430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Cyber warfare

US Government coordinated hacktivist to hit foreign governments

Hacktivist Hector Xavier Monsegur, former leader of LulzSec collective, may have coordinated state-sponsored attacks for the U.S. Government. The New York time published the news that an FBI informant, Hector Xavier Monsegur, coordinated in 2012 a campaign of hundreds of cyberattacks on foreign websites. In many cases we discussed the possibility to exploit hacktivism to support […]

US Government coordinated hacktivist to hit foreign governments

Hacktivist Hector Xavier Monsegur, former leader of LulzSec collective, may have coordinated state-sponsored attacks for the U.S. Government.

The New York time published the news that an FBI informant, Hector Xavier Monsegur, coordinated in 2012 a campaign of hundreds of cyberattacks on foreign websites. In many cases we discussed the possibility to exploit hacktivism to support military operations against a foreign government, the US intelligence was accused to have infiltrated popular collectives of hacktivists to coordinate attacks on foreign governments including IranSyria, Pakistan and Brazil.

According declarations of participant to the attacks, the group of hackers exploited a vulnerability in a popular web hosting software to steal sensitive information from the government servers. All the information collected during the offensives were uploaded on a server monitored by the FBI according to court statements.

“The details of the 2012 episode have, until now, been kept largely a secret in closed sessions of a federal court in New York and heavily redacted documents. While the documents do not indicate whether the F.B.I. directly ordered the attacks, they suggest that the government may have used hackers to gather intelligence overseas even as investigators were trying to dismantle hacking groups like Anonymous and send computer activists away for lengthy prison terms.” reported the New Youk Times.

Hector Xavier Monsegur, aka Sabu, was one of the leaders of the popular group of hacktivists LulzSec that breached many high profile targets during in the last years, including Sony Pictures (2011). The group also claimed responsibility for taking down many other notorious targets such as  AT&T, Viacom, Disney, EMI, and NBC Universal, The Sun, PayPal, MasterCard, The Times and the CIA.

Sabu once arrested decided to collaborate with law enforcement to track down other members of Anonymous. Various members of the popular group of hacktivists have been identified and arrested. 

Thanks Monsegur, F.B.I. arrested another popular hacktivistJeremy Hammond that joined in the group of hackers known as Antisec. Hacktivist Jeremy Hammond was sentenced to 10 years in federal prison, he collaborated with Monsegur to conduct the attack on the private intelligence firm Stratfor.

hacktivist Jeremy-Hammond

During the process Hammond declared that FBI coordinated numerous attacks of Anonymous on foreign governments, after the Stratfor hack in fact Monsegur began supplying Hammond with lists of foreign vulnerable websites representing the targets of the offensives. The collective of hackers led by Mr. Hammond exploited a zero-day vulnerability in the web-hosting software Plesk to install a backdoor into thousands of websites and gaining their complete control.

The attack pattern was quite similar, once installed the backdoor on the target, sensitive data like emails and databases were extracted and uploaded to a computer server controlled by Monsegur.

“Mr. Hammond would not disclose the specific foreign government websites that he said Mr. Monsegur had asked him to attack, one of the terms of a protective order imposed by the judge. The names of the targeted countries are also redacted from court documents.”

The list included more than 2,000 Internet domains, Monsegur directed Mr. Hammond to hack government websites in Iran, Nigeria, Pakistan, Turkey and Brazil and other government sitesincluding the Ministry of Electricity in Iraq.

The sentencing statement confirmed the involvement of Mr. Monsegur in the attacks against Syrian government websites, including banks and ministries of the government of President Bashar al-Assad.

“The F.B.I. took advantage of hackers who wanted to help support the Syrian people against the Assad regime, who instead unwittingly provided the U.S. government access to Syrian systems,” the statement said.

According Hammond, Mr. Monsegur never carried out the hacks himself:

“Sabu wasn’t getting his hands dirty,” said Hammond.

The exact role of the FBI is still unclear, the involvement of groups of hackers capable to hit any target on the Internet is a known and efficient strategy adopted by governments.  Characters like Mr. Monsegur can influence large masses of hacktivists that taking part to a cyber attack support a tactical operation of the US government.

The involvement of groups of hacktivists such as Anonymous has numerous advantage for a covert operation like low costs, no official liability for the attacks and the opportunity to exploit them in a diversionary tactic to hide more sophisticated attacks conducted by state-sponsored hackers.
Many other governments would use a similar strategy to attack its adversary in the cyberspace.

Pierluigi Paganini

(Security Affairs –  Hacktivist, Monsegur)