Following the recent attacks against the Gaza strip over the past few days, Israeli websites are being attacked in what is being described as a “propaganda war”. This follows recent trends where large scale political events and aggression are being occuring alongside “cyber attacks”, as seen in Georgia, Russia and the China – Tibet attacks as covered here at Ironcove.net. Whether any of this is organised or more the efforts of angry individuals is still open to speculation.
It didn’t take long after Israel’s bombing of Gaza began for cyberwarfare to erupt as well: More than 300 Israeli Websites over the past few days have been hacked and defaced with anti-Israeli and anti-U.S. messages in an online propaganda campaign, a security expert says.
Hundreds of Israeli Websites hacked
More speculation about government sponsored cyber attacks. This time its in the Russia vs Georgia sphere.
Here is a copy of a post to the Shadowserver mailing list:
We wanted to give everyone an update on what we have been seeing in terms of
DDoS attacks against Georgian websites. The last DDoS-related blog we had
in July involved the website for the President of Georgia. In the last few
days we have seen a resurgence in attacks against both the President of
Georgia’s website and other Georgian targets – both government and
non-government. If you are interested you may read more at the following
URL:
http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20080811
While we here at Ironcove.net are big fans of Linux on the desktop, we are also aware that it can be a scary proposition for those who have used Microsoft products for years. Running an alternative browser on your Windows platform is often a first step towards greater security against malware and getting away from the control that Microsoft exerts through its dominance. Opera have an alternative browser to Firefox and Internet Explorer, and the latest version has some great anti-malware features that could be an excellent defense against malware based attacks.
A good review of the new version of Opera 9.5 is over at Linuxdesktop.org
The centerpiece of version 9.5 is a security package based on technology from Haute Secure, Netcraft, and PhishTank, that the Norway-based Opera Software calls “Opera Fraud Protection.” The anti-malware feature from Haute Secure automatically blocks offending Web pages to protect against malware and other security threats. The browser queries Opera’s servers when a user requests a new webpage and then checks it against the HauteSecure list of blacklisted pages in the same domain. Meanwhile, verson 9.5 continues to update anti-phishing features from PhishTank, which were introduced in Opera 9.1 back in December 2006.
Over the past two months there has been a significant increase in targeted malware and other attacks against the Tibetan Community and its supporters. Ironcove.net has put together a paper that covers the various attacks and looks into the possibility and extent of Chinese Government involvement in those attacks. We have also highlighted the fact that many of these attacks would be ineffective against an Ubuntu Desktop operating system.
It is the recommendation of ironcove.net that human rights groups around the world should start to seriously look at the benefits of running a free and open operating system such as Ubuntu Linux. Today a new release of Ubuntu has been launched, it is a great time to sample the power of Open Source.
When Dragons Attack (PDF)
Our friends over at HackerTarget.com have recently started offering free Nessus Vulnerability Scanning to non-profit organisations. Nessus is the worlds leading vulnerability scanning solution. It is a tool that scans an IP address for vulnerabilities so that they can then be acted upon and fixed. In some ways it is a simulated hacker attack against your server – so that when you do get scanned by hackers, your security holes have already been fixed. If you run any internet connected server it is a good idea to test it for security problems on a regular basis.
Free Vulnerability Scanning for Nonprofits
The Register has a summary of more targeted malware attacks against the Tibetan Community and Supporters. The attack involves an email that when the flash movie is viewed it will install a keylogger on the computer. The keylogger will then record all keystrokes on the computer and send the details to a server in China.
Now I am not going to point fingers and I would like to do some more research into these attacks and the possible origins. Remember just because it appears the attacks are coming from China nothing is certain, as this could as easily be a bored teenager in the USA who compromised a server in China or it could be something more sinister.
It does highlight however the importance of secure internet and computing facilities in any organization or movement.
Read the article here for a summary and there is a good technical blog with more details here.
Executing the file, called RaceForTibet.exe, shows a cartoon with a very skilled Chinese gymnast performing some amazingly convoluted exercise on a “vaulting Bbox” for which the jury immediately scored her a shocking 0! Whilst the gymnast’s performance is “re-wound,” a number of fairly stark photographs of real events, taking place throughout China and Tibet, are shown as a flashback.
http://www.theregister.co.uk/2008/04/15/pro_tibet_trojan/
http://www.avertlabs.com/research/blog/index.php/2008/04/14/is-malware-writing-the-next-olympic-event
http://www.avertlabs.com/research/blog/index.php/2008/03/11/social-engineering-tricks-use-tibet-to-lure-victims/
http://www.avertlabs.com/research/blog/index.php/2008/04/10/friebet-attacking-your-backend-database-from-your-backyard/
China is still in the news with Cyber Attacks making headlines. Political hacking by government and non-government organisations seems to becoming a hot topic.
Politically motivated external attacks have been rife in the past few weeks.
Members of the Save Darfur coalition told the Washington Post last week that their server had been attacked by hackers traced to computers in China.
And several pro-Tibet groups reported receiving email viruses although IP addresses have yet to be traced.
Last summer also saw allegations of cyber espionage attacks on Whitehall departments, as well as a warning to UK businesses from MI5 that Chinese hackers were looking to infiltrate their networks.
China cracks down on insider cyber hacking
Over the past few days there have been a number of reports in the mainstream media about targetted Information Warfare attacks against the Tibetan NGO community. These attacks are attempts by a third party (I wonder who that could be) to send malicious emails to various members of these communites. If these attacks succeed then the victim’s computer could end up with Keyloggers and other trojans that would allow the third party access to everything typed on the infected system and full control of the PC.
The Sans Internet Storm Centre has a good technical summary and another here, while other news agencies such as the Washington Post and the Register have more general information.
I urge all NGO’s to be aware of the dangers of having an insecure computer and policies.
Things you can do stay secure:
* Always update your software (Update Operating Systems and Applications), everything from Ubuntu updates, Windowsupdate to Adobe Reader updates and flash player updates. All your software needs to stay updated. Now if this means buying new licenses please consider the alternatives.
* Beware of opening attachments – are you expecting it if not use caution. Even if they appear to come from someone you know.
* Use strong passwords on all your systems and websites and try not to use the same password everywhere!
* Use virus scanning software and keep it updated (especially important if you use the Microsoft Windows Operating System
Sans Internet Storm Centre – Article 1
Sans Internet Storm Centre – Article 2
Peru are implementing One Laptop Per Child program that will distribute laptops to 260′000 school children. A pilot project involved 50 laptops being sent to a remote village. Read the article for a fascinating and surprising look into the results.
I wanted to know what the laptops had done for the kids. I told them I’m not a reporter, I don’t answer to the Ministry, and — an important disclaimer for an overpoliticized country like Peru — I don’t pander to bullshit politics. I wanted to hear if they thought the laptops were helping.
After looking at me blankly for a good half-minute, Mr. Navarro shot back with “evidentemente”, “obviously”, and palpably left off “you idiot” from the end of the sentence. I appreciated the small courtesy and asked a more specific question: what changed in the 8 months since the laptops arrived?
Astound in Arahuay
