Attacks/Breaches
6/4/2013
11:37 AM
Connect Directly
RSS
E-Mail
50%
50%

Anonymous Targets Turkish Government Websites

Hacktivists launch #OpTurkey DDoS campaign to support protests against government of Turkish prime minister Tayyip Erdogan.

The Syrian Electronic Army: 9 Things We Know
(click image for larger view)
The Syrian Electronic Army: 9 Things We Know
The hacktivist collective Anonymous, as part of Operation Turkey (#OpTurkey), claimed Monday to have taken down more than a dozen websites belonging to Turkish government agencies.

"Turkey is supposed to be a so called 'modern' democracy, but the Turkish government behaves like the petty dictators in China or Iran. Anonymous is outraged by this behavior, and we will unite across the globe and bring the Turkish government to it's (sic) knees," according to an Anonymous statement released Saturday, which first announced #OpTurkey.

"We will attack every internet and communications asset of the Turkish government," the Anonymous statement promised.

To that end, the collective has published an extensive list of suggested government websites to be targeted via distributed denial-of-service (DDoS) attacks. It also listed four police sites to target, as well as dozens of "vulnerable SQL sites" run by, or affiliated with, the Turkish government.

[ Now that cybercriminals' bank of choice is out of business, where will they turn? See Liberty Reserve Fallout: How Will Cybercrime Move Money? ]

As of Monday, Anonymous reported that 15 government sites had been taken "tango down," in part by "WikiCrew." They include the websites for the country's ruling Justice and Development (AK) party, as well as Istanbul's governor and the Directorate of Security.

The Anonymous campaign is designed to support ongoing protests in Turkey. The protests grew out of a peaceful rally, held last week in Gezi Park by environmentalists challenging the government's decision to turn a central Istanbul green space -- increasingly, a rarity -- near Taksim Square into a shopping mall. Police, early Friday, launched a raid against the protestors, who were staging a sit-in, and attempted to disperse them using tear gas and water cannons. At least 12 people were reportedly injured.

Instead of dispersing the protestors, however, the police action -- and widespread reports of excessive police force -- triggered more protests against the government of prime minister Tayyip Erdogan. As noted by a Slate FAQ on the Turkish protests, Erdogan has ruled the democratic country for the past 10 years, and was twice elected by a near-majority of voters.

What's the problem? According to the Associated Press, the protestors "appear to be urban, secular Turks" who are "frustrated by what they see as Erdogan's close ties to development interests and his alleged attempts to force his religious outlook on them."

"We do not have a government, we have Tayyip Erdogan," protest attendee and political scientist Koray Caliskan told Reuters. "This is the beginning of a summer of discontent."

Erdogan, however, has dismissed the protests as being the work of secularists opposed to his AK party, which grew in part out of banned Islamist political parties but now espouses "conservative democracy" and a pro-American agenda. "This is a protest organized by extremist elements," Erdogan said earlier this week, reported Reuters. "We will not give away anything to those who live arm-in-arm with terrorism."

In recent days, tens of thousands of people have reportedly taken to the streets to demonstrate. The protests have since spread to other Turkish cities, and at least two protestors have been killed.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-3304
Published: 2014-10-30
Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI.

CVE-2013-7409
Published: 2014-10-30
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .m3u (playlist) file.

CVE-2014-3446
Published: 2014-10-30
SQL injection vulnerability in wcm/system/pages/admin/getnode.aspx in BSS Continuity CMS 4.2.22640.0 allows remote attackers to execute arbitrary SQL commands via the nodeid parameter.

CVE-2014-3584
Published: 2014-10-30
The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service.

CVE-2014-3623
Published: 2014-10-30
Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vect...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.