hackers. LulzSec Profile  Small Group of Hackers (6/7);  “For the past 50 days we've been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could”. (Last Message?);  Aim to Cause Disruption. 1
  • 2. 23/10/2012 Attacks Of Interest  X-Factor contestant Database Released;  Traditional model of a hacking group.  CIA Web-site Defaced;  InfraGard – FBI Think Tank – defaced site and  Extensive use of Social Media Twitter Followers – related database of user details; 356,000 and use of sites such as Pastebin.  Released 62,000 email address and passwords including Australian organisation details, e.g. Universities, local government, NPO.  Desire to highlight security weaknesses. Hacktivsm Anonymous  In the broadest term it is the use of technology as a means of protest to promote political ends. The aims of the protest would depend upon the group;  Term developed from the mid 90’s by the hacking group “Cult of the Dead Cow”;  Techniques can include hacking, malware, denial of service and information disclosure. 2
  • 3. 23/10/2012 Anonymous Key Campaigns  Anonymous is NOT  The Church of Scientology, Vatican;  an organization, a club, a party or even a movement.  Software Piracy;  There is no charter, no manifest, no membership fees.  Political Campaigns against governments– Australia,  Anonymous has no leaders, no gurus, no ideologists. In fact, it Burma, Iran, UK, USA, Russia, Syria, and India; does not even have a fixed ideology.  Supporting the Arab Spring;  Anonymous has no centralized infrastructure but use  Sony; existing facilities of the Internet, especially social  Wikileaks; networks.  Cyber Bullying. “We are ready to hop on to the next one if this one seems compromised, is under attack, or starts to bore Australian examples are linked to government decisions us”. relating to Internet Filtering and Data Retention. http://www.cyberguerrilla.org Sony Hacking Example (2011) Sony Hacking Example (2011)  Anonymous had vowed retribution against Sony for taking legal action against hackers who cracked PS3 defences to change console operating software;  A message signed by Anonymous at the website anonnews.org announced an "Operation Payback" campaign aimed at Sony because of its cases against the two hackers. 3
  • 4. 23/10/2012 Sony Hacking Example (2011) Australian – Data Retention Strategy  77 million customers details were stolen;  The Australian Government proposing:  Data Retention Strategy where Internet Service Providers  The data that was disclosed included; holds customers data for a period of two years.  passwords, logins to the Sony PlayStation network as well as user  Law enforcement agencies would have access to this data as email addresses; required.  It has been assessed that 700,000 Australian customers were impacted;  Anonymous don’t agree with the proposal.  The breach occurred on April 17-19…Sony notified its customers on the 27 April. Anonymous Steal Data from AAPT Australian Organisations Listed  Australian Federal Police;  Anonymous steal 40GB worth of user data from ISP -  Australian Securities and Investments Commission; AAPT and released the information to the public;  Reserve Bank of Australia;  The aim was to show that ISP’s cannot securely  ABC Ultimo;  NSW Attorney General's Department; protect data;  Brisbane City Council, Road and Traffic Authority;  Some of data was sanitised and released via  Labour Council of NSW; Pastebin;  Bureau of Meteorology;  Department of Premier and Cabinet Queensland;  The initial release was 180,000 records posted via  Australian Post; Pastebin.  Australian Crime Commission;  Productivity Commission;  Refugee Review Tribunal;  Energy Australia and;  Department of Defence Southern Region. 4
  • 5. 23/10/2012 Anonymous Profile New Developments  Strong Global Presence;  Development of new sub-group. Warren and Leitch (2010). Hacker Taggers: A new type of hackers, Information  Strong use of Social media networks;  Systems Frontiers, Vol, 12, No 4.  Twitter  Anonymous – 648,085 Followers  Hacker taggers – the same as traditional hackers but  Australian Anonymous 3,483 followers also politically motivated.  YouTube – Anonymous Channel  Message to the American People – 7.6 million views (National Defense Authorization Act). Hacker Taggers Hacker Taggers A new Hacking Sub Group:  are very competitive;  have a strong desire to succeed;  exchange information amongst themselves, e.g. successful defacements;  respect each other based upon their success;  cause minimal damage to websites or no damage to websites;  only deface websites, do not steal information or damage websites long term;  rely upon media reports to cause political damage or embarrassment;  can be individuals or groups of people. 5
  • 6. 23/10/2012 Hacker Tagger – Australian Case Study  In late 2005, the Chief Minister of the Australian Capital Territory (ACT) caused controversy by posting the Australian Federal draft counter- terrorism legislation on his website without the approval of the Federal Government. "Fatal Error was here ohh yeahh let's go! irc.gigachat.net #Ferror". The response by the Media Australian Impact  Stanhope's website defaced – The Age  Between 22/10/12 – 12/10/12 (10 days);  379 Australian Websites were hacked and tagged.;  Approximately 38 hacks per day.  ACT Chief Minister targeted by hackers – Computer World  Attacks were simple exploits and hacked sites were SMEs, schools and local government.  Hackers shut down Stanhope website – Sydney Morning Herald. 6
