SlideShare a Scribd company logo

Anonymous Attacks On Tunisian Government

Download as PPT, PDF
Positive Hack Days
Positive Hack Days
TechnologyNews & Politics
1 of 28
Anonymous attacks on Tunisian Government Haythem EL MIR, CISSP
About Presenter +10 year of security experience Technical Manager of the National Agency for computer Security of Tunisia Head of the Incident Response Team tunCERT National Cyber Space protection coordinator Setting-up of Incident Response units Consultancy and training in Africa
Introduction Computer Emergency Response Team are one of the main today tool to enhance cyber security. A CERT have to ensure: • A centralized coordination for IT security issues (Trusted Point of Contact) • Centralized and specialized unit for incident response. • Technology and security watch. • Cyberspace monitoring. • The expertise to support and assist to quickly recover from security incidents. • Awareness of all categories of users.
Who are Anonymous? Anonymous is a decentralized network of individuals focused on promoting access to information, free speech, and transparency. The group has made international headlines by exposing The Church of Scientology, supporting anti-corruption movements in many emerging countries. Anonymous are considered as a group of hacktivist, trying to act anonymously to hack information systems belonging to freedom enemies.
Anonymous favorite targets
Tunisian Anonymous Since the Tunisian operation in January 2011, Anonymous did not stopped to fascinate young Tunisian hackers and cyber activist. Small groups started to be constituted, and may anonymous initiatives was run to gather all these groups under the same organization and adopt the same objectives Tunisian Anonymous On facebook (About 110k) { Elite Attack} Anonymous TN On facebook (About 20k) AnoNYmOus On facebook (About 50k) www.anonymous-tunisia.org AnonTunisia (Twitter)
Tunisian anonymous groups: main objectives Internet freedom (anti-censorship) Guarding the revolution objectives • Fighting the old regime • Investigating on corruption • Leaking confidential information Interfering with politics • They have their own political ideas • Fight some special political parties
Biggest attacks and breaches
Tunisian anonymous groups: in the media
The government position The Minister of ICT announced on the national TV that the National Information Security Agency and the Tunisian CERT will be fighting Anonymous: A declaration of War. Anonymous reacted by announcing a special operation against the security Agency www.ansi.tn on the 28th of April 2012 and another operation against the government for the 1st of May.
The main anonymous attack: dDos
The main anonymous attack: dDos Low Orbit Ion Cannon (loic) Web Stress Tool. Can be used in a stand- alone mode or it can be synchronized using an IRC Server. This software needs to be installed
HOIC: Hight Orbit Ion Cannon
The main anonymous attack: dDos With LOIC, Anonymous succeeded to cause a denial of service on many servers within few minutes  Very strange behaviour to be analyzed Analysis steps • Log analysis for a DDoSed servers   Surprising • LOIC traffic analysis • DoS simulation in lab • dDos simulation in lab • Server Analysis  The default configuration of web servers is the problem • Developing a new tuning and hardening guide for apache server to resist to such attacks
The main anonymous attack: dDos TCP Connection: Three way handshake 1 Apache HTTP sessions: GET HTTP 1.0 2
The main anonymous attack: dDos
The main anonymous attack: dDos IRC Server C&C
The main anonymous attack: dDos Good news: it cannot be used with proxy Proxy Server
The online LOIC: JS LOIC http://pastehtml.com/ http://f**kati.yolasite.com/ http://anoon.mypressonline.com/
IRC communications #optunisia- Channel Topic: Operation Tunisia | Target: www.ati.tn | Discuss further actions | English only in channel | DO NOT USE HIVE | Anonymity http://piratepad.net/ep/pad/view/ro.sEBJTH2Q/latest | www.anonnews.org | wikileaks.yunicc.org | over9000.splinteredsanity.com | forscherliga-rof.eu | news.pinky-and-brain.com | <Greeny> Hey im new what should i do before ddosing ? <@Ismael> inside Tn --> get on the streets and portest <GZ3r0> SQL Injection Vulnerability Detection <GZ3r0> http://www.tn.gov/ <medo> fire 193.95.67.22 port 53 udp #optunisia- Channel Topic: OperationTunisia | TARGET: 193.95.67.22 port 53 (UDP) | HIVE IS UP: irc.hiddenaces.net:6667 #loic | KEEP FIRING UNTILL TOPIC SAYS OTHERWISE | Setup GUIDE: herpderp01.byethost7.com | Join #operationfreedom for more government ass-whooping | ENGLISH ONLY
