23/10/2012                                                           Hackers The Impact of Hacktivismon Australian Organis...
23/10/2012                        Attacks                                               Of Interest X-Factor contestant D...
23/10/2012                         Anonymous                                                            Key Campaigns Ano...
23/10/2012            Sony Hacking Example (2011)                                          Australian – Data Retention Str...
23/10/2012                  Anonymous Profile                                                        New Developments Str...
23/10/2012   Hacker Tagger – Australian Case Study In late 2005, the Chief Minister of the Australian Capital Territory (...
23/10/2012     http://organicmountaingarlic.com.au/                                                Queensland Fungi Societ...
23/10/2012              The Physical Cause                                    Protests & Cyber Attacks On April 27, 2007,...
23/10/2012                     The Attack In Estonia the attack took the form of coordinated mass requests for informatio...
23/10/2012                                                                             Bot Net                            ...
23/10/2012                            TCP SYN  An assault on a network that prevents a TCP/IP server from                ...
23/10/2012                  Duration of Attacks                                                  Aftermath Attacks    Ban...
23/10/2012                    Conclusion Is Hacktivsim a modern form of civil disobedience and just a form of expression?...
Upcoming SlideShare
Loading in …5

The impact of Hacktivism upon Australian Organisations


Published on

Talk to the Australian Computer Society - SIG (Victoria) Information Security. About the impact of hacktivism on Australia. Presenter: Prof Matt Warren (www.mjwarren.com)

