Tag Archive for: Front

‘Hacktivists’ join the front lines in Israel-Hamas war


WASHINGTON and JERUSALEM — When Hamas sprung its deadly assault on Israel in early October, its militants came from land, air and sea.

The Palestinian group launched rockets at populous areas, deployed drones to destroy observation posts, used motorized gliders to float fighters over fortified borders and dispatched speedboats into defended waters. The effects were instantly tangible, with many Israelis killed, abducted or displaced. Infrastructure, including hardened military installations, was damaged.

Less apparent were the virtual campaigns waged before, during and after the opening salvos, though not necessarily by Hamas itself. Hackers supporting its cause hijacked billboards and flooded phones with threatening texts. Grisly videos quickly circulated online, and social media platforms such as X, formerly Twitter, were saturated with front-line footage, some of it fake.

The online efforts serve many purposes, experts told C4ISRNET, including influencing public opinion, softening resistance and hampering the emergency response.

Cyberattacks “are increasing daily, with hundreds of attacks we’ve monitored so far,” said Gil Messing, the chief of staff at Check Point Software Technologies, a cybersecurity company with roots in Tel Aviv. “Our data shows an 18% increase in attacks on Israeli targets since the beginning of the war, and we expect it to continue.”

Hack-tivity

Outside groups with vested interests in the Israel-Hamas fight are dominating the cyber battlefield.

Operations include defacing popular websites and flooding networks with artificial traffic, rendering them unable to function. This tactic is known as a distributed denial-of-service, or DDoS, attack. Similar moves were seen in the opening days of the Russia-Ukraine war.

“Cyberattacks happened all along, before the [Hamas attack] and after,” said Messing, whose team monitors dozens of third-party groups around the world.

“Hacktivists play a critical role here and actually carry out the vast majority of attacks,” Messing added, using a term for hackers motivated by political or social movements.

Cloudflare, an American company that provides cybersecurity and network services, said media sites were…

Source…

Domain Name System is once again front and center for exploits and security policy


Two recent events are once again bringing the internet’s foundational Domain Name System into the news, and not in a good way.

The first event involving the DNS last week was a warning from the Cybersecurity Infrastructure and Security Agency issued on Friday for version 9 of the Berkeley Internet Name Domain, or BIND.

It calls attention to three exploits that were disclosed and requires updates to this open source software, which is used by thousands of companies and government websites to translate the alphabetic domain names, such as SiliconANGLE.com, and a set of numerical IP addresses, such as like 35.91.118.127, back and forth. The exploits would allow remote malware execution, although none has yet been observed in the wild.

DNS is an essential glue protocol that almost every internet-related service depends on, and BIND is the most popular way DNS entries are manipulated and managed. Exploits are common targets for hackers, who can redirect traffic to their own malicious destinations, useful for phishing and subsequent data stealing operations. The recent Microsoft Layer 7 attack, for example, leveraged a few DNS exploits.

This isn’t the first alert regarding BIND, and isn’t even the first alert seen in 2023: Back in January, there was another alert that could cause denial-of-service and other system failures. Both alerts urge users to update their versions to current patched levels.

The second news item relevant to DNS concerns an open letter issued Friday by Vint Cerf, Stephen Crocker, Carl Landwehr and several others, entitled “Concerns over DNS Blocking.” The authors of this Medium post have been involved in internet protocol development and overall internet governance for decades.

The letter was sent in response to a draft bill under consideration in the French parliament entitled draft Military Planning Law 2024-2030 that was issued in early May. The authors state that the proposals “pose grave risks for global Internet security and freedom of expression.”

The meat of the proposed laws would enable wholesale DNS blocking of any internet provider operating in France. The authors claim the proposals would do more harm than good, and they…

Source…

China Cyberattacked US Corporations Front Lines Taiwan Microsoft Guam


This week, news broke that China cyberattacked the US homeland. The attackers breached critical infrastructure in Guam, an often-forgotten US territory critical to US defense and power projection. The sophisticated attack infiltrated computer networks used for both civilian and military purposes. MicrosoftMSFT assessed with “moderate confidence” that the attackers are laying the groundwork for cyber capabilities that could threaten communications infrastructure in the future. The cyberattack is a serious event that presages a cruel reality of any future conflict with China—civilians are on the front lines, and corporations will need to defend them.

The cyberattack was revealed by Microsoft and the intelligence-sharing group known as the Five Eyes: the United States, United Kingdom, New Zealand, Australia, and Canada. Microsoft and agencies from each of the Five Eyes countries attributed the attack to a China-sponsored group called Volt Typhoon, which has targeted infrastructure organizations in Guam and the US since mid-2021. Volt Typhoon is capable of infiltrating corporate systems and stealing user credentials while avoiding detection for as long as possible. Microsoft directly notified customers who were targeted or compromised and provided necessary information to secure their businesses. China has denied the attack, calling it a “sophisticated disinformation campaign” by the Five Eyes.

Source…

Meet the hacker armies on Ukraine’s cyber front line


  • By Joe Tidy
  • Cyber correspondent

When Russia initiated its full-scale invasion of Ukraine, a second, less visible battle in cyberspace got under way. The BBC’s cyber correspondent Joe Tidy travelled to Ukraine to speak to those fighting the cyber war, and found the conflict has blurred the lines between those working for the military and the unofficial activist hackers.

When I went to visit Oleksandr in his one-bedroom flat in central Ukraine, I found a typically spartan set-up common to many hackers.

No furniture or home comforts – not even a TV – just a powerful computer in one corner of his bedroom and a powerful music system in the other.

From here, Oleksandr has helped temporarily disable hundreds of Russian websites, disrupted services at dozens of banks and defaced websites with pro-Ukraine messages.

He is one of the most prominent hackers in the vigilante group, the IT Army of Ukraine – a volunteer hacking network with a Telegram group nearly 200,000-strong.

For more than a year, he has devoted himself to causing as much chaos in Russia as possible.

Even during our visit he was running complex software attempting to take his latest target – a Russian banking website – offline.

Ironically though, he admits the idea for his favourite hack actually began with a tip from an anonymous Russian, who told them about an organisation called Chestny Znak – Russia’s only product authentication system.

He was told all goods produced in Russia – including fresh food – have to be scanned for a unique number and a barcode supplied by the company from the moment of their creation at a factory, up till the moment of being sold.

Oleksandr smiles as he describes how he and his team found a way to take the service offline, using a hacking tool that floods a computer system with internet traffic – known as a targeted DDoS (Distributed Denial-of-Service) attack.

“The economic losses were pretty high, I think. It was mind-blowing,” says Oleksandr.

Image caption,

Oleksandr says he is not scared of Russian reprisals and refuses to hide his identity

In reality, it’s hard to gauge the disruption prompted by the hack, but for four days last April Chestny Znak posted regular updates about the DDoS…

Source…