- Original post in French by Haythem EL MIR: Hacking : Top 10 des tendances d’attaques en 2011 et prévisions des menaces pour 2012.
- Translated into English by Edith Mulhern.
2011 was a historic year for Tunisia on many fronts: social, political, economic…but in terms of technology, we didn’t have a true revolution, despite the fact that technology played a major role in the revolution. Technology was an important tool for activists, politicians and the people to express themselves, to share ideas and sometimes even to take part in protests. A large portion of the Tunisian population used their cell phones and cameras to record important events, to share images, and even to coordinate demonstrations. Those with Smartphones had a greater ability to create high quality images, to access the internet directly, to read and send emails, and to use social networks for sharing. On the web, there were useful tools to create and communicate: Facebook, YouTube and Twitter were certainly the most useful resources, not to mention blogs and online media, tools that both activists and everyday internet users used to express themselves freely and easily.
2011 saw a boom in the sense that the usage patterns of technology changed, in a show of growth that demonstrated Tunisians’ creativity, their sense of humor and their extraordinary level of social, political and religious knowledge. This year changed our history, our future and our conception of ourselves. Technological resources were channeled into helping create change, but these same resources were also frequently misused for Machiavellian motives ranging from jokes to well orchestrated crimes. This boom, which revealed serious threats for citizens, public and private interests online, shows that we are not as safe as we think.
The following describes the most important attacks and hacking trends in 2011:
Anonymous’ Attack: Certainly the most spectacular attack of the year, the group of activists Anonymous, supported by other Tunisian groups, was able to disturb Tunisian government websites over a period of ten days. They succeeded in attacking certain sensitive sites by defacing them, and for a larger portion of the attacks using Denial of Service. By using a traffic generation tool and a simple but undetectable method of security tools, they were able to paralyze a significant number of servers. This was #OpTunisia, which put Tunisia in the spotlight.
Facebook: For some users, Facebook is the internet, and the internet is Facebook, which shows just how completely this social network has been adopted by Tunisian internet users. Every kind of debate was represented: Sports, politics, religion, science, history, art, jokes. But Facebook caused a flood of damages as well, besides the classic social phenomena that reproduced themselves more seriously than in daily life, because of anonymity, and of the false sense of freedom and impunity that people feel when using the internet: there was a growing scourge in 2011 of stolen accounts, false profiles, character assassination, swindling, blackmail, scams, and shut down of accounts and pages. This was a serious phenomenon that caused problems like divorce and ruined friendships. This tragic moral damage had the effect of making people lose confidence in technology.
Web attacks: This is mostly attacks where hackers alter the home pages of sites. This phenomenon has become very common over the past couple years, since administrators have difficulty obtaining the necessary tools to protect their platforms. According to zone-h, 334 Tunisian websites with the .tn domain were attacked in 2011. Once other Tunisian sites with the .com, .org and .net domains are counted, the number is closer to 2 sites by day, and maybe even more.
Malware: Viruses, worms and Trojan horses continue to constitute the major attacks on domestic users and businesses. Some malware paralyzes the systems it attacks, while others are able to control the infected machines, and still others steal data. Some other malware functions by turning on the webcam and recording video. The damage is significant, even if it is difficult to evaluate the loss. This damage can be avoided by using an antivirus and by running system updates. The most common malware programs in Tunisia are: Kolab, Amvo, Folder.Fxm, Diple, IRCBot, Ddoser, Pincav, Jorik, Menti and Zbot and the principle means of propagation they use are networks, portable drives and unsafe websites.
Political hacking: This phenomenon was the scoop of 2011, where hackers attacked under the banner of political parties or re-appropriated sites to broadcast political messages. The attack against Moncef Marzouki’s site illustrates this trend, as does the one against Rached Ghannouchi. It was in direct relation with events on the national scene and showed that while hacking currently targets sociopolitical issues, tomorrow it will focus on economic ones.
Destruction and loss of data: This kind of damage remains common and leads to the loss of enormous quantities of data, not only for users who lose sensitive files or archives, but also for businesses that suffer system breakdowns that cause unrecoverable losses. Additionally, after the Revolution in 2011, there was a growing problem of theft of laptops, cameras and mobile phones, which contain information that is invaluable to their owners. It also bears noting that digital records were destroyed intentionally to erase traces of corruption and that some properties that were burned down or burglarized also housed data and digital supplies.
Wifi attacks: Internet service providers continue to supply ADSL modems equipped with Wifi access points, in order to give their clients better access. Even though most modems are configured to encrypt communications, there are still open networks, or those that use weak encryption protocols like WEP and WPA. Both hackers and individuals who wished to use a free internet connection did not hesitate to piggyback onto their neighbors’ wireless networks using free downloadable tools or even with instructional videos also available online. Another problem related to ADSL modems is the ability to exploit poor configurations, like administrator interfaces that have passwords by default. Some hackers were able to infiltrate and exploit hundreds or even thousands of unprotected modems.
