In the last few years, the digital revolution and Cyber attacks have gained steam and things are changing quickly. Hackers are actively hunting for victims, more than ever. Innocent bystanders including health organizations, hospitals, emergency services are on the target list.
Ransom attacks are launched against corporations, banks, government agencies and individuals. Attackers are no longer inexperienced hackers, but professional players belonging to criminal organizations, government agencies and hacktivist teams.
Technology gurus like Elon Musk warn that AI, or Artificial intelligence, must be regulated before it’s too late. AI could also be used by hackers as state-of-the-art weapons. While the civil world contemplate the right measures for controlling new technologies, state sponsored hackers are improving their means and tools. Hackers are even using the SAS (software as a service) method for utilizing and employing DDOS and other Cyber attacks.
Hackers have introduced new highly sophisticated hacking tools stolen from the NSA. They organized themselves into development groups, distribution and operational groups that simply collect the illegal proceeds from hacking.
New players have also made themselves famous. The US Government has declared that the WannaCry virus attack in 2017 was conducted by North Korea. The Kaspersky antivirus tools have been banned from use in government agencies. Russia has been tagged as a country that is meddling in US election campaigns. According to ClearSky Cyber Security, hundreds of servers have been breached during 2020-2021.
Other contracted APT (advanced hacker attack) teams have been busy in the 2020’s exposing defense contractors’ secret data. See the following report from FireEye:
“Suspected APT Actors Leverage Authentication Bypass Techniques… APT5 (an APT group) has shown significant interest in compromising networking devices and manipulating the underlying software which supports these appliances. They have also consistently targeted defense and technology companies in the U.S., Europe, and Asia”.
Criminals have always been there for the money. Criminal hacker groups distributed malware, ransom viruses that lock computer files and even established ecommerce platforms.
Stolen files are hot property. The more famous the person is, the higher value for his or her files. Sometimes honest people get in between the crossfire of mass spraying of malware and get infected.
The Current Status of Hacker Affairs
People all over the world are going long distance to hide their financial matters but in a blink of a screen, a big wide door is opened to their finances. A throwaway receipt may reveal the details of a bank account; a conversation on the train may disclose private information; a left alone laptop “for just a couple of seconds” may become a target for hacker’s actions.
Not only small organizations are left unprotected due to lack of management attention, but also a huge company that has 40% market share of the energy transported to the US East Coast, Colonial Pipline.
Criminal organizations are using the software industry latest marketing tactics, including offering ransomware-as-a-service affiliate program, according to FireEye.
Very recently, I walked into a college library where the computers did not have passwords. Anyone could have seen the internal of the college network because it was not segmented. It does not make sense these days, but it’s happening all the time.
The people around you are not aware of the risk they run with their digital assets. A simple electronic wallet may become the next victim to theft just by having the wrong setup. A whole home network may be a constant target for hacking just because it has a password such as Password or P@ssword.
Small companies and even large ones may have the idea that “no one would be interested in our data, because there is nothing there”. That is of course a misconception. A hacker would be interested in anything that may lead him or her to something else. That something else may be even more interesting.
What is “interesting” to hackers?
Everything is interesting: photos, passwords, links, names and contacts, documents, financials and private stuff. Many times the exposed material does not have a real value, but the hacker cannot stand the temptation. He will take it, just in case he will need it later on.
Who are the hackers?
They do not necessarily live in our own neighborhood. With the worldwide internet broadband connection, the hacker may live ten thousand miles away and still be as close to your affairs as one can.
In June 2017, the Qatari Prince was surprised to find news that had been distributed on Twitter and again re-tweeted by automatic bots. It was an unstoppable story that the Prince had insulted and undermined Saudi Arabia’s King. Diplomatic ties between the two countries were immediately cut off.
Later, it was discovered that a foreign organization did it, as bad joke (Russia was mentioned by a couple of sources).
Chinese hackers hacked Google’s servers in 2009. That event marked a significant milestone for Google and its users. Following the publication of the affair, Google marked the cyber issue as a strategic goal in itself.
