PH
With Hollywoodâs glamorisation of hÀçking, itâs easy to think of hÀçker groups as some kind of romantic back-room revolutionaries. But who are they really, what do they stand for, and what attacks have they conducted in the past?
We see the stories every week of some intrepid hÀçker or hÀçker group wreaking havoc with their technical knowhow. Banks robbed of millionsthanks to some cryptic malware, or hÀçked documents leaked from a multi-national corp. This is without mentioning the millions of small-time websites and innocent (and more sinister) Twitter accounts being taken offline. The examples go on and on. But when you look into it, a good deal of the major attacks can often be attributed to a few prominent hÀçker groups.
Letâs take a look at a few of these groups, and what motivates them.
Anonymous: Decentralized Yet United
By far the most notorious and well-publicised hÀçker group is Anonymous. This is an underground, international network of nigh-anarchistic âhÀçktivistsâ which sprung from 4Chan, the controversial image-based bulletin board. The collective has been known to the public since 2008 when it released a YouTube video (above) setting the tone for what was to come. It was in this video that the groupâs would-be tagline was uttered for the first time.
In his first interview since becoming an FBI informant, former Anonymous member Hector Monsegur explains âAnonymous is an idea. An idea where we could all be anonymousâŠWe could all work together as a crowd â united â we could rise and fight against oppression.â
Since then, the mysterious group has launched numerous attacks on the websites of government departments, politicians, multi-nationals, theChurch of Scientology, and hundreds of ISIS Twitter accounts (to name but a few). Itâs important to note however, that due to Anonmyous being entirely decentralised, thereâs no specific âleadershipâ spearheading these campaigns. Most attacks will consist of entirely different individuals who could even be working toward their own individual ends.
One of the groupâs most far-reaching campaigns was the attack launched against PayPal, VISA and Mastercard (Operation Avenge Assange) in response to the leash that was hung around the neck of Wikileaks.
In effect, Wikileaks was â and still is â dependent on donations to stay afloat. The US government mobilised plans to make these donations almost impossible, thereby strangling the websiteâs ability to stay in operation. Anonymous didnât like this move, so countered it by making (very) effective use of the Low Orbit Ion Cannon (LOIC) tool. This tool allowed pretty much anyone to help out with the Denial-Of-Service (DDOS) attacks on these gargantuan websites, temporarily bringing them to their knees, and losing the companies millions of dollars in the process.
After the arguable âsuccessâ of this attack, Anonymous started operating in a much more political sphere, attacking Mexican drug cartels (which failed), websites linked with child pornography and Israeli government websites (in response to itâs attacks on Palestine).
The way in which Anonymous launches these attacks has become almost tradition for the group: the DDOS attack. This is where a websiteâs server is flooded with so much data (packets) that it canât handle the pressure. Generally, the site goes offline until some techies come along to fix the problem, or until Anonymous cease the bombardment. In his fantastic NewYorker piece about Anonymous, David Kushner cites the former Anon Christopher Doyonâs military approach to the groupâs DDOS attacks:
The tactics of Anonymous do go beyond these âtraditionalâ DDOS attacks, though. Back in 2011, Anonymousâ attention turned to Tunisia (Operation Tunisia). Using the contacts and skills at their disposal, the group ensured the revolution happening on the streets received ample media coverage, hÀçked government websites, and distributed âcare packagesâ to protestors. These care packages have since been distributed at various rallies around the world, offering scripts that can be used to prevent government interception, among other things a revolutionary may need.
In terms of the overall aims of Anonymous, these were pretty clearly outlined in a statement publicising Operation Avenge Assange. Whether the group is going about realising these aims in the right or wrong way is open to debate but itâs certainly a step away from the âdoing it for the LULZâ approach that many people associate with other acts of civil disobedience.
Syrian Electronic Army (SEA): Supporting Bashar al-Assad
Not all hÀçkers are fighting for more left-wing, liberal ideals, however. Back in 2012, Anonymous and the Syrian Electronic Army begun exchanging attacks and threats, which lead to Anonymous âdeclaring cyberwarâ on the SEA (see the above video, and the SEAâs reply here)
Since 2011, the highly active SEA has been acting out of support for President Bashar al-Assadâs Syrian regime. Logically therefore, the SEA are often seen attacking Western media outlets that publish anti-Syrian messages. The university students (claimed to have connections with Lebanon-based Islamist militant group Hezbollah) behind these attacks have gained some respect from online security firms after hÀçking hundreds of websites. Prominent targets include the New York Times, CBC, and The Washington Post, causing many to be deeply concerned about the political motives behind the group.
By using malware, DDOS attacks, defacement, spamming and phishing, the patriotic team has been prolific in both attacks, and pranks. On the lighter side of the spectrum, when the group hÀçked the BBC Weatherâs Twitter account, not much damage was done:
On the darker side, the group is well known for using spear-phishing attacks to gain login credentials to Gmail accounts, social media profiles, and more. On 23 April 2013 this approach lead to a Twitter hoax from the Associated Press news agencyâs account. It was falsely stated that an explosion had happened in the White House, with President Obama being injured in the blast. A harmless prank at first thought, but in reality, this led to a $136bn drop on the S&P 500 index over a period of around 2 minutes.
To delve even deeper into the rabbit hole, the SEA has also been linked with posing as female supporters of Syrian rebels in order to sâ Ă©ĂĄl war plans to use in the countryâs ongoing conflict, leading to the death of a large number of rebels.