IRC communications <zargos> how can i do a fire with you <Mouwaten> please how to fire ? <VforTunisia> how can I help? <claude> 4anyone have a tutoriel how to ddos <lek> how can i join the attack ? <feh> i wonder how you can deface a website <mib_idlwgn> wait how do you do 64GB ping? <C0DeR> how can we enjoy the ddos attack ? <mib_yjp5ph> how can I change my MAC adress? <tunisianow> how to learn ddossing ? I was not only for Hacking <@Ismael> YOU have to RIOT on the STREETS <purpleleaves> people in tunisia get out on the streets and protest <op-Tunisia> pepolle in tunisia attacking in streets now <@Ismael> tunsians you have to get you asses on the street and end this <@Ismael> getb the f**k on the streets and RIOT! <@Ismael> Leave you computers the F**K alone and RIOT on the streets1 <Merovingien>: Some say a DDOS is the same as a street protest
IRC communications <zorro> ansi is not a gov.tn !!! <zorro> Do not target ansi ; it is not a gov.tn <zorro> ansi is a media web site <zorro> To All : be carefull about LOIC ; some versions are infected !! <zorro> Stock exchange is not Governmental !! <zorro> Do not target stock exchange <F_Youth> zorro => are u kidding? <zorro> But Indonesia would be a good target also LoL <zorro> No freedom in Indonesia !! <zorro> Tunisia is a very sunny country <zorro> DDoS in not efficient at all ; what a lot of energy spent in the wind !! <zorro> international pressure should go where really people suffer (palestine, afghanistan, iraq, ...) <@p2cv> zorro: then stop complaining and invite people to your cause <zorro> don't miss real causes : poverty, real oppression, lack of education, lack of health, child explotation <zorro> wikileaks does NOT provide food for african people <zorro> with DDoS, u r spending ur energy in the wind !! <@p2cv> !k zorro * zorro was kicked by Chuck (Requested (p2cv))
The main anonymous attack: dDos Country IP nb Country IP nb France 15208 Switzerland 934 United States 8891 Libya 794 Algeria 4762 Japan 738 Germany 3144 Egypt 3115 Spain 717 Total Country Total IP Argentina 707 Morocco 3028 186 77272 Russia 2874 India 703 Saudi Arabia 2853 Hungary 693 Total number of Brazil 2387 targets Attacks Poland 677 Canada 2346 Ukraine 647 44 DoS, DDoS, Defacement Italy 2023 Taiwan 1917 Netherlands 561 China 1716 United Arab Emirates 554 United Kingdom 1431 Qatar 486 Belgium 1223 Romania 1054 Bulgaria 486
The defense strategy The Tunisian CERT was the main coordinator to handle these attacks. Activation of the national reaction plan. Activation of the crisis mode. Incident coordination: • With local IS, Telco, and Critical infrastructures. • With international partners. Action taken • Watching hackers and studying their behavior. • Anticipating attacks. • Analyzing Millions of log lines and developing blacklist. • Sharing blacklist. • Neutralizing IRC servers. • Securing and Hardening vulnerable servers.
Role of the CERT: National coordination Inform all stakeholders (ISPs, Telcos, Defense, National Security, Financial Sector, Energy Sector, …). Monitor all critical Web Sites, and inform companies about any abnormal behavior. In case of attacks, collect and analyses log files. Identify the list of IPs participating to the attack, and develop a temporary black-list. Continuously update the black-list, until the end of the attack.
Role of the CERT: International coordination The LOIC was synchronized using 3 different IRC servers (1 in Russia, 2 In USA). 7 IRC server for communication (Canada, 3 Germany, Netherland, Austria)  Taking down theses server will end the attack. Collaboration with FIRST network and international partners to take down these servers. International assistance to mitigate the attack (exchanging list of IPs to filter).
Conclusion Anonymous is not a common group of hacker: • They are not hackers but they are a huge number of activist. • They do not use very sophisticated hacking techniques. • They can be assister by hacking groups (LulzSec, TeamPoison, …) and also local groups. Facing anonymous attack, can only be done through coordination. Anonymous will be one of the main threat for the next period: • Their number is increasing. • They start to be organized. • They start to learn hacking and recruit hackers.
Thank you!