Since then, the company has invested large resources to create a secure environment in all their infrastructure and applications. Today, the company is a source of important information about new vulnerabilities exposed (including Project Zero and disclosures about security gaps in Microsoft systems). Today, Gmail is considered as one of the safest of its kind.
Yet, despite the great steps in the right direction, some security laps are built-in into the human behavior. Some 80% of Americans say they would open an unidentified email.
The year 2016 was a significant milestone in the impact of cyberspace on political life. During the election campaign for the US Presidency, Hillary Clinton suffered cyber attacks that severely slowed down her winning streak in the polls. She ended up losing the elections to Trump.
How Cyber Became a Strategic Issue
A generation after the first computer virus was introduced, companies, governments, countries and individuals are still fighting cyber-attacks. The term “cyber” describes the complexity of connecting to the Internet. It describes the connectivity of the computers and the telephones anywhere in the world to one network.
Cyber has become one of the unresolved technical issues. The subject employs more and more people in businesses. There are interruptions in electricity, water, national defense systems and crucial lifesaving services. “A well-planned cyber-attack can do more damage than squads of F-16 fighter jets”, as the previous Israeli Mossad director has recently said.
Cyber touches every aspect of modern life, which is characterized by the fact that every human being, from the farmer who grows rice in Asia to a high school student in Hawaii, has a smartphone that is constantly connected to the World Wide Web.
Prime ministers are ousted because of cyber exposure (like the prime minister of Iceland who was forced to resign because of the “Panama Documents” affair). The heads of companies are fired due to the exposure of emails they wrote. Other companies find themselves vulnerable to daily attacks.
The law in various countries is updated with regulations for protecting the public from essential service disruption or disclosure of private information.
Financial institutions and military industrial companies, such as manufacturers of aircraft and jet engines, have become targets for attacks by criminals, espionage organizations and hackers from around the world. Also related, see The Proliferation of Weapons in Cyberspace, a paper published by INSS.
In some organizations, cyber threats become real when computers are locked with encryption or web sites are taken out of service. Movie studios, like Sony and HBO, found themselves exposed to thefts.
Exposure to cyber threats also exists for anyone who is not even connected directly to the internet. Organizations which are connected to the Internet regularly are subject to frequent cyber-attacks.
The source of the risks is related to the international nature of the Internet and the global connection of people around the world. The low cost makes it possible to connect to anyone anywhere.
Computer bugs, human errors, and management issues ensure that there are always security holes that enable unauthorized access.
The problem is getting worse over the years. Currently, a car without a driver is considered a luxury. But not in the near future, according to Elon Musk.
In the near future, according to Elon Musk, who founded the Tesla automobile company, all the vehicles travelling on the road will be autonomous and connected to the Internet. According to Musk, the car is becoming a “laptop on wheels” with a command-and-control system that works completely without human intervention.
A mistake in a word processor typing causes a misspelling of a word. Yet, a mistake in navigation and vehicle control system may cause an injury to people.
The principles on which the Internet is based differ from that of the physical world.
Take for example, the CEO of Exxon-Mobil, a company that is responsible for producing a quarter of the oil produced by Saudi Arabia.
Normally, the general manager of the company is not exposed to thieves in his or her daily life, and even if the manager encounters a pickpocket in the street, the damage will be limited to the amount of cash in his or her wallet.
But in the cyber world, the same manager is exposed to every hacker in every corner of the world as soon as he logs in to read his email.
The size of the exposure is as big as the size of the company’s activity in the world. Exposure of the CEO of an oil company to a toxic file can start a chain of events that eventually will affect the world production of oil.
There is also another factor that accelerates cybercrimes: the economic potential of exploiting a computer crime. The possibility of crossing borders without money, passport or vehicles and doing it anonymously.
In other words, a person can sit in a village in Asia and hurt another person in Europe by distributing a malicious code to lock a computer.
In more extreme cases, semi-governmental organizations attack another country and violate international law without even being discovered.
In June 2017, Qatar was surprised to find that news had been distributed on Twitter, relating to a false story. The news described that the Emir of Qatar insulted the king of Saudi Arabia.
