A hacking anatomy and what we can learn out of it!
There is nearly no single week , we don’t read in the news that there is a attack launched against a government, business or organization. As we all know there is NO WAY to STAP a Hacker. All what we can do is make their job harder ? But how?
The best way is to keep an eye on Security News, to subscribe to some newsletters etc. Once a incident happens , we should look in to the details and learn from that. unfortunately, for most of us an incident can be much more effective than 100000 advises.
So we should learn from mistakes? Here is a very bad example : “The Turkish Government” . In last few months they had so many attacks , they were brought down so many times . the sad part of this is, when you check their “hacked” methods most of them are done with known vulnerabilities or more importantly with weak security.
Let’s review their (Turkish Government) incidents and what they done as response, what they have lost and what could they do? The Government’s official websites are brought down many time from the same Hacktivist group called RED HACK. All their attacks were launched as protest on what the current government…
Web Sites They Have Hacked and The Effects
Early 2012 Red Hack warns Turkish government with a video:
The video has been removed from You Tube but they were warning the government to take care of their IT systems. As it was published months after Anonymous did launched DDoS attacks on some Turkish government websites in June 2011 in protest against government plans to introduce Internet filtering. The government supposed to learn from this but they didn’t.
Nearly after six months of this incident this time RedHack warned them, and right after, they did done what they said, as you are going to read below:
March 2012, Ankara Police Department hacked
The group member said the reason for targeting the Ankara Police Department was that it was the centre of applications such as “E-State” and “E-Police,” and the fact that it was “much more special and better protected” than other police department websites.
RedHack had downloaded police files that contained “Top Secret” information. Password for top secret files was ‘123456’.
RedHack announced that almost all of the software installed on Ankara Police Department’s computers were pirated copies. “Even the FTP [File Transfer Protocol] program they were using to share secret documents was pirated. RedHack took screen shots showing illegally obtained programs…
They also attack and delete all files from sites that they believed Police should not have!!!
As a result the Turkish Police started to arrest few Hackers, claiming they were from RedHack, but of course the hacktivist group denied that and to “prove” that their hackers were still out and active, they crashed a website belonging to the dormitory directorate of the Turkish police force.
And they released one more video, as you can watch here
April 2012, Turkish Interior Ministry website hacked
RedHack took down the documents section of the Turkish Interior Ministry website , downloading all documents on the ministry’s file system.As you might have seeing it in the above video RedHack sad that they had downloaded all the files in the ministry’s systems and would release them if “the minister kept jailing innocent people on charges of being a RedHack member…
May 2012, Turkish family ministry website hacked
The original contents of the website were replaced by a message that read, “Only mothers die in every war. Do not torment the mothers, dear sirs, do not make them upset.” The hacked page also included a footnote addressed to the authorized prosecutor who is overseeing a probe into RedHack, launched after the group hacked into Ankara police’s database and acquired secret information. And stressing out they were not arrested as The Police department has announced.
June 2012, RedHack leaks Turkish Army Staff Documents
RedHack disclosed a list of military personnel list included the officers and specialist sergeants stationed at in some cities, with information on their dates and places of birth, date they joined military service, rank and area of specialization, such as “sniper,” “demolitions expert” or “medic.”
RedHack announced the leak with the message, “Think of what foreign agencies are capable of achieving if we were able to obtain this list. Here is a small example of the situation the country’s protectors are in. Redhack added they did not publicize any information that could put the military personnel in danger
June 2012 Turkish Foreign Ministry
RedHack discloses hundreds of Foreign Bureaucrats and diplomats identities. The file dump did not include the ID cards given to the children of foreign personnel. “These are only a part of the IDs we have obtained,” the group said. And they shared some of the ID’s in DropBox. This action happened right after a A Foreign Ministry official said the hackers had not taken down the ministry’s main website and did not steal any secret files !!!
RedHack hacks hxxpS://public.mfa.gov.tr (please notice httpS)
Public.mfa.gov.tr was replaced with pictures showing the Turkish prime minister with the killed former Libyan dictator Muammar Gaddafi and Syrian President Bashar. A title was placed above the pictures, “Brothers yesterday, enemies today.”
Foreign Ministry admitted the incident was due to a “weakness of security.” The Minister said that RedHack attacked the public page used for internship applications and foreign mission’s applications for identity cards
The Anatomy of the attacks, How could the Turkish government get hacked that often ?
First of all thank you. If you are reading this after that long article you deserve to be thanked. This is the most important part of this post. But its also really very important to see how the Turkish government was not able to defend them self. I am sure that you have noticed the “bold” highlights.And the answer of why the Turks where hacked lies there:
- Ankara (capital city of Turkey) Police Department is using “pirated” software
- The Police department has very weak Password policy
- Their web server were not patched or not up to date with their software updates.
- They were trusting them self too much, and being a Security Adviser I can tell that this is one of the most dangers behaviours, never ever underestimate your “enemy”
- They are not meeting the Best Security Practises.
- Lack of training
How to create a DEFENCE plan against hack attacks?
- Deploy a Network Access Controller (NAC) : There are so many exploit’s happens behinds firewalls, at least the NAC will help you to determine who belongs to your network an who does not. When you deploy NAC you should make sure to to install internal Security certificates in to your servers and introduce your Network devices (hub, switch, routers , mobile (cell) phones)
- Install Host Based Intrusion Systems (HIPS): This will block malicious software from functioning. Try not to stick to Heuristically ( no signature updates) to have more chance to block Zero Day attacks
- Use strong encryption : If you have Windows systems why not enable “Bit Locker” on your Hard Drives, if not use True Crypt . Enable IPsec , to enforce secure communication even locally. If you are using remote connection to your servers try to use the strongest security protocols like EAP-TLS, L2TP
- Create a Employee awareness and Training Program
- Implement the basic but effective 4 D formula
- Detect: Be aware of the treads – via keeping in Security news
- Deter: Preempt the exploitation
- Defend: Have a real time fighting method
- Defeat : Win the fight against people they are not belonging to your network
- Create a “Non Traditional Countermeasure against “them”: Don’t really just on “a” solution. Or just your Anti Virus. Don’t forget even the best Anti Virus software is not getting %100 detection rate. Also keep in mind, your AV can only detect the viruses they are been caught by your software vendor. It’s not hard to guess that, the best anti virus vendor is minimum a day behind of the current new virus. So don’t just really on signatures enable also a behaviour checking as well to reduce the chance to get infected. of course this does not mean you should not use any traditional protection methods as well, in fact you shall do.
- Distribute your content over many nodes geographical route the users the closed nodes. This will make even the biggest DoS attack less effective. Yes, they might slow down your network speed or disable the access in some areas , but a complete taking down will be much much harder.
- Get protection against BOTS: Bot ( A software robot, that can run autonomously.) will usually infect PC’s waif e-mails or viruses/Trojans, and use your system as Zombies to create a DDoS attack. The best way to prevent bots to run on your system is “having a proper security solution”. Scanning all incoming and outgoing traffic will also give you extra layer of confidence.
- Know your IT Infrastructure very well
- Simulate attacks against your self (Penetrating Testing) which will Inc. Enumeration,scanning, foot printing, gaining access and having a defence methods against those unauthorized accesses.
- Install Honeypots and always keep an eye on the logs of any hardware / software
The list can go bigger and bigger but when we check the RedHack attack ways and their effects , protection could be done just with this 11 simple steps…
The Complete list of hacked websites by RedHack can be seen here