Recommended

CONFidence 2017: Cryptography used for jihadism, from Internet to software (J...
CONFidence 2017: Cryptography used for jihadism, from Internet to software (J...CONFidence 2017: Cryptography used for jihadism, from Internet to software (J...
CONFidence 2017: Cryptography used for jihadism, from Internet to software (J...
PROIDEA
 
Guerilla warfare by means of netwarfare [2001]
Guerilla warfare by means of netwarfare [2001]Guerilla warfare by means of netwarfare [2001]
Guerilla warfare by means of netwarfare [2001]
Mikko Hypponen
 
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Mikko Hypponen
 
SecTor 2011 Keynote: Online Attacks and Espionage by Nation-states
SecTor 2011 Keynote: Online Attacks and Espionage by Nation-statesSecTor 2011 Keynote: Online Attacks and Espionage by Nation-states
SecTor 2011 Keynote: Online Attacks and Espionage by Nation-states
Mikko Hypponen
 
AusCERT - Mikko Hypponen
AusCERT - Mikko HypponenAusCERT - Mikko Hypponen
AusCERT - Mikko Hypponen
Mikko Hypponen
 
2006: Hack.lu Luxembourg 2006: Anonymous Communication
2006: Hack.lu Luxembourg 2006: Anonymous Communication2006: Hack.lu Luxembourg 2006: Anonymous Communication
2006: Hack.lu Luxembourg 2006: Anonymous Communication
Fabio Pietrosanti
 
The Honeynet Project Introduction
The Honeynet Project IntroductionThe Honeynet Project Introduction
The Honeynet Project Introduction
Julia Yu-Chin Cheng
 
In the Line of Fire-the Morphology of Cyber Attacks
In the Line of Fire-the Morphology of Cyber AttacksIn the Line of Fire-the Morphology of Cyber Attacks
In the Line of Fire-the Morphology of Cyber Attacks
Radware
 

Recommended

CONFidence 2017: Cryptography used for jihadism, from Internet to software (J...
CONFidence 2017: Cryptography used for jihadism, from Internet to software (J...CONFidence 2017: Cryptography used for jihadism, from Internet to software (J...
CONFidence 2017: Cryptography used for jihadism, from Internet to software (J...
PROIDEA
 
Guerilla warfare by means of netwarfare [2001]
Guerilla warfare by means of netwarfare [2001]Guerilla warfare by means of netwarfare [2001]
Guerilla warfare by means of netwarfare [2001]
Mikko Hypponen
 
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Mikko Hypponen
 
SecTor 2011 Keynote: Online Attacks and Espionage by Nation-states
SecTor 2011 Keynote: Online Attacks and Espionage by Nation-statesSecTor 2011 Keynote: Online Attacks and Espionage by Nation-states
SecTor 2011 Keynote: Online Attacks and Espionage by Nation-states
Mikko Hypponen
 
AusCERT - Mikko Hypponen
AusCERT - Mikko HypponenAusCERT - Mikko Hypponen
AusCERT - Mikko Hypponen
Mikko Hypponen
 
2006: Hack.lu Luxembourg 2006: Anonymous Communication
2006: Hack.lu Luxembourg 2006: Anonymous Communication2006: Hack.lu Luxembourg 2006: Anonymous Communication
2006: Hack.lu Luxembourg 2006: Anonymous Communication
Fabio Pietrosanti
 
The Honeynet Project Introduction
The Honeynet Project IntroductionThe Honeynet Project Introduction
The Honeynet Project Introduction
Julia Yu-Chin Cheng
 
In the Line of Fire-the Morphology of Cyber Attacks
In the Line of Fire-the Morphology of Cyber AttacksIn the Line of Fire-the Morphology of Cyber Attacks
In the Line of Fire-the Morphology of Cyber Attacks
Radware
 
CryptoParty Belfast July 2015 Online Privacy Tips
CryptoParty Belfast July 2015 Online Privacy Tips CryptoParty Belfast July 2015 Online Privacy Tips
CryptoParty Belfast July 2015 Online Privacy Tips
pgmaynard
 
Hackers & hacktivism
Hackers & hacktivismHackers & hacktivism
Hackers & hacktivism
Bilal Ali
 
Dark net
Dark netDark net
Dark net
Mudasser Afzal
 
Raoul chiesa - Auditing the hacker mind - da wargames a underground economy
Raoul chiesa - Auditing the hacker mind - da wargames a underground economyRaoul chiesa - Auditing the hacker mind - da wargames a underground economy
Raoul chiesa - Auditing the hacker mind - da wargames a underground economy
CRS4 Research Center in Sardinia
 
In the Line of Fire - The Morphology of Cyber-Attacks
In the Line of Fire - The Morphology of Cyber-AttacksIn the Line of Fire - The Morphology of Cyber-Attacks
In the Line of Fire - The Morphology of Cyber-Attacks
Radware
 
Kaseya Connect 2012 – A Kaspersky Researcher Perspective
Kaseya Connect 2012 – A Kaspersky Researcher PerspectiveKaseya Connect 2012 – A Kaspersky Researcher Perspective
Kaseya Connect 2012 – A Kaspersky Researcher Perspective
Kaseya
 
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
Hackito Ergo Sum
 
Why are you still getting CryptoLocker?
Why are you still getting CryptoLocker?Why are you still getting CryptoLocker?
Why are you still getting CryptoLocker?
Aaron Lancaster
 
Lec21 security
Lec21 securityLec21 security
Lec21 security
Vijay Kanth
 
CryptoParty Belfast 11 Nov 2014 - Tor
CryptoParty Belfast 11 Nov 2014 - TorCryptoParty Belfast 11 Nov 2014 - Tor
CryptoParty Belfast 11 Nov 2014 - Tor
pgmaynard
 