Immediately after the news was disseminated, the Qatari Foreign Ministry announced that these were false news, and the Emir never said that.
Nothing resolved the situation. Within days, Saudi Arabia froze its foreign and trade ties with Qatar and other countries such as Egypt joined the general boycott. Later, reports were published that Russian hackers in the Russian intelligence service had carried out the planting of the false information.
The use of cyber tools is relatively simple, such as the creation of thought-provoking bots.
In fact, almost anyone with a personal computer and an Internet connection can perform such an attack.
The TV Series Homeland
An illustration of the establishment of a social network bots’ system for political influence takes place in the popular television series Homeland.
In the sixth season of the series, Dar Adal, director of the intelligence agency, uses thousands of fake profiles on social networks like Facebook and Twitter to create political momentum for the overthrow of the president.
Risk of War
The combination of artificial intelligence and social networks is particularly worrisome to the founder of SPACEX Elon Musk. According to a scenario discussed by Musk at a scientific conference, a foreign intelligence organization’s AI apparatus could distribute false news, so that at the end of the process, a war will begin between two countries.
A year after the US election of 2016, Facebook announced that it had received more than $100,000 in revenue from a Kremlin-related Russian company for targeted advertising on the Web.
The campaign was intended to increase the rift in American society and deepen the contrast between left and right, conservatives and liberals, Academic and white-collar workers, white and black. Read more here.
Another side of the cyber war is the suspected attacks on infrastructure that caused sudden power outages in Ukraine during the conflict on the Crimea in 2016.
Another form of warfare is the attempt to influence the French elections by breaking into servers and distributing sensitive information about candidates.
One of the most famous anarchist organizations is Anonymous. The organization exploited the existing information gap and the common citizen’s fear of progress and globalization and leveraged the digital knowledge of some of its operators to create an international community of propaganda, intimidation, and harm to civilian systems.
In one of the videos they released on May 12, 2017, things were said that revealed a number of the plans and operations planned by this organization. Among other things, the presenter describes an operation called Icarus. The name is reminiscent of a fairy tale character on which their social theory is based.
In January 2021, the group posted a video warning Elon Musk the CEO of Tesla and SpaceX. They call him a ‘narcissistic rich dude who is desperate for attention’ and one ‘who thinks is the smartest person in the room’.
Life on Legends: Myth of Icarus
Icarus – by Greek mythology – was the son of the inventor of the Labyrinth of Labyrinth, Daedalus. After Dedalus built wings that would allow a man to fly, Icarus wanted to try and fly. Before he took off, the father warned Icarus not to fly and approach the sun for fear that the sun would dissolve his wings, but Icarus was fascinated by the float and began to rise up, forgetting his father’s warnings.
The sun quickly melted its wings, and Icarus fell down into the sea around the island of Crete. Since then the story serves as a warning to humans against the hubris, the sin of pride, and the desire to soar much higher than they are capable of.
Case of Past Message from Anonymous in Operation Icarus
“Hello to the citizens of the world, to the members of the community, the members of the Anonymous-Icarus collective:
The Bloomberg news agency (which operates the Bloomberg.com stock and finance site) and other media organizations have chosen to initiate a smear campaign, which is a very problematic event.”
“Operation Icarus Step 5 begins. We believe it directly confronts the idea of Anonymous. We believe that the idea of Anonymous is sacred. We also believe in the following:
- Governments should cease to exist and cease all wars.
- Governments must restore power to the masses.
- Slavery in reward of debt is a crime.
- Materialism is a crime.
- When a government no longer serves the needs of its constituents, it is the citizens’ duty to oppose this power.
- The pollution of the earth for purposes of greed and extraction of resources must stop. We have only one planet and it is sacred.
- The government’s capitalist lobby is corrupt.
- All humanity must enjoy equality.
- Boundaries and states were created by man artificially because we are all one.
- All decisions must be based on unconditional love of humanity.
Until all these conditions are fulfilled, the organization Anonymous will continue to initiate a cyber war against the corrupt forces. We are Anonymous. We are Legion. Justice will come. Watch us.”