  • 7. 23/10/2012 http://organicmountaingarlic.com.au/ Queensland Fungi Society A Pro Turkey Message and includes an audio of the Turkish national anthem. Cyber Militias Estonia  Hackers who carry out activities because of a  1.4 million people national political cause, acting out of patriotism.  Substantial ethnic Russian minority  Brought together for a certain period of time.  Member of EU and NATO.  Cyber militias need to be co-ordinated and  Extensive Internet use information distributed, e.g. tool-kits.  – Banking, voting, petrol purchase, etc.  The role of governments?  – 60% use Internet daily  A Developed Information Society. 7
  • 8. 23/10/2012 The Physical Cause Protests & Cyber Attacks  On April 27, 2007, officials in Estonia relocated the "Bronze Soldier," a Soviet-era war memorial  Relocation of Russian statue triggered protests commemorating an unknown Russian who died outside Estonia as well as inside. fighting the Nazis. The move incited rioting by ethnic  Defacement and DDoS Russians and the blockading of the Estonian  Attacks were dominated by BOTS. Embassy in Moscow.  Almost all traffic came from outside Estonia.  Attacks against Estonia government, media and banking organisations. 8
  • 9. 23/10/2012 The Attack  In Estonia the attack took the form of coordinated mass requests for information and spam e-mail which slowed down key Web sites so they did not function or crashed due to the attacks.  The attacks, which started around April 27th 2007 and lasted about three weeks. Peaking May 9th 2007 – Victory Day – Russia.  The important role of BOTs. 9
  • 10. 23/10/2012 Bot Net  (roBOT NETwork) Also called a "zombie army," a botnet is a large number of compromised computers that are used to create and send spam or viruses or flood a network with messages as a denial of service attack.  The computer is compromised via a Trojan that often works by opening an Internet Relay Chat (IRC) channel that waits for commands from the person in control of the botnet. Attack Profile ICMP Flood  Security Analysts observed 128 unique DDoS attacks  ICMP (Internet Control Message Protocol) flood, on Estonian websites in May 2007. also known as Ping flood or Smurf attak, is type of  Of these, Denial of Service attack.  115 were ICMP floods,  4 were TCP SYN floods, and  It sends large amounts of (or just over-sized) ICMP  9 were generic traffic floods. packets to a machine in order to attempt to crash the TCP/IP stack on the machine and cause it to stop  http://asert.arbornetworks.com responding to TCP/IP requests. 10
  • 11. 23/10/2012 TCP SYN  An assault on a network that prevents a TCP/IP server from Foreign Affairs servicing other users.  It is accomplished by not sending the final acknowledgment to the server's SYN-ACK response (SYNchronize-ACKnowledge) in the handshaking sequence, which causes the server to keep signalling until it eventually times out.  The source address from the client is, of course, counterfeit.  SYN flood attacks can either overload the server or cause it to Government of crash. Estonia Dates of Attacks Duration of Attacks  Dates of Attacks  Attacks Duration  21 attacks on 3rd May 2007  17 less than 1 minute  17 attacks on 4th May 2007  78 1 min - 1 hour  31 attacks on 8th May 2007  16 1 hour - 5 hours  58 attacks on 9th May 2007  8 5 hours to 9 hours  1 attack on 11th May 2007  7 10 hours or more May 9th – Victory Day – Russia 11
  • 12. 23/10/2012 Duration of Attacks Aftermath  Attacks Bandwidth measured  Dmitri Galushkevich was fined 17,500 kroons (£830)  42 Less than 10 Mbps for an attack which blocked the website of the  52 10 Mbps - 30 Mbps Reform Party of Prime Minister Andrus Ansip.  22 30 Mbps - 70 Mbps  12 70 Mbps - 95 Mbps  NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD COE) was set up on Estonia with the support of NATO.  The largest attacks measured:  10 attacks measured at 90 Mbps, lasting upwards of 10 hours.  The role of Russian Youth Groups – Nashi was considered key in sharing and co-ordinating activities. Hacktivism Australian Context Grey Areas  Australian Organisations are at a low risk of Hacktivism unless in particular industries or a  The boundaries are blurred between: particular sector;  Hackers;  Mass disclosure of data could impact all  Hacker Taggers; organisations;  Hacktivsm;  Cyber Militias;  Hacker Taggers is a greater risk for smaller  Cyber Terrorists and; organisations with lower levels of security  Cyber Warfare.  Unknown political issues could trigger attacks. 12
  • 13. 23/10/2012 Conclusion  Is Hacktivsim a modern form of civil disobedience and just a form of expression? Thank You  Or is Hacktivism a threat to Australian organisations and their customers? For Your Time  The impact of unforeseen events. Next Talk  26th November  Title: Security Learning from Incident Response  Speaker: Dr Atif Ahmad, University of Melbourne 13