Wednesday, May 30, 2012

Hacking The Hackers: A Counter-Intelligence Operation Against Digital Gangs

Hacking The Hackers: A Counter-Intelligence Operation Against Digital Gangs



Get Smart
Photo:  Wikipedia

One of our security lab team members is an ex-cyberspook who spent his career in the military doing hacking, crypto, and a lot of special computer ops for different government agencies. Having the highest security clearance gave him access to a wide range of attack techniques and understanding of countermeasures and a unique perception of what I will refer to as twenty-first century “digital gangs.” He is now employed by the private sector to protect corporations from global attacks by infiltrating the digital attackers.
I had an opportunity to visit with him last week about a targeted operation that he was tasked to initiate against a group of hackers who had decided to take down one of the largest entertainment companies in the world. While his client would never admit to the operation nor would they allow my colleague to identify them, it would not be difficult to figure out which it is. It was one of the leading advocates of passage of the anti-piracy SOPA law that was debated in Congress in December 2011. They claim that current legislation such as copyright and Digital Millennium Copyright Acts do not go far enough to prevent both foreign and domestic piracy, which costs the entertainment industry billions of dollars a year.
Those opposed to the legislation included privacy advocates, Internet Service Providers, library associations, search engines, and other groups throughout the world. They argued that the act would allow government agencies to censor content and emasculate the First Amendment.In response, many hacktivist organizations, including Anonymous, began attacks on pro-SOPA organizations including the Recording Industry Association of America (RIAA), CBS.com, and others. They initiated denial of service attacks to bring many sites to a stand-still on January 19, 2012. This was the same day that the Department of Justice shut downMegaUpload.
This site was based in Hong Kong and was dedicated to file sharing and viewing. DOJ obtained indictments and arrested the owners for operating as an entity dedicated to copyright infringement. More than forty million dollars worth of assets were frozen by the Customs and Excise Department of Hong Kong.
In late 2011, intelligence was picked up that a group of about 700 hackers were planning to take down a major target, on a global basis on January 21 in retaliation against those in favor of SOPA. My colleague began a counter-intelligence operation in early January, which was executed on the 21st of January. I was not allowed to write about this until now because of on-going follow-up investigations.
What I refer to as “Digital Gangs” is the equivalent of street gangs in many major cities throughout the world. While traditional gangs use guns and other weapons of physical violence to effect injury and death, the twenty-first century version uses computers, malware, specially designed scripts of code, and sheer numbers of coordinated attackers.
From an economic standpoint they are far more deadly because they can attack anyone, anywhere and with almost total anonymity and legal impunity. Their ability to almost instantly form a large geographic group of attackers make them a real threat and one that is being taken seriously by every government and commercial entity.
The reality is that these digital associations of “aggrieved individuals” are difficult to identify and stop, and for that reason, my colleague warns that any threat of attack against either a corporation or government agency should be taken seriously. There are more hackers than there are knowledgeable security experts to stop them. Far too often, the hackers are much more talented, inventive, and smarter than those they are attacking. And they work for free, with no budgetary restraints. The Internet can focus thousands or hundreds of thousands of man-hours against a target, with no cost to the participants, but huge costs to their targets.
My colleague began infiltrating the attack group, which included would-be digital gangsters in Russia, Argentina, Brazil, Italy, Hungary, Africa, and the United States. For the most part these were not professional criminal hackers; in fact, most had little to no hacking skills at all. They wanted to be part of a group of aggrieved individuals to show that they had a voice and to get a result through digital extortion and intimidation.
He gained their trust by becoming involved in hundreds of conversations in Internet Relay Channels or chat rooms. This is where they were all communicating and through lots of social media as well. IRC is an old system which dates back to the beginning of the Internet. Within these chat rooms, (both public and private), what I shall refer to as “Op-X” was hatched. The IRCs are popular “hacker-hangouts,” just like digital clubhouses. Critical information was discussed in private rooms where my colleague was invited to participate.
Within about ten days he was asked to prove himself by performing a series of actions to validate his credentials as a knowledgeable and technically competent hacker. He gained their trust by using fifteen different screen names, creating pieces of code to demonstrate his capabilities, hacking fake sites that were set up exactly for that purpose, and finally was recognized as trustworthy and was chosen as their “payload master.”  According to my source, there is a great deal of trust by these individuals and a misplaced belief that anyone in law enforcement will not hack into sites to prove they are ok to deal with. It is much akin to undercover drug agents and their inability to actually make deliveries as dealers to prove they are not the police.
The hackers actually believe that law enforcement can only monitor sites and log chat room traffic but cannot be proactive. While that may in part be true, private cyber-security agents are not bound by the Constitution and often have far greater latitude. Through a great deal of work and conversations in Internet Relay Chat rooms, my colleague was able to convince them of his bona fides; that he was a real hacker, could carry out the attack, and they should all follow him. Once he gained their confidence, he began identifying individuals and moved toward the end-game.
He told me that, among the 700 members of the Op-X group, no more than ten were real hackers with solid technical sills. The rest were drones or mules which would help execute the planned attack.



