The media is a buzz with the ongoing “cyber warfare” attacks against Iranian Government servers following the election and protests that have followed in Iran this week. It is all about Twitter according to many news articles.
For an excellent analysis head over to Dancho Danchev’s blog, as always he has done an excellent job at dissecting the attacks from a technical perspective.
By utilizing the people’s information warfare concept, Iranian opposition has managed to successfully organize a cyber attack against Tehran’s regime (complete analysis) by using Twitter, web forums, and localization (translation) of the recruitment messages in order to seek assistance from foreigners.
So far, their rather simplistic denial of service tools has managed to disrupt access to key government web sites, and the intensity of the attacks is prone to increase since the opposition appears to be in a “learning mode”.
Iranian Opposition DDoS-es pro-Ahmadinejad Sites
The State of Irans Ongoing Netwar - Slashdot Coverage with some interesting comments
Irans Netwar - Netwar focused coverage with some background on the history of “Netwar”
This excellent piece of work by the Citizen Lab should be required reading for any human rights or political organisation. It highlights a focused and high value targeting by attackers (whoever they are) that clearly oppose the groups goals.
This report documents the GhostNet - a suspected cyber espionage network of over 1,295 infected computers in 103 countries, 30% of which are high-value targets, including ministries of foreign affairs, embassies, international organizations, news media, and NGOs.
The capabilities of GhostNet are far-reaching. The report reveals that Tibetan computer systems were compromised giving attackers access to potentially sensitive information, including documents from the private office of the Dalai Lama. The report presents evidence showing that numerous computer systems were compromised in ways that circumstantially point to China as the culprit. But the report is careful not to draw conclusions about the exact motivation or the identity of the attacker(s), or how to accurately characterize this network of infections as a whole. The report argues that attribution can be obscured.
The report concludes that who is in control of GhostNet is less important than the opportunity for generating strategic intelligence that it represents. The report underscores the growing capabilities of computer network exploitation, the ease by which cyberspace can be used as a vector for new do-it-yourself form of signals intelligence. It ends with warning to policy makers that information security requires serious attention.
GhostNet - Investigating a Cyber Espionage Network
Infowar-monitor.net
The SSD project is an excellent resource when it comes to protecting your computer and communications from unauthorized access and surveillance. While focused on providing information to US citizens, and the rights and laws within the USA, there is much information regarding the general well being of your computer and its communications. There is a good section on technical measures as well as introductory information to the various aspects of Information Protection.
The Electronic Frontier Foundation (EFF) has created this Surveillance Self-Defense site to educate the American public about the law and technology of government surveillance in the United States, providing the information and tools necessary to evaluate the threat of surveillance and take appropriate steps to defend against it.
Surveillance Self-Defense
While reading about a new IE7 exploit being used in the wild, I stumbled across this reference to possible further political attacks originating from China. As we have covered here in the past. Including the paper “When Dragons Attack”.
Yaneza and Ferguson speculated that the current attacks are precursors to a much larger assault that will revive a campaign that tempted users with news about Tibet. Those attacks, which Trend Micro reported in January 2008, share some characteristics with the newest exploits, including malware disguised as Word documents. Yaneza also said that it appears as though the hacker’s command-and-control server is based in China, lending more credence to their theory.
“This is the 50th anniversary of the Tibetan freedom movement,” said Ferguson, who said it’s likely that a large-scale attack based on this exploit would use that news as bait. In 1959, when the People’s Republic of China took full control of Tibet, the Dali Lama fled to India, where he is the head of a Tibetan government-in-exile.
Hackers jump on newest IE7 bug
Following the recent attacks against the Gaza strip over the past few days, Israeli websites are being attacked in what is being described as a “propaganda war”. This follows recent trends where large scale political events and aggression are being occuring alongside “cyber attacks”, as seen in Georgia, Russia and the China - Tibet attacks as covered here at Ironcove.net. Whether any of this is organised or more the efforts of angry individuals is still open to speculation.
It didn’t take long after Israel’s bombing of Gaza began for cyberwarfare to erupt as well: More than 300 Israeli Websites over the past few days have been hacked and defaced with anti-Israeli and anti-U.S. messages in an online propaganda campaign, a security expert says.
Hundreds of Israeli Websites hacked
More speculation about government sponsored cyber attacks. This time its in the Russia vs Georgia sphere.
Here is a copy of a post to the Shadowserver mailing list:
We wanted to give everyone an update on what we have been seeing in terms of
DDoS attacks against Georgian websites. The last DDoS-related blog we had
in July involved the website for the President of Georgia. In the last few
days we have seen a resurgence in attacks against both the President of
Georgia’s website and other Georgian targets - both government and
non-government. If you are interested you may read more at the following
URL:
http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20080811
While we here at Ironcove.net are big fans of Linux on the desktop, we are also aware that it can be a scary proposition for those who have used Microsoft products for years. Running an alternative browser on your Windows platform is often a first step towards greater security against malware and getting away from the control that Microsoft exerts through its dominance. Opera have an alternative browser to Firefox and Internet Explorer, and the latest version has some great anti-malware features that could be an excellent defense against malware based attacks.
A good review of the new version of Opera 9.5 is over at Linuxdesktop.org
The centerpiece of version 9.5 is a security package based on technology from Haute Secure, Netcraft, and PhishTank, that the Norway-based Opera Software calls “Opera Fraud Protection.” The anti-malware feature from Haute Secure automatically blocks offending Web pages to protect against malware and other security threats. The browser queries Opera’s servers when a user requests a new webpage and then checks it against the HauteSecure list of blacklisted pages in the same domain. Meanwhile, verson 9.5 continues to update anti-phishing features from PhishTank, which were introduced in Opera 9.1 back in December 2006.
Over the past two months there has been a significant increase in targeted malware and other attacks against the Tibetan Community and its supporters. Ironcove.net has put together a paper that covers the various attacks and looks into the possibility and extent of Chinese Government involvement in those attacks. We have also highlighted the fact that many of these attacks would be ineffective against an Ubuntu Desktop operating system.
It is the recommendation of ironcove.net that human rights groups around the world should start to seriously look at the benefits of running a free and open operating system such as Ubuntu Linux. Today a new release of Ubuntu has been launched, it is a great time to sample the power of Open Source.
When Dragons Attack (PDF)
Our friends over at HackerTarget.com have recently started offering free Nessus Vulnerability Scanning to non-profit organisations. Nessus is the worlds leading vulnerability scanning solution. It is a tool that scans an IP address for vulnerabilities so that they can then be acted upon and fixed. In some ways it is a simulated hacker attack against your server - so that when you do get scanned by hackers, your security holes have already been fixed. If you run any internet connected server it is a good idea to test it for security problems on a regular basis.
Free Vulnerability Scanning for Nonprofits
