Attacks/Breaches
6/4/2013
11:37 AM
Connect Directly
RSS
E-Mail
50%
50%

Anonymous Targets Turkish Government Websites

Hacktivists launch #OpTurkey DDoS campaign to support protests against government of Turkish prime minister Tayyip Erdogan.

The Syrian Electronic Army: 9 Things We Know
(click image for larger view)
The Syrian Electronic Army: 9 Things We Know
The hacktivist collective Anonymous, as part of Operation Turkey (#OpTurkey), claimed Monday to have taken down more than a dozen websites belonging to Turkish government agencies.

"Turkey is supposed to be a so called 'modern' democracy, but the Turkish government behaves like the petty dictators in China or Iran. Anonymous is outraged by this behavior, and we will unite across the globe and bring the Turkish government to it's (sic) knees," according to an Anonymous statement released Saturday, which first announced #OpTurkey.

"We will attack every internet and communications asset of the Turkish government," the Anonymous statement promised.

To that end, the collective has published an extensive list of suggested government websites to be targeted via distributed denial-of-service (DDoS) attacks. It also listed four police sites to target, as well as dozens of "vulnerable SQL sites" run by, or affiliated with, the Turkish government.

[ Now that cybercriminals' bank of choice is out of business, where will they turn? See Liberty Reserve Fallout: How Will Cybercrime Move Money? ]

As of Monday, Anonymous reported that 15 government sites had been taken "tango down," in part by "WikiCrew." They include the websites for the country's ruling Justice and Development (AK) party, as well as Istanbul's governor and the Directorate of Security.

The Anonymous campaign is designed to support ongoing protests in Turkey. The protests grew out of a peaceful rally, held last week in Gezi Park by environmentalists challenging the government's decision to turn a central Istanbul green space -- increasingly, a rarity -- near Taksim Square into a shopping mall. Police, early Friday, launched a raid against the protestors, who were staging a sit-in, and attempted to disperse them using tear gas and water cannons. At least 12 people were reportedly injured.

Instead of dispersing the protestors, however, the police action -- and widespread reports of excessive police force -- triggered more protests against the government of prime minister Tayyip Erdogan. As noted by a Slate FAQ on the Turkish protests, Erdogan has ruled the democratic country for the past 10 years, and was twice elected by a near-majority of voters.

What's the problem? According to the Associated Press, the protestors "appear to be urban, secular Turks" who are "frustrated by what they see as Erdogan's close ties to development interests and his alleged attempts to force his religious outlook on them."

"We do not have a government, we have Tayyip Erdogan," protest attendee and political scientist Koray Caliskan told Reuters. "This is the beginning of a summer of discontent."

Erdogan, however, has dismissed the protests as being the work of secularists opposed to his AK party, which grew in part out of banned Islamist political parties but now espouses "conservative democracy" and a pro-American agenda. "This is a protest organized by extremist elements," Erdogan said earlier this week, reported Reuters. "We will not give away anything to those who live arm-in-arm with terrorism."

In recent days, tens of thousands of people have reportedly taken to the streets to demonstrate. The protests have since spread to other Turkish cities, and at least two protestors have been killed.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0914
Published: 2014-07-30
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management f...

CVE-2014-0915
Published: 2014-07-30
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8...

CVE-2014-0947
Published: 2014-07-30
Unspecified vulnerability in the server in IBM Rational Software Architect Design Manager 4.0.6 allows remote authenticated users to execute arbitrary code via a crafted update site.

CVE-2014-0948
Published: 2014-07-30
Unspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager 3.x and 4.x before 4.0.7 allows remote authenticated users to execute arbitrary code via a crafted ZIP archive.

CVE-2014-2356
Published: 2014-07-30
Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request.

Best of the Web
Dark Reading Radio