Fail 2011: Year of the Hacks

• 1. Year of the Hacks Fail 2011 November 29, 2011 Hamza Sirag | Hanh Tran

2. Outline Introduction Key players Victims Timeline of significant attacks of 2011 Statistics Common attack methods Motives Threat mitigation Conclusion Future of security 3. Introduction Fail 2011: Year of the Hacks New Hacktivist Groups New Operations #AntiSec Protests government censorship & Internet monitoring #Sony Data leakage via PasteBin / PasteHTML Hacking: easier than ever before 4. Key Players Hacktivist Groups Anonymous LulzSec TeaMp0isoN Individual hackers/script kiddies Nation States China, Russia, Iran, Pakistan, etc. Nation State Cyber Armys Iranian Cyber Army Indian Cyber Army Pakistan Cyber Army Albanian Cyber Army 5. Victims 6. Significant Attacksof 2011 7. January 8th grade student Ontario, Canada hacked into school servers to access test results Using laptop & downloaded software Lush Cosmetics (UK) Data Breach Credit card information compromised Customers reported fraudulent charges on credit cards Anonymous implemented DDOS attack on multipleAfrican government websites Tunisia, Egypt, and Zimbabwe Security communities Pakistan Cyber Army, rootsecurity.org, uNknown.eu Claimed to be best or underground hacker forum By TeaMp0isoN 8. February Government websites Britain UK Foreign Secretary Canada Egypt Italy Yemen Security communities The Hacker News Network, by Albania Security Group Indian Cyber Army, by Albania Security Group Rootkit.com, by Anonymous 9. March RSA Security, Inc. Advanced Persistent Threat (APT) using social engineering Excel spreadsheet exploited a zero-day Flash vulnerability SecurID tokens used by financial, government and other sites were at risk China suspect Digital Certificate Authorities Stolen certificates by 21 year old Iranian man Protested US Policy & involvement in Stuxnet Targeted Irans nuclear program, according to experts Could spoof websites if compromised certificates not revoked in time Google, Microsoft, Skype, Yahoo, etc. Bank of America, London Stock Exchange, WordPress,display screens in Time Square, whatismyip.com, etc. 10. April Operation Sony Payback George Hotz Sonys acquisition of IP addresses of visitors to his blog Anonymous, LulzSec, Lebanese hacker Idahc andvarious other hackers DDoS, SQL injection, etc. Website defacement Leakage of 77 million customers personal information Names, birthdays, addresses, emails, usernames, passwords, credit cards, etc. 11. May LulzSec formed Laughing at your security since 2011 50 Days of Lulz Fox News X-Factor 250,000 details exposed By LulzSec PBS Website After Frontline Wikileaks program on Bradley Manning Zero-day exploit on Movable Type 4 (MT4) by LulzSec Passwords leaked and false report posted Operation Sony continues Sony Greece, Sony Indonesia, Sony Japan, Sony Ericsson, Sony PlayStation Some were by LulzSec 12. June Gmail Passwords stolen with a phishing attack, also changed forwarding and delegation settings Acer Europe Pakistan Cyber Army, due to server admin error Source code and user data of 40,000 people compromised FBI Partner Infragard Atlanta LulzSec, in an attempt to embarrass the FBI and security firm government contractor Site hacked, defaced and 180 Infragard usernames and passwords leaked U.S. Senate LulzSec, dont like the U.S. government much and their sites arent very secure Server was on public side, so no sensitive data breached CIA LulzSec, Tango down cia.gov for the lulz Electronic Arts System hosting BioWare Neverwinter Nights forum breached IDs, passwords, e-mails, addresses, names, phones, CD keys and birthdates compromised 13. July Apple 26 admin usernames and passwords for an Apple server exposed. Fox Twitter account The Fox News Twitter feed was used to publish false reports that President Obama had been killed. German