Another film festival web site attacked for showing a “controversial” documentary about the Uygur people.
A well-known Chinese hacker has struck again, hitting a film festival
showing a documentary about Uygur separatist Rebiya Kadeer.
Around 3 pm Monday, Taiwan’s Kaohsiung Film Festival webpage was
replaced with an image of the People’s Liberation Army with China’s
national anthem playing in the background. The image was later changed
to a picture of Kadeer with the Dalai Lama, who recently visited Taiwan.
The hacker defaced the website with the message: “Against Xinjiang
separatists, against Tibet separatists and happy 60th birthday to the
People’s Republic of China! Perhaps oldjun!”
“Oldjun” is also the hacker who replaced the official website of the
Melbourne Film Festival with an image of the Chinese flag and some
anti-Kadeer slogans in late July after the organizer refused to withdraw
the documentary.
“I hacked into their website because I simply want to express people’s
anger about the screening of the film,” the 25-year-old network
administrator “oldjun” from Nanjing exclusively told China Daily Monday.
“It is the same reason why I hacked into the Melbourne Film Festival’s
website.”
He said he found security flaws in the website and hacked into it within
one minute. “It is my own doing. Nobody told me to do it. I really don’t
understand why they have to show the film.” The website returned to
normal around 7 pm last night.
http://www.chinadaily.com.cn/china/2009-09/22/content_8719448.htm
South East Asia is well known as a hot bed of political hacking. This latest attack is covered in the linked article.
A ring of Indonesian hackers on Monday claimed to have attacked a list of more than 120 Web sites as retribution for Malaysia’s alleged theft of Indonesian cultural items and abuse of migrant workers.
A statement was posted on a Blogspot blog titled “Terselubung” saying that a number of Malaysian Web sites had been hacked and defaced to “celebrate” Malaysia’s Independence Day, which fell on Monday August 31.
“Today, August 31, 2009, an uncreative country, a country who likes to steal Indonesian culture, a country whose citizen is the mastermind of bombings in Indonesia, a country who has tortured many of our sisters — the migrant workers who worked there, a country who abused our national anthem, a country who harassed Indonesia on the Internet, a country that has stolen Sipadan and Ligitan islands, a country which has trespassed our water illegally, a country which received their independence from Britain, is celebrating its anniversary,” the Web site stated.
Indonesian Hackers Launch Independence Day Attack on Malaysian Web Sites
August 2007 the UN.org website was hacked by activists. It turns out that after 2 years the website is still vulnerable. This is unfortunate, as far as we know the only damage in the previous hack was a defacement. The page was changed and a message was placed on the site by the hackers.
The fact the UN.org has not deemed it important enough to fix, shows little understanding of the need for good security. This is not an elite hack, the vulnerability is a simple SQL Injection that could lead to more than a defacement.
Attackers could potentially use this to take control over the server, and then capture logins. As often is the case logins are reused so the potential is there for capturing login information to more important systems within the UN system.
The page could be defaced with injected malware. This would put thousands of visitors to the un.org at risk of there own systems being compromised. The database that houses the website may contain other databases containing logins, or personal details and other sensitive information.
Dear UN.org,
Please fix your web site, it would not cost much – and then have your security reviewed for further problems. Our partner site HackerTarget.com would be willing to do a full assessment for free.
Regards,
Peter
IronCove.net
Update I have just tested the simple injection test putting a extra quote at the end of the url mentioned in the linked article and the problem appears to have been fixed. Lets hope they go to the trouble for a full security review.
UN.org still vulnerable
We have pointed out the great work of Tactical Technology Collective and Frontline Defenders (NGO-in-a-box) in the past, either way this article is a great reminder and provides some good linkage to the excellent work being done by these guys.
A post which could just as easily be titled “how to try and keep the Sudanese Government (or insert other oppressive regime) from reading everything on your computer.” As they are sometimes wont to do, especially when expelling large numbers of NGOs.
An anonymous aid worker who was recently expelled from Sudan described the following:
“Government officials quickly arrived at the office, confiscating all our assets – our phones and computers to start with…At the airport, National Security were waiting for us. They searched through all of our bags. They took – stole – all kinds of personal items: cameras, iPods, our own computers with hundreds of photos of our lives and friends in Darfur.”
http://security.ngoinabox.org/
Securing Sensitive Information and Communications in the Field
The International Development Research Centre (IDRC) has hosted a meeting where Rafal Rohozinski has highlighted the need for Information Security within NGO and Nonprofit organisations.
State-sponsored attacks that block websites and shut down mobile phone networks are increasingly being used to “disrupt the work of civil society at times when their input could be critical to political or social processes,” Rafal Rohozinski told a public meeting at the International Development Research Centre (IDRC).
Well-meaning groups working in the developing world also risk endangering the very individuals and communities they seek to help if they fail to get up to speed on information security in the digital era, he says.
At first glance, electronic spying might appear to be a cloak and dagger realm of little relevance to groups working in the field of international development. “Yet cyber security and cyber espionage have far-reaching implications for our work,” Rohozinski says.
In the past, traditional “signals intelligence” focused on intercepting communications — whether sent by telex, fax, phone, or mail — as they were in transit to their intended recipients. But the Internet has changed all that. Information can now be retrieved at source before it moves anywhere, and the cost of collecting it — using low-tech tools available to anyone — is minimal. It is now easy and cheap to vacuum up information, Rohozinski says — “and NGOs are more of a target than they were 15 years ago.”
