Inside Cyber Warfare - Jeffrey Carr [62]
http://www.hackteach.net
The forum on this site is called “the Palestinian Anger forum” in Arabic and “Hack Teach” in English. It is run by Cold Zero and is one of the most active anti-Israel hackers. The forum contains tutorials and tools to assist hackers.
http://t0010.com
This used to be a more developed website called the Muslim Hackers Library. Now it contains only a list of downloadable resources for hackers in both Arabic and English.
Pakistani Hackers and Facebook
On December 24, 2008, the Whackerz Pakistan Cr3w defaced India’s Eastern Railway website with the following announcement:
Cyber war has been declared on Indian cyberspace by Whackerz-Pakistan.
When clicked, a new window opened saying that “Mianwalian of Whackerz” has hacked the site in response to an Indian violation of Pakistani airspace and that Whackerz-Pakistan would continue to attack more Indian military and government websites as well as Indian financial institutions, where they will destroy the records of their Indian customers.
Whackerz-Pakistan is motivated by both nationalistic and religious allegiances, unlike their Russian or Chinese counterparts, who are purely nationalistic. At least one of the members is Egyptian and two live in Canada, so their geographical identity may be less important than their religious affiliation.
Their stated preferred targets are India, Israel, and the United States, so besides their involvement in the Pak-India cyber conflict they may also be involved in the Israel-Palestinian National Authority cyber attacks.
At least half of its current membership are educated professionals in their 20s or older, so this is a mature crew with financial resources and professional contacts in the international technology community. The employment by one of its members at a well-known global wireless communications company means that they are potentially both an external and internal threat.
The Whackerz Pakistan operations security (OPSEC) discipline was generally poor. Quite a bit of personal information was available via the social networks YouTube and Facebook, as well as Digg, Live.com, and zone-h, but it was a Facebook entry that contained the most damning evidence: the real name of the leader and the order to a subordinate to perform the attack against Eastern Railway.
This example serves to underscore the level of trust that occurs, for better or for worse, on social networks. The most cautious member of this hacker crew, its leader, demonstrated good OPSEC on every social network except one—Facebook; probably due to the illusion of security provided by the Friends Only setting. The “illusion” stems from the fact that you never know who your friends truly are in a strictly online setting without the benefit of a personal meeting.
The Dark Side of Social Networks
Social networks are an ideal hunting ground for adversaries looking to collect actionable intelligence on targeted government employees, including members of the US armed forces. The venue is free, raw data is plentiful, and collection can be done anonymously with little or no risk of exposure.
According to a recent study conducted for one of the US armed services, 60% of the service members posting on MySpace have posted enough information to make themselves vulnerable to adversary targeting. For those readers who aren’t versed in military vernacular, adversary targeting translates to events such as important new technology being transferred to the People’s Republic of China, a DOD intelligence officer being blackmailed, and the kidnapping and ransom of a corporate or government official overseas. The open APIs on Twitter and Facebook provide a virtually unlimited resource for building target profiles on employees of sensitive government agencies