Pichman privacy, the dark web, &amp; hacker devices i school (1)
Pichman privacy, the dark web, &amp; hacker devices i school (1)Pichman privacy, the dark web, &amp; hacker devices i school (1)
Pichman privacy, the dark web, &amp; hacker devices i school (1)
Stephen Abram
 
Ransomware: Mitigation Through Preparation
Ransomware: Mitigation Through PreparationRansomware: Mitigation Through Preparation
Ransomware: Mitigation Through Preparation
Hostway|HOSTING
 
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...
Julia Yu-Chin Cheng
 
Sovereignty in Cyberspace
Sovereignty in CyberspaceSovereignty in Cyberspace
Sovereignty in Cyberspace
Directorate of Information Security | Ditjen Aptika
 
Social Networking Information Security
Social Networking Information SecuritySocial Networking Information Security
Social Networking Information Security
Bernardo Ramos
 
Crash course of Mobile (SS7) privacy and security
Crash course of Mobile (SS7) privacy and securityCrash course of Mobile (SS7) privacy and security
Crash course of Mobile (SS7) privacy and security
Arturo Filastò
 
DEFCON 23 - Patrick Mcneil and Owen - sorry wrong number
DEFCON 23 - Patrick Mcneil and Owen - sorry wrong numberDEFCON 23 - Patrick Mcneil and Owen - sorry wrong number
DEFCON 23 - Patrick Mcneil and Owen - sorry wrong number
Felipe Prado
 
It hotspot shield new
It hotspot shield newIt hotspot shield new
It hotspot shield new
Hamad201030515
 
Ley de peritos ingenieros
Ley de peritos ingenierosLey de peritos ingenieros
Ley de peritos ingenieros
miope123
 
Foro arauco
Foro araucoForo arauco
Foro arauco
Foro Abierto
 
Kenny Polcari Speaker Press Kit
Kenny Polcari Speaker Press KitKenny Polcari Speaker Press Kit
Kenny Polcari Speaker Press Kit
Kenny Polcari
 
Adopción de BPM y SOA al interior de una organización financiera
Adopción de BPM y SOA al interior de una organización financieraAdopción de BPM y SOA al interior de una organización financiera
Adopción de BPM y SOA al interior de una organización financiera
IBMSSA
 

More Related Content

What's hot

Hackers & hacktivism
Hackers & hacktivismHackers & hacktivism
Hackers & hacktivism
Bilal Ali
 
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
Hackito Ergo Sum
 

What's hot (18)

CryptoParty Belfast July 2015 Online Privacy Tips
CryptoParty Belfast July 2015 Online Privacy Tips CryptoParty Belfast July 2015 Online Privacy Tips
CryptoParty Belfast July 2015 Online Privacy Tips
 
Hackers & hacktivism
Hackers & hacktivismHackers & hacktivism
Hackers & hacktivism
 
Dark net
Dark netDark net
Dark net
 
Raoul chiesa - Auditing the hacker mind - da wargames a underground economy
Raoul chiesa - Auditing the hacker mind - da wargames a underground economyRaoul chiesa - Auditing the hacker mind - da wargames a underground economy
Raoul chiesa - Auditing the hacker mind - da wargames a underground economy
 
In the Line of Fire - The Morphology of Cyber-Attacks
In the Line of Fire - The Morphology of Cyber-AttacksIn the Line of Fire - The Morphology of Cyber-Attacks
In the Line of Fire - The Morphology of Cyber-Attacks
 
Kaseya Connect 2012 – A Kaspersky Researcher Perspective
Kaseya Connect 2012 – A Kaspersky Researcher PerspectiveKaseya Connect 2012 – A Kaspersky Researcher Perspective
Kaseya Connect 2012 – A Kaspersky Researcher Perspective
 
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
 
Why are you still getting CryptoLocker?
Why are you still getting CryptoLocker?Why are you still getting CryptoLocker?
Why are you still getting CryptoLocker?
 
Lec21 security
Lec21 securityLec21 security
Lec21 security
 
CryptoParty Belfast 11 Nov 2014 - Tor
CryptoParty Belfast 11 Nov 2014 - TorCryptoParty Belfast 11 Nov 2014 - Tor
CryptoParty Belfast 11 Nov 2014 - Tor
 
Pichman privacy, the dark web, &amp; hacker devices i school (1)
Pichman privacy, the dark web, &amp; hacker devices i school (1)Pichman privacy, the dark web, &amp; hacker devices i school (1)
Pichman privacy, the dark web, &amp; hacker devices i school (1)
 
Ransomware: Mitigation Through Preparation
Ransomware: Mitigation Through PreparationRansomware: Mitigation Through Preparation
Ransomware: Mitigation Through Preparation
 
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...
 
