South East Asia is well known as a hot bed of political hacking. This latest attack is covered in the linked article.
A ring of Indonesian hackers on Monday claimed to have attacked a list of more than 120 Web sites as retribution for Malaysia’s alleged theft of Indonesian cultural items and abuse of migrant workers.
A statement was posted on a Blogspot blog titled “Terselubung” saying that a number of Malaysian Web sites had been hacked and defaced to “celebrate” Malaysia’s Independence Day, which fell on Monday August 31.
“Today, August 31, 2009, an uncreative country, a country who likes to steal Indonesian culture, a country whose citizen is the mastermind of bombings in Indonesia, a country who has tortured many of our sisters — the migrant workers who worked there, a country who abused our national anthem, a country who harassed Indonesia on the Internet, a country that has stolen Sipadan and Ligitan islands, a country which has trespassed our water illegally, a country which received their independence from Britain, is celebrating its anniversary,” the Web site stated.
Indonesian Hackers Launch Independence Day Attack on Malaysian Web Sites
August 2007 the UN.org website was hacked by activists. It turns out that after 2 years the website is still vulnerable. This is unfortunate, as far as we know the only damage in the previous hack was a defacement. The page was changed and a message was placed on the site by the hackers.
The fact the UN.org has not deemed it important enough to fix, shows little understanding of the need for good security. This is not an elite hack, the vulnerability is a simple SQL Injection that could lead to more than a defacement.
Attackers could potentially use this to take control over the server, and then capture logins. As often is the case logins are reused so the potential is there for capturing login information to more important systems within the UN system.
The page could be defaced with injected malware. This would put thousands of visitors to the un.org at risk of there own systems being compromised. The database that houses the website may contain other databases containing logins, or personal details and other sensitive information.
Dear UN.org,
Please fix your web site, it would not cost much – and then have your security reviewed for further problems. Our partner site HackerTarget.com would be willing to do a full assessment for free.
Regards,
Peter
IronCove.net
Update I have just tested the simple injection test putting a extra quote at the end of the url mentioned in the linked article and the problem appears to have been fixed. Lets hope they go to the trouble for a full security review.
UN.org still vulnerable
The International Development Research Centre (IDRC) has hosted a meeting where Rafal Rohozinski has highlighted the need for Information Security within NGO and Nonprofit organisations.
State-sponsored attacks that block websites and shut down mobile phone networks are increasingly being used to “disrupt the work of civil society at times when their input could be critical to political or social processes,” Rafal Rohozinski told a public meeting at the International Development Research Centre (IDRC).
Well-meaning groups working in the developing world also risk endangering the very individuals and communities they seek to help if they fail to get up to speed on information security in the digital era, he says.
At first glance, electronic spying might appear to be a cloak and dagger realm of little relevance to groups working in the field of international development. “Yet cyber security and cyber espionage have far-reaching implications for our work,” Rohozinski says.
In the past, traditional “signals intelligence” focused on intercepting communications — whether sent by telex, fax, phone, or mail — as they were in transit to their intended recipients. But the Internet has changed all that. Information can now be retrieved at source before it moves anywhere, and the cost of collecting it — using low-tech tools available to anyone — is minimal. It is now easy and cheap to vacuum up information, Rohozinski says — “and NGOs are more of a target than they were 15 years ago.”
Groups that collect data on vulnerable communities risk putting them in greater danger if the information is stolen, he says. Even seemingly benign documents, such as lists of meeting participants, could have strategic importance in the wrong hands.
“It’s important to recognize that as NGOs, particularly those that work with communities at risk, you are collecting information of a personal nature, which can be put to uses that are very different — in fact, antithetical — to the reasons you collect it,” Rohozinski says.
“There has to be discipline about what information you collect and how you hold and communicate it. But most NGOs and research organizations are poorly versed in information security — the level of awareness is abysmally low. Commercial off-the-shelf software won’t thwart this kind of attack.”
Oneworld Linked article – Civil Society Must Get Up to Speed on Cyber Security
The media is a buzz with the ongoing “cyber warfare” attacks against Iranian Government servers following the election and protests that have followed in Iran this week. It is all about Twitter according to many news articles.