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

The impact of Hacktivism upon Australian Organisations

  1. 1. 23/10/2012 Hackers The Impact of Hacktivismon Australian Organisations Motivation is an important aspect of hacking, whether it is: PROFESSOR MATT WARREN, SCHOOL OF INFORMATION SYSTEMS,  Traditional - Gaining knowledge (hacker manifesto); DEAKIN UNIVERSITY  For financial gain (current situation – organised WWW.MJWARREN.COM crime). Motivation has changed over time from single hackers to groups of hackers. LulzSec Profile  Small Group of Hackers (6/7);  “For the past 50 days weve been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could”. (Last Message?);  Aim to Cause Disruption. 1
  2. 2. 23/10/2012 Attacks Of Interest X-Factor contestant Database Released;  Traditional model of a hacking group. CIA Web-site Defaced; InfraGard – FBI Think Tank – defaced site and  Extensive use of Social Media Twitter Followers – related database of user details; 356,000 and use of sites such as Pastebin. Released 62,000 email address and passwords including Australian organisation details, e.g. Universities, local government, NPO. Desire to highlight security weaknesses. Hacktivsm Anonymous In the broadest term it is the use of technology as a means of protest to promote political ends. The aims of the protest would depend upon the group; Term developed from the mid 90’s by the hacking group “Cult of the Dead Cow”; Techniques can include hacking, malware, denial of service and information disclosure. 2
  3. 3. 23/10/2012 Anonymous Key Campaigns Anonymous is NOT  The Church of Scientology, Vatican;  an organization, a club, a party or even a movement.  Software Piracy;  There is no charter, no manifest, no membership fees.  Political Campaigns against governments– Australia,  Anonymous has no leaders, no gurus, no ideologists. In fact, it Burma, Iran, UK, USA, Russia, Syria, and India; does not even have a fixed ideology.  Supporting the Arab Spring; Anonymous has no centralized infrastructure but use  Sony; existing facilities of the Internet, especially social  Wikileaks; networks.  Cyber Bullying. “We are ready to hop on to the next one if this one seems compromised, is under attack, or starts to bore Australian examples are linked to government decisions us”. relating to Internet Filtering and Data Retention. http://www.cyberguerrilla.org Sony Hacking Example (2011) Sony Hacking Example (2011) Anonymous had vowed retribution against Sony for taking legal action against hackers who cracked PS3 defences to change console operating software; A message signed by Anonymous at the website anonnews.org announced an "Operation Payback" campaign aimed at Sony because of its cases against the two hackers. 3
  4. 4. 23/10/2012 Sony Hacking Example (2011) Australian – Data Retention Strategy  77 million customers details were stolen;  The Australian Government proposing:  Data Retention Strategy where Internet Service Providers  The data that was disclosed included; holds customers data for a period of two years.  passwords, logins to the Sony PlayStation network as well as user  Law enforcement agencies would have access to this data as email addresses; required.  It has been assessed that 700,000 Australian customers were impacted;  Anonymous don’t agree with the proposal.  The breach occurred on April 17-19…Sony notified its customers on the 27 April. Anonymous Steal Data from AAPT Australian Organisations Listed  Australian Federal Police; Anonymous steal 40GB worth of user data from ISP -  Australian Securities and Investments Commission; AAPT and released the information to the public;  Reserve Bank of Australia; The aim was to show that ISP’s cannot securely  ABC Ultimo;  NSW Attorney Generals Department; protect data;  Brisbane City Council, Road and Traffic Authority; Some of data was sanitised and released via  Labour Council of NSW; Pastebin;  Bureau of Meteorology;  Department of Premier and Cabinet Queensland; The initial release was 180,000 records posted via  Australian Post; Pastebin.  Australian Crime Commission;  Productivity Commission;  Refugee Review Tribunal;  Energy Australia and;  Department of Defence Southern Region. 4
  5. 5. 23/10/2012 Anonymous Profile New Developments Strong Global Presence;  Development of new sub-group. Warren and Leitch (2010). Hacker Taggers: A new type of hackers, Information Strong use of Social media networks;  Systems Frontiers, Vol, 12, No 4. Twitter  Anonymous – 648,085 Followers  Hacker taggers – the same as traditional hackers but  Australian Anonymous 3,483 followers also politically motivated. YouTube – Anonymous Channel  Message to the American People – 7.6 million views (National Defense Authorization Act). Hacker Taggers Hacker Taggers A new Hacking Sub Group:  are very competitive;  have a strong desire to succeed;  exchange information amongst themselves, e.g. successful defacements;  respect each other based upon their success;  cause minimal damage to websites or no damage to websites;  only deface websites, do not steal information or damage websites long term;  rely upon media reports to cause political damage or embarrassment;  can be individuals or groups of people. 5
