Tag Archive | Syria

Syria Gets Bite from Cyberwar: Internet is Down

The Syrian civil war continues now, and at its peak so far now, with cyberwar becoming involved. However, this is more of an internal cyberwar, security experts assume. It is believed the regime behind the Syrian government is removing IP blocks (basically shutting down access to the Internet), to either; A. Punish the people (unlikely); or, B. Protect the government servers and other host servers from a potential (threatened) cyberattack. It is believed to be B.

As of 5:26 am ET this morning, Renesys (organization who monitors the Internet around the world) reported the downtime for Syrian’s IP blocks, which they note only five or so IP blocks just outside of Syria are still on. The few open IP blocks are believed to be home to cybercriminals, who in May of this year targeted Syria in a Skype encyption hoax.

All of the telecommunications in Syria appear to be suspended for Internet usage, as the Renesys organization has done traceroutes with no results turning up. Some have believed the loss of Deutsche Telekom, a telecommunications network for area countries, has a little to do with some of the outages incurred recently.

Other experts have believed that the Syrian Regime is planning something a bit harsh, and may be preventing the information from the country from leaking across the Internet. This may have implications that they are protecting themselves from cyberwar, or they are planning to engage a cyberwar against opposing countries.

It is unknown for many details at this time, but many activists have been tortured, arrested, etc. It would be no surprise if Syrian Regime has cut off Internet access for this reason.


Flame malware command-and-control servers reveal earlier origins, among other links

Government malware, Flame, Stuxnet, etc. is expanding and becoming more of a problem. Computer systems are getting even more inventive, but not at the alarming rate that dangerous malware is expanding. There may be more links other than Stuxnet for Flame.

First, computer systems are created for specific purposes, and have been for about forty years now. However, some of the newer computer systems are created to become like robots, which means that the computer system works on its own without user intervention. But, what happens when malware targets the core computer systems of oil industries, energy companies, military plants, etc.? It can cause dangerous and severe consequences if the system were to become compromised.

Second, the Flame malware became uprising just this past May, where it infected over 1000 computers, according to Kaspersky Lab. The victims of the first attack included governmental organizations, educational institutes, and personal users. Most of the attacks were central over West Asia, including Iran, Israel, Syria, Saudi Arabia, Egypt, among others. Supporting a kill command, which would eliminate all traces of the malware from the computer attacked, this command was sent soon after the malware’s exposure. Right now, there are no reported active infections of Flame, or other variants being created.

However, there are derivatives of the Flame malware being created. We reported a few weeks ago about Shamoon being actively distributed using its skiddie approach. There are other links that were recently found (like Gauss) that can relate Flame to command-and-control usage back to 2006. Which means this Flame project could be as much as 6 years old, or is related to malware from then.

Instead of looking like a botnet interface, the Flame command centers look more like content-management systems (CMS), and have many other new approaches. One of its approaches included the three fraudulent certificates, which Microsoft patched to block them back in June.

More news about the findings and C&C servers were fully unveiled to the recent Flame investigation by Kaspersky Lab and the news from Symantec (PDF). Researchers at Kaspersky Lab state they were suspicious about the findings of a development link to Stuxnet back in June, when communication was eavesdropped between the team.

Some of the key developers behind all of this situation include speculation of the US & Israel combined. However, there is no known evidence backing these claims, except for what researchers can reveal about coding types and other methods used.

Much of the articles by Kaspersky Lab and Symantec include the following speculations as well:

  • Four programmers at least tag-teamed on the job of development as their nicknames were left in the code.
  • One-server called home 5000 victim machines during just a one-week period in May, suggesting at least 10,000 victims.
  • The infections weren’t just focused on one-group of organizations or people, but in separate groups of targets in many countries.
  • Many of the targets focused a lot on Iran and Sudan.
  • Different custom protocols were used to communicate with the servers, not just one protocol. Meaning that there were at least four different protocols used to communicate to the servers.
  • Tons of data was stolen, which 5.5 GBs was reported in just one week of data-mining from the malware.
  • The attackers are either mining for government information, or attempting to gain military intelligence.

The developers behind the Flame malware have a lot more secrets, which are being unveiled. More ties are being linked to Stuxnet and Flame, and when the information becomes available, it’ll be here on seCURE Connexion’s blog. The Flame developers obviously have a lot of nerve developing these cyber-weapons. But, many politicians and security experts have warned of this information warfare for years. Here we are at the peak!

To protect your computer from hackers, use Kaspersky’s PURE Total Security:
Kaspersky PURE Total Security

Anonymous Admits to Handing Syrian Data to WikiLeaks

Might not be a problem for any other country, but Syria has issues now…government data handed over to exploit firm WikiLeaks!

In a press release published Saturday, a group dubbed Anonymous Op Syria admitted to hacking into multiple domains and servers inside Syria on Feb. 5 to obtain e-mails (more than two million emails from Syrian political figures, ministries and associated companies, dating from August 2006 to March 2012), which it then gave to WikiLeaks.

Many of the details exposed in the hacker paste (AnonPaste) include:

On Febuary 5, 2012 at approx. 4:00 PM ET USA an Anonymous Op Syria team consisting of elements drawn from Anonymous Syria, AntiSec (now known as the reformed LulzSec) and the Peoples Liberation Front succeeded in creating a massive breach of multiple domains and dozens of servers inside Syria. This team had been working day and night in shifts for weeks to accomplish this feat. So large was the data available to be taken, and so great was the danger of detection (especially for the members of Anonymous Syria, many of whom are “in country”) that the downloading of this data took several additional weeks.

On March 14, 2012 after analyzing the truly staggering trove of E-Mail recovered in this hack, participants in Anonymous Op Syria isolated the personal E-Mail of the dictator Assad and his wife and publicly released this small trove to the world via a press release similar to this one. This disclosure made headlines around the world, but it remained just a tiny fraction of the total data recovered in the original hack. Anonymous Op Syria, and indeed the entire global collective – were at a bit of a loss as to exactly how to deal with and properly disclose such a vast trove of important information. But there is one organization that is supremely well equipped to handle a disclosure of this magnitude, WikiLeaks. Having already formed a partnership with WikiLeaks in the disclosure of the “Stratfor Files”, it seemed natural and obvious to continue this historic partnership between Anonymous and WikiLeaks with the disclosure of the “Syria Files”. And thus…

On July 5, 2012 – Five months virtually to the day after the brave hackers of Anonymous and the PLF breached the Assad regime servers, WikiLeaks released to the world 2.4 million E-Mail files belonging to the Syrian regime and various Syrian companies. And this is just beginning, expect many more disclosures of this type in the future as this wonderful partnership between WikiLeaks and Anonymous continues to grow stronger and change human history.

The group noted in their public statement that there will be “many more disclosures of this type in the future as this wonderful partnership between WikiLeaks and Anonymous continues to grow stronger and change human history.”

%d bloggers like this: