This week (August 13 – August 19) can certainly be called the week of Anonymous operations. There have been so many of them that we almost lost track, which is why we’ll sum them all up in this security brief.
The week started with Operation TrapWire, initiated by Anonymous in response to the mass surveillance system that the world learned of from the Stratfor files published on WikiLeaks.
Many believed that this might be the main reason for which the AntiLeaks hacker collective had taken down the whistleblower website and had kept it down for over a week.
Later, the same hackers took credit for downing Bambuser and RT.com, both incidents being connected to the extradition scandal that revolves around WikiLeaks founder Julian Assange.
Operation India also came into the attention of the press after Anonymous hacktivists had defaced the website of the All India Trinamool Congress, posting a fake piece of news on behalf of the organization’s chairperson.
Anonymous has also called out to the community to fight music censorship.
“The Censorship of music won’t stop there [at the attack on Demonoid], no, it will evolve and progress until the goverment is transpassing on our privacy and our personal lives,” they said.
After the attacks launched on Ukrainian government websites as part of OpDemonoid, a hacker collective called ImperialDown took over the mission of going after the Ukrainian government, in support of Internet freedom.
OpUkraine, on the other hand, has entered its second phase. The hackers accuse the government of continuing the dog Holocaust and, as a result, they’ve already launched a DDOS attack on the site of Ukraine’s Ministry of Agriculture and Food.
Operation Digiturk has also entered its second phase. Activists plan on protesting against the blockades instated by the telecoms company.
On August 16, Operation Big Brother was initiated, organizations that support the INDECT project being named as primary targets.
The data breach that affected RUTracker is also in the hacking section. The popular torrent site has been penetrated by hackers who have posted a “domain name has been seized” message on the main page.
Ugandan officials promised to buff up security measures after Anonymous hackers defaced the Office of the Prime Minister website and posted a fake statement on behalf of the country’s PM.
Finally, oil company Saudi Aramco was breached. Although its public website experienced some disruptions, the company’s representatives stated that their regular operations were not interrupted in any way.
In the past seven days we’ve also learned of some interesting pieces of malware. The MyAgent Trojan is probably the most interesting one. Its main targets are organizations from the chemicals, technology, defense and aerospace industries.
Another Trojan that has made numerous headlines is Shamoon. It targets the energy sector and unlike other malicious elements, it doesn’t attempt to remain hidden for as long as it can. Instead, it covers its tracks by overwriting files and by wiping the infected computer’s master boot record (MBR).
We’ve also learned of a new version of the ZeroAccess Trojan which hides its payload by using the Extended Attributes feature of the NT file system.