Subscribe

#OpOlympichacking

Issued by icomm for Exclusive Networks Africa
Johannesburg, 07 Sep 2016

Activists using hacking activity, aka "Hacktivists", have discovered that a relatively basic hacking approach, with buy-in from disenfranchised groups of people, can have significant effects on online businesses.

"With names like #OpISIS, #OpParis, #OpMonsanto, #OpWhales, #OpKillingBay, #OpKKK, and #OpTrump, you can easily see that Hacktivists focus their attention on a wide variety of causes," points out Jerome Schoner, associate at RSA DACH. "The 2016 Olympic Games in Rio, Brazil, have come to a close, and we saw that they were no different. If there is a major event with significant press coverage, it will typically draw Hacktivist attention."

In addition to threats to the physical safety and security of people and organisations involved in these Olympic Games, cyber security is also a real concern.

Anton Jacobsz, MD at Networks Unlimited, the value-added distributor of RSA products in Africa, says that important lessons from the Rio Olympics can be learnt to future safeguard major sporting in Africa, such as the upcoming African Cup of Nations in Gabon. "Africa is a region that is increasingly being targeted by cyber attackers and sporting events on the continent draw large audiences," he says.

Schoner explains that hacktivist-related incidents aim to bring attention to several kinds of causes and have increased over the years, and some hacking groups, such as Anonymous, have been leading operations and encouraging people to join causes for several years.

Several examples include Anonymous operations #OpNice (Operation "Nice") to "hunt" members of the terrorist group responsible for the attack on the French city which killed almost a hundred people, #OpKKK (Operation "Ku Klux Klan") to reveal the names of up to 1 000 members of the Ku Klux Klan and other affiliated groups, #OpIcarus (Operation "Icarus") to shut down the banks, and #OpWhales (Operation "Whales") targeting Iceland and Japan Web sites against whale slaughter.

A few months ago, before the start of Rio 2016, Anonymous announced another operation called #OpOlympicHacking (Operation "Olympic Hacking").

#OpOlympicHacking, says Schoner, has social motivation in Brazil as did #OpWorldCup (Operation "WorldCup"), launched by Anonymous during the 2014 FIFA World Cup held in Brazil, which targeted various government organisations as a form of protest against hosting the event.

The Anonymous group released the following statement #OpOlympicHacking:

"Hello Rio de Janeiro. We know that many have realised how harmful it was (and still is) the Olympic Games in the city. The media sells the illusion that the whole city celebrates and commemorates the reception of tourists from all over the world, many of them attracted by the prostitution network and drugs at a bargain price. This false happiness hides the bloodshed in the suburbs of the city, mainly in the favelas thanks to countless police raids and military under the pretext of a fake war. Poverty is spreading throughout the city, forcing entire families to leave their homes and traditional neighbourhoods on account of high prices of rent and / or removals made by a corrupt city hall and serve only the wishes of the civil construction. We already manifested in other communications our repudiation to the realisation of mega events in the middle of the glaring social inequalities in this country. Still, even after so many words, so many manifestos or protests on the streets (all always fully supervised by repression, if not repressed with brutal violence) looks like the government will continue ignoring the voices of their own people. Therefore, we will continue with our operations to unmask the numerous arbitrary actions of those who are state and therefore its own population enemies."

Two videos were also published, calling people to join #OpOlympicHacking.

Anonymous describes itself as "an Internet gathering" with "a very loose and decentralised command structure that operates on ideas rather than directives."

The Anonymous Brasil cell is coordinating the #OpOlympicHacking operation by using communication channels like Twitter, Facebook, Youtube and ICR channels.

These channels are used to coordinate distributed denial of service (DDOS) attacks again certain targets and to publicise the results of previous attacks and campaigns.

Besides coordinating DDOS attacks against certain targets, these channels are also being used to discuss and encourage people to search for vulnerabilities in the targets.

DDOS tool ("opolympddos")

According to Schoner, a tool to perform DDOS attacks against certain targets has been especially developed and shared for the#OpOlympicHacking operation.

"The #OpOlympicHacking DDOS tool, or "opolympddos", is a set of executable (VB .NET and Python scripts converted to Windows executable files) and batch files. It allows anyone who wants to collaborate on the operation to perform DOS attacks by installing TOR and by clicking pre-configured buttons associated to specific targets, in order to launch Layer 7 DOS attacks against the targets. This is achieved by creating persistent connections and sending HTTP requests with random data and user-agents," he says.

Other DDOS tools

There is evidence that other DDOS tools have also been mentioned and shared among hacktivists to perform DDOS attacks against #OpOlympicHacking targets:

A compressed file containing a set of "hacker tools". None of these are really new as shown in the table below:

"Anonymous leaders have been sharing a list of potential targets via Pastebin posts. So far, there is evidence that the#OpOlympicHacking operation is targeting the organisations tied to scandal rumours in relation to the Olympics," says Schoner.

A few Web sites have been targeted by DDOS and DoX attacks. The websites that Anonymous claims were shut down during the #OpOlympicHacking include sites pertaining to the national and local governments as well as sports organisations.

Additionally, Anonymous claims that several organisations and people related to the Olympic Games event had sensitive data exposed.

He concludes: "The volume and frequency of attacks known to date is below what RSA experts had expected and with the majority of them being related to DDOS activity, fairly low tech and of limited long-term impact. RSA researchers are continuing to monitor and identify additional threats."

Share

RSA

RSA provides more than 30 000 customers around the world with the essential security capabilities to protect their most valuable assets from cyber threats. With RSA's award-winning products, organisations effectively detect, investigate, and respond to advanced attacks; confirm and manage identities; and ultimately, reduce IP theft, fraud, and cyber crime. For more information, go to www.rsa.com.

Networks Unlimited

Networks Unlimited is a value-added distributor, offering the best and latest solutions within the converged technology, data centre, networking, and security landscapes. The company distributes best-of-breed products, including Arbor Networks, Aruba Networks, Fortinet, F5, Mellanox, ProLabs, Riverbed, RSA, Rubrik, SimpliVity and Tintri. The product portfolio provides solutions from the edge to the data centre, and addresses key areas such as cloud networking and integration, WAN optimisation, application performance management, application delivery networking, WiFi-, mobile- and networking security, load balancing, data centre in-a-box, and storage for virtual machines.

Since its formation in 1994, Networks Unlimited has continually adapted to today's progressively competitive and evolving marketplace, and has reaped the benefits by being a leading value-added distributor (VAD) within the Sub-Saharan Africa market.

Networks Unlimited complies with the South African Broad-Based Black Economic Empowerment (B-BBEE) guidelines as a Level 4 Contributor.

Editorial contacts

Debbie Sielemann
icomm
(+27) 082 414 4633
debbie@pr.co.za
Lynne McCarthy
Networks Unlimited
(+27) 011 202 8400
lynne@nu.co.za