  6. 6. 23/10/2012 Hacker Tagger – Australian Case Study In late 2005, the Chief Minister of the Australian Capital Territory (ACT) caused controversy by posting the Australian Federal draft counter- terrorism legislation on his website without the approval of the Federal Government. "Fatal Error was here ohh yeahh lets go! irc.gigachat.net #Ferror". The response by the Media Australian Impact Stanhopes website defaced – The Age  Between 22/10/12 – 12/10/12 (10 days);  379 Australian Websites were hacked and tagged.;  Approximately 38 hacks per day. ACT Chief Minister targeted by hackers – Computer World  Attacks were simple exploits and hacked sites were SMEs, schools and local government. Hackers shut down Stanhope website – Sydney Morning Herald. 6
  7. 7. 23/10/2012 http://organicmountaingarlic.com.au/ Queensland Fungi Society A Pro Turkey Message and includes an audio of the Turkish national anthem. Cyber Militias Estonia Hackers who carry out activities because of a  1.4 million people national political cause, acting out of patriotism.  Substantial ethnic Russian minority Brought together for a certain period of time.  Member of EU and NATO. Cyber militias need to be co-ordinated and  Extensive Internet use information distributed, e.g. tool-kits.  – Banking, voting, petrol purchase, etc. The role of governments?  – 60% use Internet daily  A Developed Information Society. 7
  8. 8. 23/10/2012 The Physical Cause Protests & Cyber Attacks On April 27, 2007, officials in Estonia relocated the "Bronze Soldier," a Soviet-era war memorial  Relocation of Russian statue triggered protests commemorating an unknown Russian who died outside Estonia as well as inside. fighting the Nazis. The move incited rioting by ethnic  Defacement and DDoS Russians and the blockading of the Estonian  Attacks were dominated by BOTS. Embassy in Moscow.  Almost all traffic came from outside Estonia.  Attacks against Estonia government, media and banking organisations. 8
  9. 9. 23/10/2012 The Attack In Estonia the attack took the form of coordinated mass requests for information and spam e-mail which slowed down key Web sites so they did not function or crashed due to the attacks. The attacks, which started around April 27th 2007 and lasted about three weeks. Peaking May 9th 2007 – Victory Day – Russia. The important role of BOTs. 9
  10. 10. 23/10/2012 Bot Net  (roBOT NETwork) Also called a "zombie army," a botnet is a large number of compromised computers that are used to create and send spam or viruses or flood a network with messages as a denial of service attack.  The computer is compromised via a Trojan that often works by opening an Internet Relay Chat (IRC) channel that waits for commands from the person in control of the botnet. Attack Profile ICMP Flood Security Analysts observed 128 unique DDoS attacks  ICMP (Internet Control Message Protocol) flood, on Estonian websites in May 2007. also known as Ping flood or Smurf attak, is type of Of these, Denial of Service attack.  115 were ICMP floods,  4 were TCP SYN floods, and  It sends large amounts of (or just over-sized) ICMP  9 were generic traffic floods. packets to a machine in order to attempt to crash the TCP/IP stack on the machine and cause it to stop http://asert.arbornetworks.com responding to TCP/IP requests. 10
  11. 11. 23/10/2012 TCP SYN  An assault on a network that prevents a TCP/IP server from Foreign Affairs servicing other users.  It is accomplished by not sending the final acknowledgment to the servers SYN-ACK response (SYNchronize-ACKnowledge) in the handshaking sequence, which causes the server to keep signalling until it eventually times out.  The source address from the client is, of course, counterfeit.  SYN flood attacks can either overload the server or cause it to Government of crash. Estonia Dates of Attacks Duration of Attacks Dates of Attacks  Attacks Duration  21 attacks on 3rd May 2007  17 less than 1 minute  17 attacks on 4th May 2007  78 1 min - 1 hour  31 attacks on 8th May 2007  16 1 hour - 5 hours  58 attacks on 9th May 2007  8 5 hours to 9 hours  1 attack on 11th May 2007  7 10 hours or more May 9th – Victory Day – Russia 11
  12. 12. 23/10/2012 Duration of Attacks Aftermath Attacks Bandwidth measured  Dmitri Galushkevich was fined 17,500 kroons (£830)  42 Less than 10 Mbps for an attack which blocked the website of the  52 10 Mbps - 30 Mbps Reform Party of Prime Minister Andrus Ansip.  22 30 Mbps - 70 Mbps  12 70 Mbps - 95 Mbps  NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD COE) was set up on Estonia with the support of NATO. The largest attacks measured:  10 attacks measured at 90 Mbps, lasting upwards of 10 hours.  The role of Russian Youth Groups – Nashi was considered key in sharing and co-ordinating activities. Hacktivism Australian Context Grey Areas Australian Organisations are at a low risk of Hacktivism unless in particular industries or a  The boundaries are blurred between: particular sector;  Hackers; Mass disclosure of data could impact all  Hacker Taggers; organisations;  Hacktivsm;  Cyber Militias; Hacker Taggers is a greater risk for smaller  Cyber Terrorists and; organisations with lower levels of security  Cyber Warfare. Unknown political issues could trigger attacks. 12
  13. 13. 23/10/2012 Conclusion Is Hacktivsim a modern form of civil disobedience and just a form of expression? Thank You Or is Hacktivism a threat to Australian organisations and their customers? For Your Time The impact of unforeseen events. Next Talk 26th November Title: Security Learning from Incident Response Speaker: Dr Atif Ahmad, University of Melbourne 13