Embed Size (px)
DESCRIPTION
Talk to the Australian Computer Society - SIG (Victoria) Information Security. About the impact of hacktivism on Australia. Presenter: Prof Matt Warren (www.mjwarren.com)
Citation preview
23/10/2012
1
P R O F E S S O R M A T T W A R R E N ,
S C H O O L O F I N F O R M A T I O N S Y S T E M S , D E A K I N U N I V E R S I T Y
W W W . M J W A R R E N . C O M
The Impact of Hacktivismon Australian Organisations
Hackers
Motivation is an important aspect of hacking,whether it is:
Traditional - Gaining knowledge (hacker manifesto); For financial gain (current situation – organised
crime).
Motivation has changed over time from singlehackers to groups of hackers.
LulzSec Profile
Small Group of Hackers (6/7);
“For the past 50 days we've been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could”.
(Last Message?);
Aim to Cause Disruption.
23/10/2012
2
Attacks
X-Factor contestant Database Released; CIA Web-site Defaced; InfraGard – FBI Think Tank – defaced site and
related database of user details; Released 62,000 email address and passwords
including Australian organisation details, e.g. Universities, local government, NPO.
Desire to highlight security weaknesses.
Of Interest
Traditional model of a hacking group.
Extensive use of Social Media Twitter Followers –356,000 and use of sites such as Pastebin.
Hacktivsm
In the broadest term it is the use of technology as a means of protest to promote political ends. The aims of the protest would depend upon the group;
Term developed from the mid 90’s by the hacking group “Cult of the Dead Cow”;
Techniques can include hacking, malware, denial of service and information disclosure.
Anonymous
23/10/2012
3
Anonymous
Anonymous is NOT an organization, a club, a party or even a movement.
There is no charter, no manifest, no membership fees.
Anonymous has no leaders, no gurus, no ideologists. In fact, it does not even have a fixed ideology.
Anonymous has no centralized infrastructure but use existing facilities of the Internet, especially social networks.
“We are ready to hop on to the next one if this one seems compromised, is under attack, or starts to bore
us”.
http://www.cyberguerrilla.org
Key Campaigns
The Church of Scientology, Vatican;
Software Piracy;
Political Campaigns against governments– Australia, Burma, Iran, UK, USA, Russia, Syria, and India;
Supporting the Arab Spring;
Sony;
Wikileaks;
Cyber Bullying.
Australian examples are linked to government decisions
relating to Internet Filtering and Data Retention.
Sony Hacking Example (2011)
Anonymous had vowed retribution against Sony for taking legal action against hackers who cracked PS3 defences to change console operating software;
A message signed by Anonymous at the website anonnews.org announced an "Operation Payback" campaign aimed at Sony because of its cases against the two hackers.
Sony Hacking Example (2011)
23/10/2012
4
77 million customers details were stolen;
The data that was disclosed included; passwords, logins to the Sony PlayStation network as well as user
email addresses;
It has been assessed that 700,000 Australian customers were impacted;
The breach occurred on April 17-19…Sony notified its customers on the 27 April.
Sony Hacking Example (2011) Australian – Data Retention Strategy
The Australian Government proposing: Data Retention Strategy where Internet Service Providers
holds customers data for a period of two years.
Law enforcement agencies would have access to this data as required.
Anonymous don’t agree with the proposal.
Anonymous Steal Data from AAPT
Anonymous steal 40GB worth of user data from ISP -AAPT and released the information to the public;
The aim was to show that ISP’s cannot securely protect data;
Some of data was sanitised and released via Pastebin;
The initial release was 180,000 records posted via Pastebin.
Australian Organisations Listed
Australian Federal Police; Australian Securities and Investments Commission; Reserve Bank of Australia; ABC Ultimo; NSW Attorney General's Department; Brisbane City Council, Road and Traffic Authority; Labour Council of NSW; Bureau of Meteorology; Department of Premier and Cabinet Queensland; Australian Post; Australian Crime Commission; Productivity Commission; Refugee Review Tribunal; Energy Australia and; Department of Defence Southern Region.
23/10/2012
5
Anonymous Profile
Strong Global Presence;
Strong use of Social media networks;
Twitter Anonymous – 648,085 Followers
Australian Anonymous 3,483 followers
YouTube – Anonymous Channel Message to the American People – 7.6 million views (National
Defense Authorization Act).
New Developments
Development of new sub-group. Warren and Leitch (2010). Hacker Taggers: A new type of hackers, Information
Systems Frontiers, Vol, 12, No 4.
Hacker taggers – the same as traditional hackers but also politically motivated.
Hacker Taggers
A new Hacking Sub Group: are very competitive; have a strong desire to succeed; exchange information amongst themselves, e.g.
successful defacements; respect each other based upon their success; cause minimal damage to websites or no damage to
websites; only deface websites, do not steal information or
damage websites long term; rely upon media reports to cause political damage or
embarrassment; can be individuals or groups of people.
Hacker Taggers
23/10/2012
6
Hacker Tagger – Australian Case Study
In late 2005, the Chief Minister of the Australian Capital Territory (ACT) caused controversy by posting the Australian Federal draft counter-terrorism legislation on his website without the approval of the Federal Government.