Groups that collect data on vulnerable communities risk putting them in greater danger if the information is stolen, he says. Even seemingly benign documents, such as lists of meeting participants, could have strategic importance in the wrong hands.
“It’s important to recognize that as NGOs, particularly those that work with communities at risk, you are collecting information of a personal nature, which can be put to uses that are very different — in fact, antithetical — to the reasons you collect it,” Rohozinski says.
“There has to be discipline about what information you collect and how you hold and communicate it. But most NGOs and research organizations are poorly versed in information security — the level of awareness is abysmally low. Commercial off-the-shelf software won’t thwart this kind of attack.”
Oneworld Linked article – Civil Society Must Get Up to Speed on Cyber Security
Oxblood Ruffin has written a thought provoking and scathing piece on Internet censorship; highlighting the hypocrisy of those who praise Internet freedom while allowing those who build the tools that make censorship possible to quietly profit from it.
President Obama and Germany’s Chancellor Merkel have both been just a teensy bit hypocritical in their support of the Iranian people. While they’ve voiced that support, they are also actively supporting the Western corporations supplying censorware and weaponry to Iran – and other human rights violators.
China, the country that single-handedly established the world’s most robust national firewall, was always seen as a cash cow by American IT firms. It had Google, Microsoft, Cisco, and Yahoo sucking on all four teats, and their efforts have borne fruit.
—
Siemens/Nokia – a European alliance – has stitched together a reasonably effective control mechanism for its clients in Tehran.
You can’t support free speech while siding with those who oppress it
Tor Project <<—- Support it – donate now.
The media is a buzz with the ongoing “cyber warfare” attacks against Iranian Government servers following the election and protests that have followed in Iran this week. It is all about Twitter according to many news articles.
For an excellent analysis head over to Dancho Danchev’s blog, as always he has done an excellent job at dissecting the attacks from a technical perspective.
By utilizing the people’s information warfare concept, Iranian opposition has managed to successfully organize a cyber attack against Tehran’s regime (complete analysis) by using Twitter, web forums, and localization (translation) of the recruitment messages in order to seek assistance from foreigners.
So far, their rather simplistic denial of service tools has managed to disrupt access to key government web sites, and the intensity of the attacks is prone to increase since the opposition appears to be in a “learning mode”.
Iranian Opposition DDoS-es pro-Ahmadinejad Sites
The State of Irans Ongoing Netwar – Slashdot Coverage with some interesting comments
Irans Netwar – Netwar focused coverage with some background on the history of “Netwar”
This excellent piece of work by the Citizen Lab should be required reading for any human rights or political organisation. It highlights a focused and high value targeting by attackers (whoever they are) that clearly oppose the groups goals.
This report documents the GhostNet – a suspected cyber espionage network of over 1,295 infected computers in 103 countries, 30% of which are high-value targets, including ministries of foreign affairs, embassies, international organizations, news media, and NGOs.
The capabilities of GhostNet are far-reaching. The report reveals that Tibetan computer systems were compromised giving attackers access to potentially sensitive information, including documents from the private office of the Dalai Lama. The report presents evidence showing that numerous computer systems were compromised in ways that circumstantially point to China as the culprit. But the report is careful not to draw conclusions about the exact motivation or the identity of the attacker(s), or how to accurately characterize this network of infections as a whole. The report argues that attribution can be obscured.
The report concludes that who is in control of GhostNet is less important than the opportunity for generating strategic intelligence that it represents. The report underscores the growing capabilities of computer network exploitation, the ease by which cyberspace can be used as a vector for new do-it-yourself form of signals intelligence. It ends with warning to policy makers that information security requires serious attention.
GhostNet – Investigating a Cyber Espionage Network
Infowar-monitor.net
The SSD project is an excellent resource when it comes to protecting your computer and communications from unauthorized access and surveillance. While focused on providing information to US citizens, and the rights and laws within the USA, there is much information regarding the general well being of your computer and its communications. There is a good section on technical measures as well as introductory information to the various aspects of Information Protection.
The Electronic Frontier Foundation (EFF) has created this Surveillance Self-Defense site to educate the American public about the law and technology of government surveillance in the United States, providing the information and tools necessary to evaluate the threat of surveillance and take appropriate steps to defend against it.
Surveillance Self-Defense
While reading about a new IE7 exploit being used in the wild, I stumbled across this reference to possible further political attacks originating from China. As we have covered here in the past. Including the paper “When Dragons Attack”.
Yaneza and Ferguson speculated that the current attacks are precursors to a much larger assault that will revive a campaign that tempted users with news about Tibet. Those attacks, which Trend Micro reported in January 2008, share some characteristics with the newest exploits, including malware disguised as Word documents. Yaneza also said that it appears as though the hacker’s command-and-control server is based in China, lending more credence to their theory.
“This is the 50th anniversary of the Tibetan freedom movement,” said Ferguson, who said it’s likely that a large-scale attack based on this exploit would use that news as bait. In 1959, when the People’s Republic of China took full control of Tibet, the Dali Lama fled to India, where he is the head of a Tibetan government-in-exile.
Hackers jump on newest IE7 bug