Anonymous is Guiding Worldwide Activities
On the YouTube page of the video, Anonymous quotes news items based on Bloomberg’s research on the organization’s activities. “Anonymous increases the Hacking attacks on central banks.” (More at: http://www.pymnts.com/news/security-and-risk/2017/anonymous-is-increasing-hacks-of-central-banks/)
According to the report, in 2016 hackers managed to steal about $21 million from accounts held by a Russian bank.
According to a Bloomberg report, sources from Anonymous reported that the organization was targeting central banks. According to the report, the organization is recruiting new hackers as reinforcements to escalate the campaign, and since February 2017 has begun to attack central banks again.
In 2016, Anonymous attacked eight central banks, including the Central Bank of Germany, Greece and Mexico, and is considering selling any sensitive information it discloses. In January 2017, the Polish banking regulator was attacked, hackers were able to inject offensive code into targeted destinations by poisoning the “water source” (a central source of information).
The page on the site contains enthusiastic responses from surfers. A woman named Sylvia Unno wrote in April 2017: “… We are the Legion, we are the fighters of the last battle against darkness, we love all the sisters and brothers, respect, union and love, do not forget that they do not feel empathy. The door is open, the key to the justice of freedom in our hands. “
A girl named Kati Cole leaves a message: “A professional hacker is free to hire, and if you need service, we are free.”
Professor Stefano Zanaro of Italy was quoted by Anonymous in YouTube as saying: “Hacker attacks on central banks are a wake-up call that should alert our attention to the critical weaknesses of global financial systems.”
In 2016 hackers managed to steal $81 million from the central bank of Bangladesh. “The Bangladesh case focused on the payment systems of central banks,” quoted Adrian Nish, director of threat intelligence at BAE Global.
Snowden, an employee of the NSA, decided one day to switch loyalties and publicize secret CIA operations. He became the biggest source of leaks in the new era. His goal was to prove to the world that NSA intelligence organizations collect information wholesale, not because they suspect anything but because they simply can do it.
Edward Snowden changed the rules of the game. According to him, he did what he did because he was recruited to work and swore to uphold the constitution and not secrecy.
Many believe that Snowden created in the world of intelligence a new dictionary of concepts. For the first time in the era of the Big Data, a public debate on eavesdropping began, and the distinction between collecting information in a sweeping manner and collecting required and approved information was raised.
In his activities, Snowden revealed the PRISM, a program to collect communications from Microsoft, Google and Apple. He has also revealed to the public information collection methods in the US and other countries as well as collaborations with equipment manufacturers such as RSA and foreign countries.
Snowden’s exposures
American organizations cooperated with the British intelligence organization GCHQ. Together they manufactured fake profile pages in social networks to target computers. They acquired unknown computer weaknesses from virus manufacturers, collected contact names from Yahoo, Facebook and Google, collected information on Visa and Swift transactions. Every Internet device in the world has advanced the British’s manipulative capabilities to promote content on YouTube.
They also collected mobile content in countries in Central and South America, including Mexico, changed settings in a number of routers exported to foreign countries, installed remote computers, and jointly developed with Canada the tracking of airport travelers using WIFI networks. The have listened to conversations of senior officials in Mexico, Brazil and Israel, including the prime minister and defense minister.
President Obama received a request for amnesty from Snowden, which also relied on ACLU. Amnesty International also called for giving Snowden the “freedom he deserves after fighting for our freedom.” And in a publicized campaign, the organization declared that Snowden “insisted on our rights, led a process of global debate on the massive monitoring that changed the face of the world – and still faces a prison sentence for decades.”
But by many, he is considered a Whistleblower, a type of public corruption that according to the US law of 1989 guarantees him protection. In the language of the law, corruption detectives working in the government or job candidates and reporting illegal acts committed in a government body are entitled to legal aid of a special legal body Office of Special Councel.
Moreover, according to the law, a government ministry commits an offence when it threatens or acts against corruption. The G20 also issued an anti-corruption program and protection against irregularities.
