Recent Western Cape Business News
Activists using hacking activity, aka “Hacktivists”, have discovered that a relatively basic hacking approach, with buy-in from disenfranchised groups of people, can have significant effects on online businesses.
“With names like #OpISIS, #OpParis, #OpMonsanto, #OpWhales, #OpKillingBay, #OpKKK, and #OpTrump, you can easily see that Hacktivists focus their attention on a wide variety of causes,” points out Jerome Schoner, associate at RSA DACH. “The 2016 Olympic Games in Rio, Brazil, have come to a close, and we saw that they were no different. If there is a major event with significant press coverage, it will typically draw Hacktivist attention.”
In addition to threats to the physical safety and security of people and organisations involved in these Olympic Games, cybersecurity is also a real concern.
Anton Jacobsz, MD at Networks Unlimited, the value-added distributor of RSA products in Africa, says that important lessons from the Rio Olympics can be learnt to future safeguard major sporting in Africa, such as the upcoming African Cup of Nations in Gabon. “Africa is a region that is increasingly being targeted by cyber attackers and sporting events on the continent draw large audiences,” he says.
Schonerexplains that hacktivist-related incidents aim to bring attention to several kinds of causes and have increased over the years, and some hacking groups, such as Anonymous, have been leading operations and encouraging people to join causes for several years.
Several examples include Anonymous operations #OpNice (Operation “Nice”) to “hunt” members of the terrorist group responsible for the attack on the French city which killed almost a hundred people, #OpKKK (Operation “Ku Klux Klan”) to reveal the names of up to 1,000 members of the Ku Klux Klan and other affiliated groups, #OpIcarus (Operation “Icarus”) to shut down the banks, and #OpWhales (Operation “Whales”) targeting Iceland and Japan websites against whale slaughter.
A few months ago, before the start of Rio 2016, Anonymous announced another operation called #OpOlympicHacking (Operation “Olympic Hacking”).
#OpOlympicHacking, says Schoner, has social motivation in Brazil as did #OpWorldCup (Operation “WorldCup”), launched by Anonymous during the 2014 FIFA World Cup held in Brazil, which targeted various government organisations as a form of protest against hosting the event.
The Anonymous group released the following statement #OpOlympicHacking:
“Hello Rio de Janeiro. We know that many have realized how harmful it was (and still is) the Olympic Games in the city. The media sells the illusion that the whole city celebrates and commemorates the reception of tourists from all over the world, many of them attracted by the prostitution network and drugs at a bargain price. This false happiness hides the blood shed in the suburbs of the city, mainly in the favelas thanks to countless police raids and military under the pretext of a fake war. Poverty is spreading throughout the city, forcing entire families to leave their homes and traditional neighborhoods on account of high prices of rent and / or removals made by a corrupt city hall and serve only the wishes of the civil construction. We already manifested in other communications our repudiation to the realization of megaevents in the middle of the glaring social inequalities in this country. Still, even after so many words, so many manifestos or protests on the streets (all always fully supervised by repression, if not repressed with brutal violence) looks like the government will continue ignoring the voices of their own people. Therefore, we will continue with our operations to unmask the numerous arbitrary actions of those who are state and therefore its own population enemies.”
Two videos were also published, calling people to join #OpOlympicHacking.
Anonymous describes itself as “an Internet gathering” with “a very loose and decentralised command structure that operates on ideas rather than directives.”
The Anonymous Brasil cell is coordinating the #OpOlympicHacking operation by using communication channels like Twitter, Facebook, Youtube and ICR channels.
These channels are used to coordinate distributed denial of service (DDoS) attacks again certain targets and to publicise the results of previous attacks and campaigns.
Besides coordinating DDoS attacks against certain targets, these channels are also being used to discuss and encourage people to search for vulnerabilities in the targets.
DDoS tool (“opolympddos”)
According to Schoner, a tool to perform DDoS attacks against certain targets has been especially developed and shared for the#OpOlympicHacking operation.
“The #OpOlympicHacking DDoS tool, or “opolympddos”, is a set of executable (VB .NET and Python scripts converted to Windows executable files) and batch files. It allows anyone who wants to collaborate on the operation to perform DoS attacks by installing TOR and by clicking pre-configured buttons associated to specific targets, in order to launch Layer 7 DoS attacks against the targets. This is achieved by creating persistent connections and sending HTTP requests with random data and user-agents,” he says.
Other DDoS tools
There is evidence that other DDoS tools have also been mentioned and shared among hacktivists to perform DDoS attacks against #OpOlympicHacking targets:
A compressed file containing a set of “hacker tools”. None of these are really new as shown in the table below:
File Compilation Time VT first submission Note
Anonymous External Attack.exe 22/03/12 11:54 23/03/12 09:09 HTTP Attacker. 26 antivirus identified as “HackerTool”
Bull-dosa.exe 05/11/11 05:59 07/12/11 01:56 DOS Tool. 21 antivirus identified as “HackerTool”
FireFlood.exe 21/01/12 22:03 22/01/12 00:20 DOS Tool. Possible anti-virtualization techniques.
LOIC.exe 13/12/14 07:09 14/12/14 00:57 DOS Tool with user tracking via google analytics.
LOIC 2013.exe 05/01/13 07:58 21/01/13 20:37
MacStartx User Attack [ tiger ].exe 26/10/13 06:14 25/10/16 11:00 Tool offered in BR forum: hxxp://www.connect-trojan.net/2014/08/macstartx-user-attack-tiger-v461.html
“Anonymous leaders have been sharing a list of potential targets via Pastebin posts. So far, there is evidence that the#OpOlympicHacking operation is targeting the organisations tied to scandal rumors in relation to the Olympics,” says Schoner.
A few websites have been targeted by DDoS and DoX attacks. The websites that Anonymous claims were shut down during the #OpOlympicHacking include sites pertaining to the national and local governments as well as sports organisations.
Additionally, Anonymous claims that several organisations and people related to the Olympic Games event had sensitive data exposed.
He concludes: “The volume and frequency of attacks known to date is below what RSA experts had expected and with the majority of them being related to DDoS activity, fairly low tech and of limited long-term impact. RSA researchers are continuing to monitor and identify additional threats.”
Business News Sector Tags:
Fax 2 Email
Study IT Online
Work from Home