"Fatal Error was here ohh yeahh let's go! irc.gigachat.net #Ferror".
The response by the Media
Stanhope's website defaced – The Age
ACT Chief Minister targeted by hackers – Computer World
Hackers shut down Stanhope website – Sydney Morning Herald.
Australian Impact
Between 22/10/12 – 12/10/12 (10 days); 379 Australian Websites were hacked and tagged.;
Approximately 38 hacks per day.
Attacks were simple exploits and hacked sites were SMEs, schools and local government.
23/10/2012
7
http://organicmountaingarlic.com.au/
A Pro Turkey Message and includes an audio of the Turkish national anthem.
Queensland Fungi Society
Cyber Militias
Hackers who carry out activities because of a national political cause, acting out of patriotism.
Brought together for a certain period of time.
Cyber militias need to be co-ordinated and information distributed, e.g. tool-kits.
The role of governments?
Estonia
1.4 million people Substantial ethnic Russian minority Member of EU and NATO. Extensive Internet use – Banking, voting, petrol purchase, etc. – 60% use Internet daily
A Developed Information Society.
23/10/2012
8
The Physical Cause
On April 27, 2007, officials in Estonia relocated the "Bronze Soldier," a Soviet-era war memorial commemorating an unknown Russian who died fighting the Nazis. The move incited rioting by ethnic Russians and the blockading of the Estonian Embassy in Moscow.
Protests & Cyber Attacks
Relocation of Russian statue triggered protests outside Estonia as well as inside.
Defacement and DDoS
Attacks were dominated by BOTS.
Almost all traffic came from outside Estonia.
Attacks against Estonia government, media and banking organisations.
23/10/2012
9
The Attack
In Estonia the attack took the form of coordinated mass requests for information and spam e-mail which slowed down key Web sites so they did not function or crashed due to the attacks.
The attacks, which started around April 27th 2007 and lasted about three weeks. Peaking May 9th 2007 –Victory Day – Russia.
The important role of BOTs.
23/10/2012
10
Bot Net
(roBOT NETwork) Also called a "zombie army," a botnet is a large number of compromised computers that are used to create and send spam or viruses or flood a network with messages as a denial of service attack.
The computer is compromised via a Trojan that often works by opening an Internet Relay Chat (IRC) channel that waits for commands from the person in control of the botnet.
Attack Profile
Security Analysts observed 128 unique DDoS attacks on Estonian websites in May 2007.
Of these, 115 were ICMP floods, 4 were TCP SYN floods, and 9 were generic traffic floods.
http://asert.arbornetworks.com
ICMP Flood
ICMP (Internet Control Message Protocol) flood, also known as Ping flood or Smurf attak, is type of Denial of Service attack.
It sends large amounts of (or just over-sized) ICMP packets to a machine in order to attempt to crash the TCP/IP stack on the machine and cause it to stop responding to TCP/IP requests.
23/10/2012
11
TCP SYN
An assault on a network that prevents a TCP/IP server from servicing other users.
It is accomplished by not sending the final acknowledgment to the server's SYN-ACK response (SYNchronize-ACKnowledge) in the handshaking sequence, which causes the server to keep signalling until it eventually times out.
The source address from the client is, of course, counterfeit.
SYN flood attacks can either overload the server or cause it to crash.
Foreign Affairs
Government ofEstonia
Dates of Attacks
Dates of Attacks 21 attacks on 3rd May 2007
17 attacks on 4th May 2007
31 attacks on 8th May 2007
58 attacks on 9th May 2007
1 attack on 11th May 2007
May 9th – Victory Day – Russia
Duration of Attacks
Attacks Duration 17 less than 1 minute
78 1 min - 1 hour
16 1 hour - 5 hours
8 5 hours to 9 hours
7 10 hours or more
23/10/2012
12
Duration of Attacks
Attacks Bandwidth measured 42 Less than 10 Mbps 52 10 Mbps - 30 Mbps 22 30 Mbps - 70 Mbps 12 70 Mbps - 95 Mbps
The largest attacks measured: 10 attacks measured at 90 Mbps, lasting upwards of 10 hours.
Aftermath
Dmitri Galushkevich was fined 17,500 kroons (£830) for an attack which blocked the website of the Reform Party of Prime Minister Andrus Ansip.
NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD COE) was set up on Estonia with the support of NATO.
The role of Russian Youth Groups – Nashi was considered key in sharing and co-ordinating activities.
Hacktivism Australian Context
Australian Organisations are at a low risk of Hacktivism unless in particular industries or a particular sector;
Mass disclosure of data could impact all organisations;
Hacker Taggers is a greater risk for smaller organisations with lower levels of security
Unknown political issues could trigger attacks.
Grey Areas
The boundaries are blurred between: Hackers;
Hacker Taggers;
Hacktivsm;
Cyber Militias;
Cyber Terrorists and;
Cyber Warfare.
23/10/2012
13
Conclusion
Is Hacktivsim a modern form of civil disobedience and just a form of expression?
Or is Hacktivism a threat to Australian organisations and their customers?
The impact of unforeseen events.
Thank You
For Your Time
Next Talk
26th November
Title: Security Learning from Incident Response
Speaker: Dr Atif Ahmad, University of Melbourne