In addition to the fact that he exposed the “Data Collection Program 215” and contributed to the reform of all the rules concerning the collection of metadata, Snowden also discovered other very sensitive material including activities in foreign countries. Espionage issues involving foreign nationals who are not US citizens.
In 2019, on the eve of publishing his book, ‘Permanent Record’, NSA leaker Edward Snowden talked from Moscow with MSNBC’s Brian Williams in an exclusive interview:
Snowden also unveiled secret cyber-defense programs that include the MONSTERMIND tool, which is designed to respond automatically to cyber-attacks and collaborations with intelligence organizations of Sweden and Norway.
More on the Snowden affair can be read at:
https://www.amnesty.org/en/get-involved/take-action/edward-snowden-hero-not-traitor
https://lawfareblog.com/snowden-revelations
WikiLeaks was founded by Julian Assange in 2006. It is a multinational communications organization and a companion library.
WikiLeaks specializes in the analysis and publication of large datasets of censored or restricted official materials. So far, the organization has published more than 10 million documents and analyzes.
“Wikileaks is a huge library of the most persecuted documents in the world, and we are providing shelter for these documents, analyzing them and promoting them,” Julian Assange told the German newspaper Der Spiegel.
WikiLeaks specializes in exposing confidential and protected material by companies and countries. The actions of the organization are made possible by the technical and political reputation of an organization that maintains the anonymity of sensitive materials exposed to war, espionage and corruption.
Wikileaks uses TOR (Tor) as a privacy tool. A column is an encrypted anonymization network that makes it difficult to intercept or monitor Internet communications, and does not allow you to see where the media is coming from or going.
Another tool used by WikiLeaks is Tails (Tails). TAILS is a LIVE operating system that can be played over any computer from a DVD, USB, or SD card. The goal of the operating system is to build a protected environment from citations and to maintain the privacy and anonymity of the leaked.
In a TV documentary about Snowden, you can see how sensitive the leak is. So much so that when he opened a laptop computer in his hotel room during an interview, he did not just cover the windows in the curtains and turn off the lights, but also covered himself and the computer with a blanket.
The transfer of funds in WikiLeaks is done through Bitcoin – a system that uses peer-to-peer technology to operate secretly without banks. Transaction management and Bitcoins issuance is carried out collectively by the network.
Kevin Mitnick, one of the first hackers to be published in 1994, took advantage of an ITRNX network security breach that allowed customers to connect in a friendly way with a name and password only. Kevin guessed user passwords and thus could exploit InterNex’s infrastructure to attack other networks. Later, Kevin forged a free ticket in the public transportation system in Los Angeles. After being discovered, Kevin served a few years’ imprisonment.
Another famous hacker, Vladimir Levine, was the first to commit bank robbery via the network alone. Vladimir, a student from Petersburg in Russia, led in 1995 a group of hackers in London for committing offences of illegal money transfers. Thus, using his laptop, Vladimir managed to penetrate bank accounts. According to the lawsuit in which he was convicted in the United States at the end of the affair, Vladimir and his friends stole $ 3.7 million from Citibank by transferring money to their accounts in various countries.
Gary McKinnon was the first British to commit fraud in the military network. In 2002, he was charged with committing offences in the Army, Navy and NASA networks in the US According to the charges, Gary changed files stored in secret networks, erased records and even added messages such as “Your level of security is poor.” Gary entered various networks and occasionally left political messages under the name SOLO. According to him, he tried to glean information about flying saucers and other unidentified bodies called UFOs.
The methods and tools are becoming more sophisticated and evolving, just as the world of technology and Microsoft computers are advancing from version to version.
During the last few years (2020’s), hackers have developed a data theft mode of operation that engulfed many large and medium size companies around the world. The techniques used in each attack are different, but what’s common is taking advantage of a hole in the victim’s defense network. Sometimes a published CVE (vulnerability) and in other times a specific data exposure that helped set the stage to a bigger attack.
