By Haythem El MIR
On January 2, 2011 around 22h, the group of activists Anonymous launched one of the most massive and severe attacks against Tunisian cyberspace, protesting against political practices that plague the freedom of Internet access and denouncing abuses related to human rights. The attack lasted ten days, affecting about fifty servers belonging to Tunisian government and a number of businesses close to the regime, affected by denial of service attacks and some websites defacement.
Anonymous is a group that was mobilized by Tunisian nationalist activists known for their fighting for a free from control Tunisian Internet. The group was able to recruit a number of Tunisian hackers who joined the cause. This was a real cyber-war against the regime of Ben Ali, who has lighted the cause and attracted the attention of public opinion and the international community.
The collapse of the regime has switched off the fires coming from the anonymous dragon, to move to other missions against Egypt, Libya, Iran, Bahrain, Yemen, China, Italy, Malaysia, … But the mass of Tunisia hackers left by this war, looking for new motivation to launch attacks indiscriminately, began to create new challenges and new targets. Young geniuses, armed with tools and techniques that are too powerful for Tunisian websites left on forgotten servers and unable to resist. Thus, there’s another war started by these “gray hat”, attacking sites and servers to challenge administrators and demonstrate to them their inability to secure their platforms, unfortunately many of them succumbed to little geniuses attacks.
Then we saw everything: intrusions, defacing websites, data theft, … but the greatest damage was observed on facebook, hundreds of accounts have been hacked, children, adults, professionals, politicians and official fun pages, … moral damage had been caused by these attacks on people by creating fake profiles, defamation, publication of stolen intimate photos and videos, identity theft and sometimes by disabling accounts. The damage was even through financial, by hacking business fun pages.
The question is “who is behind this great drift, making facebook an area of cyber juvenile delinquency?” By investigating the issue and analyzing attacks, victims and messages conveyed by these cyber criminals, we can conduct a profiling to see that this is a category of 15-25 years old hackers, who does not have great hacking expertise but they are using simple attacks such as phishing to trap unwary facebook users or by installing malware on unprotected computers to spy on users, steal their account and even by activating their webcam and do a real physical spying. Profiling also reveals that alibis are childish aiming to harm a former girlfriend or a schoolmate, and sometimes this is due to a difference in a religious or political opinion.
This finding reveals the existence of a large number of hibernating hackers, acting on random targets, waiting that issues become more significant so that our little dragons leave their shelter blowing flames on systems not aware yet of the seriousness of the situation.
This situation continues to send us some indicators on a very alarming drifting referring on a possible mobilization of the mass of hackers for unusual purposes. Some of these indicators is related to the recent attacks involving political actors, such as CPR party victim of attack on their facebook page just two days before the elections, the website of the new President Marzouki, just promoted to power, was targeted by a web defacement and used to broadcast a perplexing message, also the hacking of facebook pages of Mohsen Marzouk and Dostourouna. ( Here is Screenshots for the Hacked Websites Click on the image to enlarge):
Other attacks have also affected the official website of Nahdha and Rached Ghannouchi as well. The website of Hachmi Hamdi and his TV Mustakilla were defaced just after the elections protesting against his unexpected results in the election. Ten other websites were also attacked claiming censorship of pornographic websites and finally an online newspaper hacked to spread a message to defend wearing of the niqab. To not denounce any political party, some cases have shown that hackers have acted to harm some political parties by using their names in their message published on defaced website, in order to make them involved in illegal hacking without their knowledge. This is only the tip of the iceberg which was disclosed by the media, what is hidden may be more dramatic.
It’s a big question mark that creates a controversy: Who is behind these attacks? Are they isolated incidents or an organized assaults? And if so, political parties are they involved? The answer may be obvious because our political parties will never dare to be engaged in illegal competitive practices or the use of hacking to undermine political rivals or fighting political fronts because of a difference in opinions. The logical explanation may be closer to practices conducted by political parties’ supporters, operating out of control of political leaders. They act individually driven by political fanaticism. It is a new phenomenon revealing a serious political drift of partisans using their hacking techniques or using our asleep beloved dragons. Reading the messages posted by the hackers, no one can deny the use of such attacks to spread a political message.
This undeclared war could widen, and leave skid to be out of control, whether political parties will not make the step to denounce and point the finger on it.
Walking through biggest parties’ electoral programs before the election, it was an exception to see a program that addresses this issue, indicating a failure in a very essential component in information technologies which is information security. Nowadays, information security has extended to have a direct relation within the state sovereignty and national security.
Anonymous attacks and Tunisian hacker groups have shown that the state can be a good target, especially if technological change will go towards more openness, more services and more socio-economic and political issues. In this case, it will be the best target especially if information security is forgotten and do not protrude to a very high strategic level.
The National Agency for Computer Security, a public instrument created to develop a national strategy and ensure its implementation will certainly be the key element to deal with these waves of attacks and emerging abuses. By its rich technological heritage and human skills, the agency has been wrongly placed, lacking legitimacy to impose its rules and new governance model which place the information security in a fairly high level of importance.
The army defends our land and sea borders, the security forces secure the interior then what does it for our cyber borders, who is defending them? The current government and all political parties should address this issue with much more diligence and develop programs to better secure the Tunisia cyberspace and to defend our digital borders by means of an endless intelligence and a recognized engineering capacity that can take us onwards a future that we are dreaming of, for a very long time.
Haythem EL MIR, CISSP: Chief Technology Officer at National Agency for Computer Security and the Tunisian CERT. He can be reached at firstname.lastname@example.org and you can follow him on Twitter @elmirhaythem.