Sovereignty in Cyberspace
Sovereignty in CyberspaceSovereignty in Cyberspace
Sovereignty in Cyberspace
 
Social Networking Information Security
Social Networking Information SecuritySocial Networking Information Security
Social Networking Information Security
 
Crash course of Mobile (SS7) privacy and security
Crash course of Mobile (SS7) privacy and securityCrash course of Mobile (SS7) privacy and security
Crash course of Mobile (SS7) privacy and security
 
DEFCON 23 - Patrick Mcneil and Owen - sorry wrong number
DEFCON 23 - Patrick Mcneil and Owen - sorry wrong numberDEFCON 23 - Patrick Mcneil and Owen - sorry wrong number
DEFCON 23 - Patrick Mcneil and Owen - sorry wrong number
 
It hotspot shield new
It hotspot shield newIt hotspot shield new
It hotspot shield new
 

Viewers also liked

Ley de peritos ingenieros
Ley de peritos ingenierosLey de peritos ingenieros
Ley de peritos ingenieros
miope123
 
Kenny Polcari Speaker Press Kit
Kenny Polcari Speaker Press KitKenny Polcari Speaker Press Kit
Kenny Polcari Speaker Press Kit
Kenny Polcari
 
Presentación Web 2 0
Presentación Web 2 0Presentación Web 2 0
Presentación Web 2 0
Casicuarentas
 
Dylan Watts Resume Linkedin
Dylan Watts Resume LinkedinDylan Watts Resume Linkedin
Dylan Watts Resume Linkedin
Dylan Watts
 
5248555 20110408062638
5248555 201104080626385248555 20110408062638
5248555 20110408062638
metalium
 

Viewers also liked (20)

Ley de peritos ingenieros
Ley de peritos ingenierosLey de peritos ingenieros
Ley de peritos ingenieros
 
Foro arauco
Foro araucoForo arauco
Foro arauco
 
Kenny Polcari Speaker Press Kit
Kenny Polcari Speaker Press KitKenny Polcari Speaker Press Kit
Kenny Polcari Speaker Press Kit
 
Adopción de BPM y SOA al interior de una organización financiera
Adopción de BPM y SOA al interior de una organización financieraAdopción de BPM y SOA al interior de una organización financiera
Adopción de BPM y SOA al interior de una organización financiera
 
Presentación Web 2 0
Presentación Web 2 0Presentación Web 2 0
Presentación Web 2 0
 
Abtech MJB5 HV ATEX & IECEx Enclosure
Abtech MJB5 HV ATEX & IECEx EnclosureAbtech MJB5 HV ATEX & IECEx Enclosure
Abtech MJB5 HV ATEX & IECEx Enclosure
 
Dylan Watts Resume Linkedin
Dylan Watts Resume LinkedinDylan Watts Resume Linkedin
Dylan Watts Resume Linkedin
 
Presentación DKS SmarKet 3.0
Presentación DKS SmarKet 3.0Presentación DKS SmarKet 3.0
Presentación DKS SmarKet 3.0
 
Sector Arquitectura a Construmat
Sector Arquitectura a ConstrumatSector Arquitectura a Construmat
Sector Arquitectura a Construmat
 
Contraincendios
ContraincendiosContraincendios
Contraincendios
 
5248555 20110408062638
5248555 201104080626385248555 20110408062638
5248555 20110408062638
 
De coloquialidad y registro oral: «dubbese», marcadores del discurso y proble...
De coloquialidad y registro oral: «dubbese», marcadores del discurso y proble...De coloquialidad y registro oral: «dubbese», marcadores del discurso y proble...
De coloquialidad y registro oral: «dubbese», marcadores del discurso y proble...
 
Objetivos realizados en el año 2014 r03v2007
Objetivos realizados en el año 2014 r03v2007Objetivos realizados en el año 2014 r03v2007
Objetivos realizados en el año 2014 r03v2007
 
Treksnrapids Marketing Event - Advanza - Literati 2012 - NIT Kurukshetra by J...
Treksnrapids Marketing Event - Advanza - Literati 2012 - NIT Kurukshetra by J...Treksnrapids Marketing Event - Advanza - Literati 2012 - NIT Kurukshetra by J...
Treksnrapids Marketing Event - Advanza - Literati 2012 - NIT Kurukshetra by J...
 