Federal Police hackers compromised a server used by the countrys customs service and posted location coordinates, license plate and telephone numbers, police usernames and passwords, and a GPS application in response to government communications interception. Italian Polices National Center for Computer Crime and theProtection of Critical Infrastructure Stole more than 8 GB of internal data that was allegedly seized during police investigations, including information on the Ministry of Transport in Egypt, Ministry of Defense in Australia, Russian companies and U.S. Justice Department. 14. August 72 public and private organizations in 14 countries hacked Government of Syria Home page of the Syrian Ministry of Defense site defaced with Anonymous logo and a call for the downfall of President Bashar al-Assad. Hong Kong Stock Exchange Hackers broke into news site of Hong Kong stock exchange, where corporate filings are published, forcing the suspension of trading for seven companies. Research in Motion RIMs BlackBerry blog was hacked in retaliation for RIM offering to assist London police in combating rioters, many of whom are using BlackBerrys to organize. By TeaMp0isoN Citigroup Japan Attack was perpetrated by a third-party vendor that had been given access to Citis internal systems. Personal information of 92,408 Citigroup credit card customers in Japan was stolen and sold to third parties. 15. September NBC News Twitter 9/11 prank: plane attack underway at Ground Zero By @S_kiddies, claimed affiliation with Anonymous 50,000 WordPress sites Infected with spam from wplinksforwork.com 25,000 Austrian Police records Posted on PasteHTML by Anonymous Operation Syria 7 major Syrian government sites compromised by Anonymous 16. October U.S. Military Predator and Reaper drones Common key logger- registered the keystrokes pilots use to control the unmanned drones. Operation DarkNet 40 child pornography websites taken down 1,500 users information exposed By Anonymous Operation Cartel Targeted Los Zetas, after kidnapping of Anonymous member Gustavo Rosarios website defaced By Anonymous 17. Anonymous Veracruz message to ZETAhttp://www.youtube.com/watch?v=bJORGO1Q2VY 18. November Capital One Bank DDOS attack By Anonymous Other victims that day listed on PasteBin 150 international foreign government emails By TeaMp0isoN Usernames and passwords uploaded on PasteBin Neo-Nazi website in Finland By Anonymous Personal information of 16,000 people leaked Valve Steam Steam forum defaced intruders obtained access to a Steam database in addition to the forums. Database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. 19. Wasim Ahmad, Voltage Security 20. Common Attack Methods Keylogging and spyware Backdoor or command/control Phishing SQL injection Abuse of system access/privileges Unauthorized access via default credentials violation of acceptable use and other policies Unauthorized access via weak or misconfigured access control lists(ACLs) Packet sniffing Unauthorized access via stolen credentials Pretexting or social engineering Authentication bypass Physical theft of asset Brute-force attack 21. Motives Monetary Identity theft Theft of intellectual property/ideas Publicity Espionage Nation states Corporations Cyber terrorism Self motivation/thrill 22. Threat Mitigation Use a firewall Least privilege When prompted for root, ensure program is legitimate Disable AutoPlay Disconnect drives when not required Disable file sharing if not needed If needed, use ACLs and password protection Disable anonymous access to shared folders Reference: Liang Yuan, Yi Li, Kai Xiao, Dennis Tran, Symantec 23. Threat Mitigation Disable unnecessary services If a threat exploits a service, disable or block access to it until a patch is applied Keep patch levels up-to-date Especially on computers