For an excellent analysis head over to Dancho Danchev’s blog, as always he has done an excellent job at dissecting the attacks from a technical perspective.
By utilizing the people’s information warfare concept, Iranian opposition has managed to successfully organize a cyber attack against Tehran’s regime (complete analysis) by using Twitter, web forums, and localization (translation) of the recruitment messages in order to seek assistance from foreigners.
So far, their rather simplistic denial of service tools has managed to disrupt access to key government web sites, and the intensity of the attacks is prone to increase since the opposition appears to be in a “learning mode”.
Iranian Opposition DDoS-es pro-Ahmadinejad Sites
The State of Irans Ongoing Netwar – Slashdot Coverage with some interesting comments
Irans Netwar – Netwar focused coverage with some background on the history of “Netwar”
This excellent piece of work by the Citizen Lab should be required reading for any human rights or political organisation. It highlights a focused and high value targeting by attackers (whoever they are) that clearly oppose the groups goals.
This report documents the GhostNet – a suspected cyber espionage network of over 1,295 infected computers in 103 countries, 30% of which are high-value targets, including ministries of foreign affairs, embassies, international organizations, news media, and NGOs.
The capabilities of GhostNet are far-reaching. The report reveals that Tibetan computer systems were compromised giving attackers access to potentially sensitive information, including documents from the private office of the Dalai Lama. The report presents evidence showing that numerous computer systems were compromised in ways that circumstantially point to China as the culprit. But the report is careful not to draw conclusions about the exact motivation or the identity of the attacker(s), or how to accurately characterize this network of infections as a whole. The report argues that attribution can be obscured.
The report concludes that who is in control of GhostNet is less important than the opportunity for generating strategic intelligence that it represents. The report underscores the growing capabilities of computer network exploitation, the ease by which cyberspace can be used as a vector for new do-it-yourself form of signals intelligence. It ends with warning to policy makers that information security requires serious attention.
GhostNet – Investigating a Cyber Espionage Network
Infowar-monitor.net
The SSD project is an excellent resource when it comes to protecting your computer and communications from unauthorized access and surveillance. While focused on providing information to US citizens, and the rights and laws within the USA, there is much information regarding the general well being of your computer and its communications. There is a good section on technical measures as well as introductory information to the various aspects of Information Protection.
The Electronic Frontier Foundation (EFF) has created this Surveillance Self-Defense site to educate the American public about the law and technology of government surveillance in the United States, providing the information and tools necessary to evaluate the threat of surveillance and take appropriate steps to defend against it.
Surveillance Self-Defense
Following the recent attacks against the Gaza strip over the past few days, Israeli websites are being attacked in what is being described as a “propaganda war”. This follows recent trends where large scale political events and aggression are being occuring alongside “cyber attacks”, as seen in Georgia, Russia and the China – Tibet attacks as covered here at Ironcove.net. Whether any of this is organised or more the efforts of angry individuals is still open to speculation.
It didn’t take long after Israel’s bombing of Gaza began for cyberwarfare to erupt as well: More than 300 Israeli Websites over the past few days have been hacked and defaced with anti-Israeli and anti-U.S. messages in an online propaganda campaign, a security expert says.
Hundreds of Israeli Websites hacked
More speculation about government sponsored cyber attacks. This time its in the Russia vs Georgia sphere.
Here is a copy of a post to the Shadowserver mailing list:
We wanted to give everyone an update on what we have been seeing in terms of
DDoS attacks against Georgian websites. The last DDoS-related blog we had
in July involved the website for the President of Georgia. In the last few
days we have seen a resurgence in attacks against both the President of
Georgia’s website and other Georgian targets – both government and
non-government. If you are interested you may read more at the following
URL:
http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20080811
Our friends over at HackerTarget.com have recently started offering free Nessus Vulnerability Scanning to non-profit organisations. Nessus is the worlds leading vulnerability scanning solution. It is a tool that scans an IP address for vulnerabilities so that they can then be acted upon and fixed. In some ways it is a simulated hacker attack against your server – so that when you do get scanned by hackers, your security holes have already been fixed. If you run any internet connected server it is a good idea to test it for security problems on a regular basis.
Free Vulnerability Scanning for Nonprofits