Chaos Computer Club (CCC): Revealing Security Flaws
Itâs important to understand that not all hÀçker groups insist on using almost exclusively ĂźllĂ©gĂąl measures to get their point across. A case in point is the Chaos Computer Club. As far as European hÀçker groups go, they donât come any bigger than the CCC. which currently has well over 3000 members. Since itâs inception in Berlin during the early 1980s, the group has been pushing itâs personal brand of liberal ethics wherever it can.
This famously began when the CCC stole 134,000 Deutsch Marks from a bank in Hamburg by taking advantage of itâs online Bildschirmtext page, only to return the money the following day to highlight security flaws in the systems.
As mentioned, the majority of the groupâs attacks, unlike other hÀçker groups, have primarily (but not always) been legal. In his interview withOWNI, Andy MĂŒller-Maguhn, an early member of the CCC, explains that âwe needed a lot of legal experts to advise us what we could or could not hÀçk, and to help us distinguish between legal activities and grey areas of legalityâ. This more benevolent approach to hÀçking has, according to MĂŒller-Maguhn, lead to the CCC becoming âan accepted and recognized entity because it has worked to educate the public about technology since the 1980sâ.
Virtually everything the CCC are involved with stems from a deep desire to draw attention to the misuse of â and security flaws in â the technology that both we and our governments rely on. This is often accompanied with plenty of media coverage, ensuring that any uncovered knowledge reaches as wide an audience as possible.
In the aftermath of the Snowden revelations, the groupâs enthusiasm skyrocketed, particularly when the debate turned to mass surveillance, which is where their new focus is centered.
As a few examples of their exploits, in the CCCâs early days, you could expect to see the group protesting against French nuclear tests, sâ Ă©ĂĄling money live on TV using flaws in Microsoftâs ActiveX technology (1996) andbreaking the COMP128 encryption algorithm of a GSM customer card, unnervingly allowing the card to be cloned (1998).
More recently, in 2008, the CCC highlighted major flaws in a federal trojan horse that the German government was using at the time. This technology was alleged to contravene the ruling of the Constitutional Court with some of itâs flaws being discussed in the groupâs press release on the topic:
The CCCâs campaigns werenât all of this kind, however. One of their early projects involved selling source code obtained illegally from US corporate and government systems, directly to the Soviet KGB, along with a host of other less contentious projects.
As a few instances, âArcadeâwas the worldâs biggest light show organised by the Chaos Computer Club. The collective also runs a weekly radio show (German), hosts a yearly workshop-based Easter event calledEasterhegg, and puts on Europeâs largest annual hÀçker gathering, theChaos Communication Congress.
Tarh Andishan: Iranâs Answer To Stuxnet
So far, the attacks mentioned above have rarely, if ever, threatened millions of global citizens with immense danger. In the past couple of years, however, this trend has taken a u-turn with the advent of Tarh Andishan and their relentless pursuit of control over highly important systems and technology.
With an estimated 20 members, most of whom are allegedly based in Tehran, Iran (along with other periphery members around the globe), Tarh Andishan shows what a truly sophisticated hÀçker group may be capable of.
Angered by a badly damaged computer network thanks to a Stuxnet worm attack (allegedly created by the US and Israel), the Iranian government drastically intensified itâs cyber warfare efforts, and Tahr Andishanâ meaning âinnovatorsâ in Farsi â was born.
By using automated worm-like propagation systems, backdoors, SQL injection, along with other high-calibre tactics, this group has launched a large number of attacks on prominent agencies, government and military systems, and private companies all over the world under what has been named âOperation Cleaverâ.
According to the security firm Cylance, Operation Cleaver targeted 16 countries, and suggests that âa new global cyber power has emerged; one that has already compromised some of the worldâs most critical infrastructureâ including the US Navyâs servers, the systems behind a number of leading global companies, hospitals and universities.
Last year, Cylanceâs founder Stuart McClure stated in an interview with the TechTimes that âThey arenât looking for credit cards or microchip designs, they are fortifying their hold on dozens of networks that, if crippled, would affect the lives of billions of peopleâŠOver two years ago the Iranians deployed the Shamoon malware on Saudi Aramco, the most destructive attack against a corporate network to date, digitally destroying three-quarters of Aramcoâs PCs.â
As a more domestic example of the hÀçker groupâs reach, this collective have also reportedly gained complete access to airline gates and security systems, giving the group ultimate control over passenger/gate credentials. These examples are just a few among many, alluded to in Cylanceâs report on Tarh Andishan (PDF). The report claims that he majority of their findings have been left out due to the âgrave risk to the physical safety of the world.â that the group now allegedly poses.
The complexity, and horrifying possibilities of Tarh Andishanâs undertakings strongly suggest that this is a state-sponsored hÀçker collective, with (as of yet) no clear aims or ambitions but with a terrifying ability to compromise even the most secure of systems.
This is Just The Tip Of The Iceberg
These four examples are just the tip of the iceberg when it comes to hÀçker groups. From Lizard Squad to APT28, the net is awash with groups whoâre looking to compromise systems whether for political gain or simply for the lulz. Itâs only a relative few, however, whoâre responsible for a good chunk of the more publicised attacks that we see in the media. Whether we agree with their approach or not, their capabilities are sometimes shocking, and almost always impressive. The âhÀçker cultureâ is not something thatâs going away though, and we can only expect to see more of this kind of activity in the future, and itâll be getting increasingly sophisticated as time goes on.
All we can do is hope that itâs negative results are somehow kept to a minimum.
What do you think of this kind of online activity? Is it an unavoidable aspect of modern technology, or is it something that we have to clamp down on?