CIHA Syllabus
CIHA SyllabusCIHA Syllabus
CIHA Syllabus
 
En memoria de mi padre jose de jesus barocio olmedo
En memoria de mi padre jose de jesus barocio olmedoEn memoria de mi padre jose de jesus barocio olmedo
En memoria de mi padre jose de jesus barocio olmedo
 
Ppt grupo1
Ppt grupo1Ppt grupo1
Ppt grupo1
 
Kiddy capacitación
Kiddy capacitación Kiddy capacitación
Kiddy capacitación
 
CREOLE PARA COMBATENTES
CREOLE PARA COMBATENTESCREOLE PARA COMBATENTES
CREOLE PARA COMBATENTES
 
El e learning en centroamerica
El e learning en centroamericaEl e learning en centroamerica
El e learning en centroamerica
 

Similar to Anonymous Attacks On Tunisian Government

Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
REVULN
 
Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 ) Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 )
ClubHack
 
iotsecurity-171108154118.pdf
iotsecurity-171108154118.pdfiotsecurity-171108154118.pdf
iotsecurity-171108154118.pdf
KerimBozkanli
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)
Hamisi Kibonde
 
Mengenal ZEUS Botnet Lebih Dekat
Mengenal ZEUS Botnet Lebih DekatMengenal ZEUS Botnet Lebih Dekat
Mengenal ZEUS Botnet Lebih Dekat
Charles Lim
 

Similar to Anonymous Attacks On Tunisian Government (20)

Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
 
Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 ) Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 )
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spy
 
iotsecurity-171108154118.pdf
iotsecurity-171108154118.pdfiotsecurity-171108154118.pdf
iotsecurity-171108154118.pdf
 
Darknet
DarknetDarknet
Darknet
 
IoT Security
IoT SecurityIoT Security
IoT Security
 
The Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityThe Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet Anonymity
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issues
 
chapter 8- Management Information Systems Managing the Digital Firm
chapter 8- Management Information Systems Managing the Digital Firmchapter 8- Management Information Systems Managing the Digital Firm
chapter 8- Management Information Systems Managing the Digital Firm
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
 
The Dark Web : Hidden Services
The Dark Web : Hidden ServicesThe Dark Web : Hidden Services
The Dark Web : Hidden Services
 
Presentation darknet
Presentation darknetPresentation darknet
Presentation darknet
 
Deep Dark Web - How to get inside?
Deep Dark Web - How to get inside?Deep Dark Web - How to get inside?
Deep Dark Web - How to get inside?
 
BYOD and Your Business
BYOD and Your BusinessBYOD and Your Business
BYOD and Your Business
 
Mengenal ZEUS Botnet Lebih Dekat
Mengenal ZEUS Botnet Lebih DekatMengenal ZEUS Botnet Lebih Dekat
Mengenal ZEUS Botnet Lebih Dekat
 
Infosecurity2013nl 131103184054-phpapp01
Infosecurity2013nl 131103184054-phpapp01Infosecurity2013nl 131103184054-phpapp01
Infosecurity2013nl 131103184054-phpapp01
 
Current Conditions and Challenges of Cybersecurity in Taiwan
Current Conditions and Challenges of Cybersecurity in TaiwanCurrent Conditions and Challenges of Cybersecurity in Taiwan
Current Conditions and Challenges of Cybersecurity in Taiwan
 
Module 1- Introduction to Cybercrime.pptx
Module 1- Introduction to Cybercrime.pptxModule 1- Introduction to Cybercrime.pptx
Module 1- Introduction to Cybercrime.pptx
 

More from Positive Hack Days

Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»
Positive Hack Days
 
Эвристические методы защиты приложений
Эвристические методы защиты приложенийЭвристические методы защиты приложений
Эвристические методы защиты приложений
Positive Hack Days
 
От экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 летОт экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 лет
Positive Hack Days
 
Уязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на граблиУязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на грабли
Positive Hack Days
 
Требования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПОТребования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПО
Positive Hack Days
 
Формальная верификация кода на языке Си
Формальная верификация кода на языке СиФормальная верификация кода на языке Си
Формальная верификация кода на языке Си
Positive Hack Days
 
Механизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CoreМеханизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET Core
Positive Hack Days
 

More from Positive Hack Days (20)

Инструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release NotesИнструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release Notes
 
Как мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows DockerКак мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows Docker
 
Типовая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive TechnologiesТиповая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive Technologies
 
Аналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + QlikАналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + Qlik
 
Использование анализатора кода SonarQube
Использование анализатора кода SonarQubeИспользование анализатора кода SonarQube
Использование анализатора кода SonarQube
 
Развитие сообщества Open DevOps Community
Развитие сообщества Open DevOps CommunityРазвитие сообщества Open DevOps Community
Развитие сообщества Open DevOps Community
 
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
 
Автоматизация построения правил для Approof
Автоматизация построения правил для ApproofАвтоматизация построения правил для Approof
Автоматизация построения правил для Approof
 
Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»
 
Формальные методы защиты приложений
Формальные методы защиты приложенийФормальные методы защиты приложений
Формальные методы защиты приложений
 
Эвристические методы защиты приложений
Эвристические методы защиты приложенийЭвристические методы защиты приложений
Эвристические методы защиты приложений
 
