Tag Archives: hacktivism

TV5 Monde, Russia and the CyberCaliphate

Image credit Steven Depolo used under Creative Commons

Image credit Steven Depolo used under Creative Commons

Yesterday evening French magazine L’Express published a report linking an attack against TV5 Monde very firmly to the Russian state. The attack, which knocked 11 of its global channels off air for a period of time and resulted in a compromised website and Facebook page, took place back in April.

At the time when the attack took place, a group calling itself CyberCaliphate immediately took responsibility for the hack and went on to publish details purportedly of serving French military personnel involved in the struggle against Islamic State or ISIS. The attribution at the time seems simple and immediate; Islamic Extremist motivated hacktivism.

L’Express approached Trend Micro with certain indicators of compromise which had been shared with 43 media organisations by the Agence nationale de la sécurité des systèmes d’information (ANSSI) in France, with a view to uncovering more about the attacker or the motivations behind the attack. These indicators very definitely evidence an infestation of Sednit (also known as Sofacy) malware, associated with the ongoing targeted attack campaigns by the Pawn Storm operators (also referred to as APT28). What they did not do was to definitively link the stolen information or compromised accounts from the April attack to this Pawn Storm compromise. Neither is it possible to state with certainty that the two are *not* related.

Attribution in online crime is complex, more so when there may be nation-state involvement. Trend Micro’s assessment of the current possibilities, with reference to the facts as they stand today leaves us with three possibilities.

1 – We could be looking at two entirely unrelated incidents, a Pawn Storm infestation and a separate hactivist compromise
2 – Perhaps the Pawn Storm group gave attack relevant data to a third party, directly or indirectly to islamic hactivists. While possible, this would seem highly unlikely as we have seen Pawn Storm actively targeting Chechen separatists and Islamic extremists in former Yugoslavia
3 – Finally, the Pawn Storm group carried out a highly visible website, Facebook and TV network compromise (which would be extremely out of character) and used it as a false flag operation to lay the blame at the door of islamic extremists.

While the false flag option is not entirely out of the question, it is at least somewhat out of character of previous operations of the Pawn Storm campaign. My spider senses right now are tingling on option one. TV5 Monde, as a media operation is a target entirely within the remit of the regular Pawn Storm operations and an infestation of Sednit malware there should perhaps not be a surprise at all. The fact that during the time of this Sednit compromise, they were also targeted by Islamic extremist hacktivists, given the contemporary news and political environment in France is perhaps also not surprising.

Attribution online is always complex, sometimes though things can be entirely as they seem.

On the edge of the future

Image by WoodleyWonderWorks

Here is a collection of buzzwords to conjure with; Cloud, Mobile, Big Data, Consumerisation, Something-as-a-Service, Wearable Tech, Internet of Things. Almost certainly terms you have heard individually before, almost certainly words that each have a different meaning to each of you and doubtless, in isolation, representing major shifts in the technological landscape.

Taken as a group, these technologies are more than major; they represent the biggest revolution in information technology since the inception of the World Wide Web.  Possibly even the biggest revolution in information consumption since Johannes Gutenberg carved his first brass matrix more than half a century ago.

The technologies in question have developed discretely over the past few years., although of course most of them predate their current associated “phenomenon”. The concurrent rise of other assisting technologies has acted as a catalyst and brought us to the edge of the future; virtualisation, abstraction, IPv6, and rapid expansion of available bandwidth to name the most important.
Continue reading

Hacker claims “over 79” banking scalps

Credit Card of the future

Credit Card of the future by Robert Scoble

A hacker, going by the name of Reckz0r posted a supposed sample of data purportedly stolen from financial institutions. In the tweet which originally announced the data dump, Reckz0r (why can’t they just be called Dave or something?) initially claimed to have “hacked Visa & Mastercard” although this claim was later revised to read:

“Actually, I didn’t hacked VISA & Mastercard, I hacked the banks, #Chase..etc”

The data posted does not include credit card numbers, security codes or expiry dates, in fact no credit card information at all, but does include names, addresses, telephone numbers and email addresses. The hacker, somewhat bizarrely claims to to have redacted the card details “for security measures“.
Other than the censored and supposedly abbreviated list of personal details on pastebin, Reckz0r has offered no further proof of his misdeeds although he claims that the full amount of stolen data is “about 50GB or bigger” and has been culled from attacks on “over 79 large banks” (why wouldn’t you say “80”, or “over 80”?)
Call me a cynic, but when the supposed attacker seems unsure of exactly how much data he has or the exact number of financial institutions targeted, the claims begin to look a little shaky, we have seen enough bogus data dumps over time to know that everything is not always what it seems.
Whatever the truth of the matter, hacktivism, data dumps and attacks “for the lulz” have succeeded in creating such a febrile online atmosphere that claims of this nature must be taken seriously until proven otherwise. According to Dutch newspaper reports, Visa are already investigating these claims while Mastercard could not be reached for comment. If the claims do turn out to be true, it will be yet another example of ineffective, or indeed non-existent encryption of highly valuable personal and financial data.
In the meantime folks, keep an eye on those bank statements!