‘Pravyy Sector’ and DNC leak as symptoms of new trend in Russian cyber operations

Hacking group Pravyy Sector (‘pravyy’ is bastardised Ukrainian for ‘right’, Right Sector is the name of Ukrainian ultranationalist party), responsible for leaking customer data of Polish ISP Netia, claimed on Twitter that they breached network of Polish Ministry of Defense. Group claimed that they gained full access to the MoD network and, what might be even more interesting, got their hands on ‘PRISM Poland logs’. Pravyy Sector then demanded $50 000 transferred to specified account or bitcoin address in exchange for not leaking the data.

To prove their access, group has posted screenshots from apparent MoD computer, photos of application to ‘PRISM service’ and xml containing information about hosts in alleged MoD network. It is worth noting that materials posted initially were hardly a proof of compromised network – attached screenshots suggests that all files were taken from single computer. MoD soon issued a statement claiming that attackers has gained only outdated documents and are trying to overestimate their success. Pravyy Sector countered with posting screenshots of emails with information related to organisation of recent NATO summit. Ultimately however, it seems that they bluffed. Alleged information coming from PRISM programme are probably just data collected by botnet with only superficial modifications made to make them more believable. Soon after, group has deleted twitts related to hack.

Continue reading “‘Pravyy Sector’ and DNC leak as symptoms of new trend in Russian cyber operations”

No maps for these territories – landscape of cyberwarfare reporting

In latest Edward Snowden’s profile prepared by Wired two new informations related to US cyberwarfare activity were revealed. First is that NSA caused internet blackout in Syria while trying to deploy exploit in one of Syria’s main routers. Unfortunately instead of accomplishing their goal operatives made router completely unresponsive – effectively cutting off country from foreign internet connections. Combining secret nature of NSA activities with increased rebel activity during that period (November of 2012) the narrative presented by media was naturally much different. Pretty much every major news network claimed (often backed up by source from intelligence / cyber security companies) that Syria’s government is responsible for blackout, and furthermore that it was a deliberate effort in order to prevent global coverage of atrocities that are about to happen. There are two side of this – it might be argued that given unstable situation and callousness of Al-Assad’s regime, government sponsored blackout was the most probable course of action. On the other hand this case brutally reveals how much and to what extend informations about cyberwarfare in all its aspects (be it hacker attacks, cyber espionage, ddos attacks or anything else executed from behind the keyboard) are based on speculations and probability scales. Make no mistake – it is not strictly fault of news networks, or rather it is but there is little they can do about it. In case of rising superpower of news media, the  internet outlets of various forms what matters most is page visit counter. While this phenomena is certainly not limited to cyberwarfare reporting, combination of lack of sources, clandestine nature of operations and limited technical knowledge of news staff makes reports even sketchier and more sensationalistic than usual. After all nothing makes a better headline than a cyberattack straight from Tom Clancy’s novel.

Continue reading “No maps for these territories – landscape of cyberwarfare reporting”