hosting public services / accessible through firewall (HTTP, FTP, mail, DNS) Block emails containing suspicious attachments .vbs, .bat, .exe, .pif, .scr, etc. Isolate compromised systems to prevent spread Perform forensic analysis and restore systems using trusted media Common security practicesReference: Liang Yuan, Yi Li, Kai Xiao, Dennis Tran, Symantec 24. Threat Mitigation Enforce strict IT security policies Perform regular audits and remediations Have user awareness programs Establish a disaster recovery plan Attend security conferences DefCon, DerbyCon, BruCon, SchmooCon, ReCon,RuxCon, ToorCon, SummerCon, NullCon, Infiltrate2011, Hacker Halted USA 2011, etc. 25. Conclusion - Future of Security Increased growth in Cyber attacks Cyber fraud Cyber espionage Hacktivist groups Attempted attacks on industrial systems More advanced attacks Targeted attacks 26. References [1] The Hacker News. "Its Fail 2011 - Year of Hacks."http://thehackernews.com/2011/09/its-fail-2011-year-of-hacks.html?m=1. [2] International Business Times. Operation Anti-Security: Anonymous Yet toAct While LulzSec Rampage.http://uk.ibtimes.com/articles/167639/20110622/lulzsec-lulz-security-anonymous-operation-anti-security-anti-sec-hacked-cleary-ryan-arrest-attack.htm. [3] PSX-Scene. Geohot: Here is Your PS3 Root Key. http://psx-scene.com/forums/f6/geohot-here-your-ps3-root-key-now-hello-world-proof-74255/#post643883. [4] UPI. 8th Grader Hacks School Server.http://www.upi.com/Odd_News/2011/01/11/8th-grader-hacks-school-server/UPI-91161294770552. [5] PC Mag. Nintendo 3DS Hacked Within 24 Hours.http://www.pcmag.com/article2/0,2817,2381021,00.asp. [6] InfoSec Island. Sony Becomes Latest Operation Payback Attack Target.https://www.infosecisland.com/blogview/12780-Sony-Becomes-Latest-Operation-Payback-Attack-Target.html. [7] Pastebin. 50 Days of Lulz. http://pastebin.com/1znEGmHa. 27. References [8] Pastebin. PBS.org Hacked and it was Not Done by SQL.http://pastebin.com/0YULt1ZG. [9] Schenk, M. 10 Tips for Securing Your Movable Type Installation.http://www.movabletips.com/cgi-bin/mt/mt-search.cgi?IncludeBlogs=2&tag=0day&limit=20. [10] Miller, Z. The NBC News Twitter Account was Just Hacked in Disgusting 9/11Prank. http://www.businessinsider.com/nbc-news-twitter-account-hacked-in-disgusting-911-prank-2011-9. [11] The Hacker News. 50000 WordPress Sites Infected with Spam.http://thehackernews.com/2011/09/50000-wordpress-sites-infected-with.html. [12] Twitter. AnonAustria.https://twitter.com/#!/AnonAustria/status/118131885997174784. [13] Forbes. Hackers Attack Child Porn Sites.http://www.forbes.com/sites/mobiledia/2011/10/25/hackers-attack-child-porn-sites. [14] The Hacker News. Anonymous Hackers Threatening a Mexican Drug Cartel.http://thehackernews.com/2011/10/anonymous-hackers-threatening-mexican.html. 28. References [15] Gustavo Rosario. http://www.gustavorosario.com. [16] Pastebin. What a Good Day Huh. http://pastebin.com/gkMGyQMd. [17] Pastebin. International Foreign Government E-Mails Hacked.http://pastebin.com/X8s4Xqu4. [18] The Hacker News. Anonymous Hackers Hack Neo-Nazis Website and LeakPersonal Info of 16,000 Finns. http://thehackernews.com/2011/11/anonymous-hackers-hack-neo-nazis.html. [19] Youtube. Anonymous Operation Blackout.http://www.youtube.com/watch?v=czY-dZQsd-k. [20] Martin, Bob, Mason Brown, Alan Paller, and Dennis Kirby. "2011 CWE/SANSTop 25 Most Dangerous Software Errors." MITRE and SANS.http://cwe.mitre.org/top25/archive/2011/2011_cwe_sans_top25.pdf. [21] Yuan, L. (2011, September 6). Mebromi. Retrieved fromhttp://www.symantec.com/security_response/writeup.jsp?docid=2011-090609-4557-99&tabid=2 [22] Wasim, A. (2011, July 17). Looking back at the size of data breaches.Retrieved from http://superconductor.voltage.com/2011/07/looking-back-at-the-size-of-data-breaches.html