I was told this is typical. The critical players, those that are real criminals and technically competent, often employ hundreds or thousands of techno-groupies to carry out the actual attacks. They do this by denial of service from hundreds of different locations. They are called script kiddies; their job is to deliver pre-defined scripts of code at the predefined time to cripple or take down virtually any target, anywhere in the world.
This particular attack-group placed their entire trust in my colleague to deliver the payload to the entertainment corporation they were going to take down. On January 21, rather than launching the attack, my guy disappeared from the cyber world, leaving this group of miscreants to wonder what happened, where did Pandemic (one of his many screen names) go, and what should they do next?
They totally relied upon him for the attack. He had all the pages that were to be uploaded to the target sites in order to modify web pages, hack servers, discredit their employees and products, create embarrassment, disparagement and havoc with the corporation, its clients, and everyone that might do business with it. The hackers’ intent was to do grave economic harm to this company. They did not succeed.
As a result of this operation, the entertainment enterprise was saved for another day. But there are lessons to be learned, according to my source. The real problems are systemic. Servers are at risk, not because the hackers are so talented, but because the companies and governments that run them are so bad at what they do. But what about firewalls, I asked? The answer: “they are only as effective as the rules that govern their operation. There are many holes in firewalls which must be identified and addressed to ensure security.”
Any corporation that receives intelligence that they have been targeted should require the appropriate IT administrators to certify that their sites are secure, and confirm by detailed testing.
Lessons for corporations and governments
My colleague repeated the lessons learned from this and many other similar operations:
  • Everyone is vulnerable and any group may be the subject of an attack. A digital gang may declare war on any entity, and they can do grave harm. The tools of digital destruction are available to anyone, even a fourteen year old kid.
  • Most hackers are not skilled, but have been provided with scripts written by others. This is extremely difficult to stop.
If you are responsible for security, risk management, or protection of your enterprise, you should remember the following rules:
  • Take any threat seriously;
  • Your sites may be attacked by people without high-level skill sets;
  • There are lots of techno-groupies, worldwide, that are willing to step up and be part of a digital gang;
  • Anytime an Operation against your environment is announced, run a system audit, and remember that analytical tools often do not identify permission-sets in computers; people do;
  • Whether you are in a Windows or Apple world, it does not make you immune from attack;
  • The government cannot win this war; there are too many smart people that are willing to engage in digital warfare, with little risk or cost to them;
  • Do not believe your security experts when they tell you that your sites are secure but consider yourself always vulnerable;
  • Anything you do in the media, at your facilities, how you deal with customers or clients can trigger discontent and an attack. In many ways, the Internet and its dark capabilities can be looked at as the Great Social Leveler in society. It allows a form of pure democracy for those that wish to express their grievances in a criminal way with little chance of being caught;
  • Whatever you have, consider it public and open information;
  • There is always room for human error in establishing and verifying security policies;
  • Perception is reality to hackers, especially in this economic environment, and a misconception can turn into reality in an instant and gain thousands of allies who decide they or someone else have been aggrieved;
My colleague is now operating under different screen names and is working another potential attack. He is weaving yet another digital fairy tale to make more hackers believe him. He will succeed because so many of these hackers are kids between thirteen and nineteen obsessed with conspiracy theories, government takeover, recognition and attention. They have no outlet in their local communities or school, and in fact, their “community” is now global. Because the groups are neither structured nor organized, they are easy to form and often easy to penetrate.
Many corporations are working undercover to protect their assets against digital attack, so if you see my colleague, Darknomad or one of a thousand other screen names on line, he might be watching you. Remember, law enforcement agents and corporate cyber-detectives look, act, and appear just like every other hacker.

No comments:

Post a Comment