Risk

4/9/2012
12:48 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Anonymous Continues Barrage Of Government Hacks

Hacktivist group Anonymous continues string of cyber attacks on governments worldwide, with attacks on China, Tunisia, Uganda, and the United Kingdom in the last few weeks.

Anonymous: 10 Facts About The Hacktivist Group
Anonymous: 10 Facts About The Hacktivist Group
(click image for larger view and for slideshow)
In the wake of a continuing series of reports of cyber attacks by the Anonymous hacking group against China, the Chinese government admitted Thursday that it had indeed recently fallen prey to those attacks.

Anonymous supporters also claimed to attack Ugandan government websites over the weekend, and said that they planned to begin attacks on United Kingdom government servers. Anonymous also claimed to have hacked the Tunisian prime minister's private email account, and released what it said was his email archive to the Web. The hackers' collective has targeted numerous governments in recent months, including U.S. federal agencies, NATO, and the Israeli government.

As for China, hackers have in the past few weeks defaced websites with messages calling China's government "evil" and warning Chinese Internet users to be "careful" because their "government has been in control of [the] network and filters harmful things."

The attacks have continued in recent days. Over the weekend, the recently launched Twitter handle @AnonymousChina announced the hacking of numerous additional Chinese websites, posting data dumps to Pastebin and Pastebay from alleged Chinese government servers. The @AnonymousChina account also announced its intention to take down Chinese censorship technology.

[ See Anonymous Vs. DNS System: Lessons For Enterprise IT. ]

Anonymous has claimed that its attacks have been in pursuit of Internet freedom. "All these years the Chinese Government has subjected their people to unfair laws and unhealthy processes," stated a recent Pastebin post attributed to the group. "People, each of you suffers from tyranny of that regime. Fight for justice, fight for freedom, fight for democracy."

In a press conference Thursday, Chinese Ministry of Foreign Affairs spokesman Hong Lei admitted that the Chinese government has fallen "victim to Internet hacker attacks," according to a transcript of his remarks.

The so-called Great Firewall of China blocks content that it labels subversive, and China has aggressively pursued online dissidents for years. Within the last few weeks, China's official state-run news service has reported that the country temporarily suspended comments on popular microblogging websites QQ and Weibo, shuttered 16 websites, and arrested six people for spreading rumors online.

However, in response to a question about the attacks, Lei claimed that "China's Internet is open," that Chinese Internet users "enjoy full freedom on the Internet," and that the large number of Chinese Internet users demonstrates the "openness of the Chinese Internet."

The Tunisian emails appear to include months' worth of emails in French and Arabic, including emails about political activity in the country. Anonymous claimed that the cache also includes bank transaction records and invoices from year's Tunisian election campaign.

In the United Kingdom, meanwhile, the government's Home Office website was offline for several hours on Saturday, and Anonymous claimed responsibility.

Secure Sockets Layer isn't perfect, but there are ways to optimize it. The new Web Encryption That Works supplement from Dark Reading shows four places to start. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark Reading,  6/20/2018
Inside a SamSam Ransomware Attack
Ajit Sancheti, CEO and Co-Founder, Preempt,  6/20/2018
Tesla Employee Steals, Sabotages Company Data
Jai Vijayan, Freelance writer,  6/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12697
PUBLISHED: 2018-06-23
A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.
CVE-2018-12698
PUBLISHED: 2018-06-23
demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump.
CVE-2018-12699
PUBLISHED: 2018-06-23
finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.
CVE-2018-12700
PUBLISHED: 2018-06-23
A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion.
CVE-2018-11560
PUBLISHED: 2018-06-23
The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overflow leading to Control-Flow Hijacking via a crafted usr key, as demonstrated by a long remoteIp parameter to cgi-bin/CGIProxy.fcgi on port 34100.