Теоретические основы Application Security
Теоретические основы Application SecurityТеоретические основы Application Security
Теоретические основы Application Security
 
От экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 летОт экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 лет
 
Уязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на граблиУязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на грабли
 
Требования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПОТребования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПО
 
Формальная верификация кода на языке Си
Формальная верификация кода на языке СиФормальная верификация кода на языке Си
Формальная верификация кода на языке Си
 
Механизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CoreМеханизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET Core
 
SOC для КИИ: израильский опыт
SOC для КИИ: израильский опытSOC для КИИ: израильский опыт
SOC для КИИ: израильский опыт
 
Honeywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services CenterHoneywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services Center
 
Credential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атакиCredential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атаки
 

Recently uploaded

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Recently uploaded (20)

MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 

Anonymous Attacks On Tunisian Government

  • 1. Anonymous attacks on Tunisian Government Haythem EL MIR, CISSP
  • 2. About Presenter +10 year of security experience Technical Manager of the National Agency for computer Security of Tunisia Head of the Incident Response Team tunCERT National Cyber Space protection coordinator Setting-up of Incident Response units Consultancy and training in Africa
  • 3. Introduction Computer Emergency Response Team are one of the main today tool to enhance cyber security. A CERT have to ensure: • A centralized coordination for IT security issues (Trusted Point of Contact) • Centralized and specialized unit for incident response. • Technology and security watch. • Cyberspace monitoring. • The expertise to support and assist to quickly recover from security incidents. • Awareness of all categories of users.
  • 4. Who are Anonymous? Anonymous is a decentralized network of individuals focused on promoting access to information, free speech, and transparency. The group has made international headlines by exposing The Church of Scientology, supporting anti-corruption movements in many emerging countries. Anonymous are considered as a group of hacktivist, trying to act anonymously to hack information systems belonging to freedom enemies.
  • 6. Tunisian Anonymous Since the Tunisian operation in January 2011, Anonymous did not stopped to fascinate young Tunisian hackers and cyber activist. Small groups started to be constituted, and may anonymous initiatives was run to gather all these groups under the same organization and adopt the same objectives Tunisian Anonymous On facebook (About 110k) { Elite Attack} Anonymous TN On facebook (About 20k) AnoNYmOus On facebook (About 50k) www.anonymous-tunisia.org AnonTunisia (Twitter)
  • 7. Tunisian anonymous groups: main objectives Internet freedom (anti-censorship) Guarding the revolution objectives • Fighting the old regime • Investigating on corruption • Leaking confidential information Interfering with politics • They have their own political ideas • Fight some special political parties
  • 10. The government position The Minister of ICT announced on the national TV that the National Information Security Agency and the Tunisian CERT will be fighting Anonymous: A declaration of War. Anonymous reacted by announcing a special operation against the security Agency www.ansi.tn on the 28th of April 2012 and another operation against the government for the 1st of May.
  • 11. The main anonymous attack: dDos
  • 12. The main anonymous attack: dDos Low Orbit Ion Cannon (loic) Web Stress Tool. Can be used in a stand- alone mode or it can be synchronized using an IRC Server. This software needs to be installed
  • 13. HOIC: Hight Orbit Ion Cannon
  • 14. The main anonymous attack: dDos With LOIC, Anonymous succeeded to cause a denial of service on many servers within few minutes  Very strange behaviour to be analyzed Analysis steps • Log analysis for a DDoSed servers   Surprising • LOIC traffic analysis • DoS simulation in lab • dDos simulation in lab • Server Analysis  The default configuration of web servers is the problem • Developing a new tuning and hardening guide for apache server to resist to such attacks
  • 15. The main anonymous attack: dDos TCP Connection: Three way handshake 1 Apache HTTP sessions: GET HTTP 1.0 2
  • 16. The main anonymous attack: dDos
  • 17. The main anonymous attack: dDos IRC Server C&C
  • 18. The main anonymous attack: dDos Good news: it cannot be used with proxy Proxy Server
  • 19. The online LOIC: JS LOIC http://pastehtml.com/ http://f**kati.yolasite.com/ http://anoon.mypressonline.com/
