Monthly Archives: March 2012

BBC attacked by Iran?

In a blog post by the BBC’s Director General Mark Thompson, and a follow-up article on the main BBC News portal, the corporation lays out charges against the “Iranian authorities” of harassment and intimidation against its staff working in-country and also of censorship facilitated through a technology offensive.
 
The article states that not only were broadcast signals from the BBC’s Persian language service jammed, but that on the same day a Denial of Service attack was launched against the London office of the Service, flooding their switchboard with automated telephone calls.
 
From the details of the attack made available by the BBC, it only takes a very short leap of faith to conclude that Iran is responsible for these attacks in one form or another. An automated dialler carrying out a DoS attack on a voice service is a relatively simple thing, in fact those kinds of services are readily available in the criminal underground, however I have not seen any advertisements from criminals offering broadcast intrusion capabilities or signal jamming, particularly within Iran.
 
In the case of telephone DDoS attacks, much like the more familiar internet DDoS attacks the most effective technology is applied at service provider level. In a traditional POTS setup inbound calls could be filtered, for example by origin or by frequency. In the case of VoIP, signalling and media rate limiting can be applied both at the provider level and locally with VoIP firewalls. However as many website owners, even high profile one are still discovering, DDoS, while still a blunt instrument remains effective and difficult to counter. The resources of the victim are finite and an attacker with capability and intent is still likely to be able to swamp them. Mitigating DDoS attacks against telephony systems is an ongoing effort, as with other kinds of DDoS. External facing systems should be hardened, disabling all unnecessary services, where possible strong authentication should be deployed to reduce the possibility of abuse and of course firewalls and service provider security have an important role to play.
 
As for broadcast signal interference or jamming, a transmitter tuned to the same frequency and modulation as the receiving equipment can override any signal at the receiver, given enough power and proximity. Satellite jamming is nothing new in Iran, or elsewhere.
 
Most media organisations who broadcast content into ‘unfriendly’ territories have been familiar with signal jamming since at least World War II and there remains little that can be done to overcome a determined regime in this respect. It could also be argued of course that any nation state is free to assert control over signals that are received within their own airspace, much as the United Kingdom government jammed pirate radio frequencies in the 1970s.
 
Nevertheless, this recent episode is a powerful reminder that as the world grows ever more interconnected and ever more reliant on a single, albeit distributed, infrastructure (the internet). Nation states and criminal groups will continue to devote significant resource to attacks that highlight design and implementation flaws, often with increasingly noticeable effect.
 

Anonymous isn’t Sabu and Sabu certainly wasn’t anonymous

Isn't it ironic? Don't you think?


 
The news broke today via Fox that the LulzSec/Anonymous figurehead Hector Xavier Monsegur a.k.a. AnonymouSabu was under arrest and being charged with 12 counts of computer hacking conspiracy and other crimes. The case was initially opened last summer and the charges were filed via a criminal information, making it appear likely that Monsegur has since been cooperating with law enforcement in their investigations into other online criminal activities and individuals. In fact Monsegur had already been identified as the real person behind Sabu in other unrelated online investigations, but this was understandably downplayed.
 
The release from the FBI also details charges against Ryan Ackroyd (a.k.a. kayla), Jake Davis (a.k.a.Topiary), Darren Martyn (a.k.a pwnsauce) and Donncha O’Cearrbhail (a.k.a. palladium) for hacks on Fox, PBS, Fine Gael, HBGary and Sony Entertainment (among others), and Jeremy Hammond (a.k.a anarchaos) for the Stratfor hack. O’Cearrrbhail is also individually cited as the individual responsible for the recording and release of the infamous FBI conference call.
 
The same FBI release also makes it very clear that these allegations are based in part on information given at Monsegur’s guilty plea.
 
This news certainly looks like the endgame for the splinter group known as LulzSec and possibly AntiSec too. It should certainly be expected that law enforcement have gathered all evidence they feel is necessary to proceed effectively against those individuals they are currently charging. Sabu was certainly not their only source of intelligence, but undoubtedly their most important.
 
It’s worth remembering that LulzSec and Anonymous were never one and the same. In several cases, most notably the Stratfor hack, an Anonymous release was posted which passionately denied any involvement in hacking a “media organisation”.
 
Anonymous is a very different organisation to LulzSec and other more closely linked groups. Anyone can and does act in the name of Anonymous and their activities do not require individual hacker publicity or disclosure of personally identifiable details. The very fact that Sabu became the “celebrity” he was, illustrates the real difference between LulzSec and Anonymous. LulzSec may be finished, but it would be premature to say the same about Anonymous.
 
Does this undermine “trust” in Anonymous? If anything would make that community laugh, that proposition certainly would! The hackers we really need to worry about are those that trusted no one and sought no glory in the first place and the best place to look to thwart them is in better securing our own networks and assets.
 
I am reminded of one of my all time favourite films, Angels with Dirty Faces. Maybe if Sabu has been informing on his erstwhile associates that is the most good that can come of this. Just like Rocky Sullivan eventually “turned yeller” much to the disillusionment of the street kids, maybe Sabu’s dramatic fall from hacker glory will also serve as an object lesson.