One of the more sophisticated method of penetrating to an organization is using File-less Malware. See also FireEye on Living Off the Land
https://www.youtube.com/embed/QBvM-MzQ570?si=tc1yZ2owwN1C9i3N
FireEye
Learning from the FireEye Red Team on Extortion and Ransoms we get more updated information on ransom attacks:
“In today’s threat landscape, data theft and extortion go hand in hand with ransomware. In this episode of State of the Hack, we’ll talk about how data theft plays a role in modern day ransomware incidents, how attackers carry out data theft, and how we simulate data theft during our Red Team assessments…”
Among other methods, hackers use these vectors of attacks:
- Key Logger – which can be purchased on the network
- The KEYLOGGER software can also be found on various hacker forums, on open-source sites such as GITHUB and on code sites such as Pastebin. Once installed on a computer, the tool enables you to record all user keystrokes, including access passwords, and transmit them to the server that belongs to the attacker.
- A denial-of-service attack is the most common means of attack. This is a basic method to attack a single computer, for example by pressing the keyboard continuously. In a single attack – DOS – the hacker will attack on a computer (or network) from a single source. The purpose of the attack is to interfere with the ongoing activity of the system, in order to intimidate, threaten, extort money, or commit another crime.
- Integrated Service Disorder Attack – DDOS – includes attack from multiple sources, in a coordinated manner, to interrupt or gain control of the system. A denial-of-service attack can be likened to blocking the network or server logon door.
- Attacking water sources – WATERHOLE – is a kind of poisoning of a source of water to which many surfers come thirsty for information. Such a site can be a gossip site or a popular news site. By attacking the site, for example by planting a hostile code, the attacker will reach a large number of computers.
- Fake a WIFI access point – is a very effective attack that does not require programming knowledge or deep understanding of networks. The attack is made possible where there is a high number of visitors. At a conference or a busy visitor center, surfers will arrive and connect to the WIFI network to surf the sites. The attacker records the traffic – in whole or in part – and builds a password list.
Fake access points can also be used for more complex attacks, such as creating a clone in a person or machine. In such an attack, the hacker falsifies the identity of the institution to which the surfer connects, in order to perform illegal actions in the same account or simply steal user information and password.
Another possible attack is the installation of a listening program on the attacker’s computer and breaking the encryption (such as WPA2 improperly) of the transmissions. Passive listening allows an attacker to collect a lot of information about the active computers and users, so that at the time of the attack the attacker could operate and use the information.
A Sample of Types of Popular Cyber Attacks:
- PHISHING – is the most popular means of creating a massive attack campaign. The attacker sends millions of emails with a fake identity so that the victim will reveal passwords or catch up with the virus. Sometimes the attacker builds a site similar to a popular website to steal a username and password.
- Spamming and poisoned email is the most basic step of any hacker getting into the profession. The attack target is all people for whom an active email address was found. So if the recipient’s anti-virus software does not stop the message, the victim’s computer will be contaminated with a virus. Sometimes poisoning is especially fatal, as in the case of Kryptolok that encrypts files.
- Click Snatching – CLICKJACKING – is a complex process of hiding links on web pages so that the innocent user clicks on them. The hacker, who makes the fraud, builds an external link to which he directs surfers. Clicking on the click can also run a script that makes a purchase on a legitimate site, on behalf of the surfer and without his knowledge (so that the goods will eventually come into effect and the purchase will be made on the victim’s account without his knowledge).
- Software infection on software download sites popular with spyware. In 2017 it was reported that the computer program CCLEANER, which helps to get rid of unwanted files on the computer, was contaminated by hackers. The infection was ongoing and included a number of software download sites. The surfer who did not check the identity of the software – in a basic check of the MD5 signature – received as a gift software that cleans his computer from files and records all his actions.
- In a very unusual event in 2017, it was reported that the Kaspersky Anti-Virus program is suspected of much more fundamental actions than keeping the computer infected by viruses. According to the sources, the manufacturer of the software collaborated with foreign entities that planted spyware code that searches for private information on the computer where the installation is located. The scope and severity of the phenomenon led the US government to deny Kaspersky’s right to sell the product to US government agencies.