SPAM: This year also witnessed significant growth in undesirable email, especially mail sent internationally from our networks, caused by machines compromised by malware that send SPAM. This was especially noticeable just after the elimination of the filter that blocked the SMTP port (TCP 25) at the international interchange level. This SPAM circulates false advertising, viruses and scams that principally come from certain African countries.
SMS scams: This is a phenomenon that effects mobile phone users, who receive SMS messages that say they have won a large sum of money and need to call a specific number, but when called, uses their entire cell phone credit or sometimes the message directs them to retrieve a check at a local bank. Another scam is a message that indicates money has been transferred to the recipient’s account and then the scammer will call to demand the money that was transferred in error. Yet another SMS says the recipient has won a small amount of money, and to claim it they need to enter a code, but all the code does is transfer the money to another number. These are simple schemes, but many of our compatriots, who aren’t aware of this kind of scam are easily taken in.
Doctoring documents: This is manipulating images using tools like Photoshop to paste one person’s head on another person’s body or to falsify an official documents and publish them to spread disinformation. While this phenomenon is not new, it use has skyrocketed in a climate of social unrest and political rivalry.
This wave of attacks is the result of three key factors: the political climate of the moment, technological trends, and the security level of targeted systems. This explains the assessment of an exceptional year.
Projected threats for 2012 in Tunisia
Predicting trends for attacks and hacking is a world away from astrologers predicting the future. In this case, the prediction builds on scientific analysis of technological evolutions, usage trends, proportionality of exposed and vulnerable systems, the social, political, religious, economic and ethnic issues, and finally the growing ranks and expertise of hackers on both the national and international scene who might be interested in our systems.
A deeper reading reveals that in terms of technology, mobile technology will expand, social networks like Facebook will continue to be considered as the best method of communication, despite declining confidence. The operating systems and unsafe websites are still there, since there have not been significant efforts to improve or isolate them. Finally, our hackers will be better equipped and more experienced, despite the peaceful nationalist character they display. Based on this assessment, we can predict the following for 2012:
Mobile technology: Smartphones will have a significant presence in Tunisian society, and will be connected to the internet by growing 3G coverage and lower prices. Mobile operating systems will be targeted even more, especially vulnerable systems like Android. Web access from Smartphones will increase, which will also increase the number of system infected with viruses. The risk to stored data will also grow unless users adopt more cautious online behavior and simple precautions like installing anti-virus software for their mobile systems.
Social Networks: Despite Tunisians’ changing behavior on Facebook, due to rising awareness of the need for caution and prudence using this tool, the number of incidents will not diminish, either in terms of number or impact, since many facebookers ignore the risks. Hacked accounts, breached of privacy, slander and false profiles will continue to be a problem.
Malware: Since we are connected globally, the expansion of malware will have a direct impact on our cyberspace. Vulnerable systems will serve as the key accelerator for infections, despite efforts in place. It is important to note that the objectives have changed and that viruses now target critical infrastructure, the way that Stuxnet and Duqu attacked SCADA systems, as well as malware that spreads via Facebook. The same phenomenon occurs in our country, and can be very serious if appropriate measures and not taken. More people are using Trojans, which enable them to control machines remotely, to spy or to steal data like Facebook account passwords.
Sponsored attacks: This is an evolving phenomenon, which concerns businesses, public figure, or even political parties who sponsor targeted attacks. Mercenaries are hired to hack systems or sites in order to harm a competition or rival or also to settle scores, constituting cybercrime.
Phishing attacks: the growing number of internet user,s as well as the growth of online services and mobile apps, increases the opportunity for phishing, where hackers creates false websites to lure clients and then trick them into revealing information like passwords, or even credit card numbers. The attacks target financial institutions or email services like Hotmail, Gmail, Yahoo or social networks.
Hacktivism: this continues to be a potential threat, since hackers are continually attuned to the political scene and support the same causes. However, they will act in cases where they feel that the rules governing their ideal world order are transgressed. The most active groups are are Anonymous and LulzSec, who formed and alliance in 2011. There are a significant number of hacktivists in Tunisia who are part of this group and constitute a potential threat, since they can be expected to pay close attention to events within the country.
Virtualization and the cloud: 2012 marks the birth of the first cloud computing platforms in Tunisia and will witness the growth of private DataCenters, which are mostly based on virtualization technology and are vulnerable to many threats. In 2012, we can expect to see the first attacks on these platforms and the resulting damage and theft of data, if suppliers are not careful.
Finally, this is only a prediction, and while it may seem overly pessimistic, it is important to remember that it is based on very real observations of the technological reality in which we live, which no one should deny or try to downplay.
On a more optimistic note, 2012 will be a banner year for information security, as business and governments will invest money and effort in fixing the system bugs. It’s also the year that will see Tunisians’ online behavior changing and adapting to show greater awareness of risks and demonstrate caution.
2012 will surely be a year of real change, a great technological revolution.
Happy New Year, and best wishes for health and prosperity, for you and your systems.