  • 20. IRC communications #optunisia- Channel Topic: Operation Tunisia | Target: www.ati.tn | Discuss further actions | English only in channel | DO NOT USE HIVE | Anonymity http://piratepad.net/ep/pad/view/ro.sEBJTH2Q/latest | www.anonnews.org | wikileaks.yunicc.org | over9000.splinteredsanity.com | forscherliga-rof.eu | news.pinky-and-brain.com | <Greeny> Hey im new what should i do before ddosing ? <@Ismael> inside Tn --> get on the streets and portest <GZ3r0> SQL Injection Vulnerability Detection <GZ3r0> http://www.tn.gov/ <medo> fire 193.95.67.22 port 53 udp #optunisia- Channel Topic: OperationTunisia | TARGET: 193.95.67.22 port 53 (UDP) | HIVE IS UP: irc.hiddenaces.net:6667 #loic | KEEP FIRING UNTILL TOPIC SAYS OTHERWISE | Setup GUIDE: herpderp01.byethost7.com | Join #operationfreedom for more government ass-whooping | ENGLISH ONLY
  • 21. IRC communications <zargos> how can i do a fire with you <Mouwaten> please how to fire ? <VforTunisia> how can I help? <claude> 4anyone have a tutoriel how to ddos <lek> how can i join the attack ? <feh> i wonder how you can deface a website <mib_idlwgn> wait how do you do 64GB ping? <C0DeR> how can we enjoy the ddos attack ? <mib_yjp5ph> how can I change my MAC adress? <tunisianow> how to learn ddossing ? I was not only for Hacking <@Ismael> YOU have to RIOT on the STREETS <purpleleaves> people in tunisia get out on the streets and protest <op-Tunisia> pepolle in tunisia attacking in streets now <@Ismael> tunsians you have to get you asses on the street and end this <@Ismael> getb the f**k on the streets and RIOT! <@Ismael> Leave you computers the F**K alone and RIOT on the streets1 <Merovingien>: Some say a DDOS is the same as a street protest
  • 22. IRC communications <zorro> ansi is not a gov.tn !!! <zorro> Do not target ansi ; it is not a gov.tn <zorro> ansi is a media web site <zorro> To All : be carefull about LOIC ; some versions are infected !! <zorro> Stock exchange is not Governmental !! <zorro> Do not target stock exchange <F_Youth> zorro => are u kidding? <zorro> But Indonesia would be a good target also LoL <zorro> No freedom in Indonesia !! <zorro> Tunisia is a very sunny country <zorro> DDoS in not efficient at all ; what a lot of energy spent in the wind !! <zorro> international pressure should go where really people suffer (palestine, afghanistan, iraq, ...) <@p2cv> zorro: then stop complaining and invite people to your cause <zorro> don't miss real causes : poverty, real oppression, lack of education, lack of health, child explotation <zorro> wikileaks does NOT provide food for african people <zorro> with DDoS, u r spending ur energy in the wind !! <@p2cv> !k zorro * zorro was kicked by Chuck (Requested (p2cv))
  • 23. The main anonymous attack: dDos Country IP nb Country IP nb France 15208 Switzerland 934 United States 8891 Libya 794 Algeria 4762 Japan 738 Germany 3144 Egypt 3115 Spain 717 Total Country Total IP Argentina 707 Morocco 3028 186 77272 Russia 2874 India 703 Saudi Arabia 2853 Hungary 693 Total number of Brazil 2387 targets Attacks Poland 677 Canada 2346 Ukraine 647 44 DoS, DDoS, Defacement Italy 2023 Taiwan 1917 Netherlands 561 China 1716 United Arab Emirates 554 United Kingdom 1431 Qatar 486 Belgium 1223 Romania 1054 Bulgaria 486
  • 24. The defense strategy The Tunisian CERT was the main coordinator to handle these attacks. Activation of the national reaction plan. Activation of the crisis mode. Incident coordination: • With local IS, Telco, and Critical infrastructures. • With international partners. Action taken • Watching hackers and studying their behavior. • Anticipating attacks. • Analyzing Millions of log lines and developing blacklist. • Sharing blacklist. • Neutralizing IRC servers. • Securing and Hardening vulnerable servers.
  • 25. Role of the CERT: National coordination Inform all stakeholders (ISPs, Telcos, Defense, National Security, Financial Sector, Energy Sector, …). Monitor all critical Web Sites, and inform companies about any abnormal behavior. In case of attacks, collect and analyses log files. Identify the list of IPs participating to the attack, and develop a temporary black-list. Continuously update the black-list, until the end of the attack.
  • 26. Role of the CERT: International coordination The LOIC was synchronized using 3 different IRC servers (1 in Russia, 2 In USA). 7 IRC server for communication (Canada, 3 Germany, Netherland, Austria)  Taking down theses server will end the attack. Collaboration with FIRST network and international partners to take down these servers. International assistance to mitigate the attack (exchanging list of IPs to filter).
  • 27. Conclusion Anonymous is not a common group of hacker: • They are not hackers but they are a huge number of activist. • They do not use very sophisticated hacking techniques. • They can be assister by hacking groups (LulzSec, TeamPoison, …) and also local groups. Facing anonymous attack, can only be done through coordination. Anonymous will be one of the main threat for the next period: • Their number is increasing. • They start to be organized. • They start to learn hacking and recruit hackers.