From organized hackers to govermental spying
Recently, the news has been flooded by messages such as “Anonymous attacks governmental websites” or “Hackers leaked sensitive information”. This sounds like it would come from the USA, since most attack targets are in the US, right? Well, sad news is that those goverments being attacked or information being leaked are happening in… Austria! Now you will be asking yourself, OMG Austria? The beautiful mountainous country being targeted by criminal hackers? well it looks like it!
Before you go out and scream out of panic, let me first tell you there are different types of hackers. In general a hacker is simply someone who likes to diddle with things he is interested in. Say you have a program that works a specific way, the way it was designed to work by the developer. However, there are people who are not happy with the way the program works, so they try to change the code of the program in a way that the program works the way they want. This creative way to change a program so it works the way a user wants it to work, is hacking. Another example, there is a program on a server you desperately need, however you cannot get to it because of many reasons. One of these reasons may be that you don’t have the access rights to that program. A hacker would do everything to gain those rights and get this program.
There are two main types of hackers, the black hats and the white hats. The black hats are the “bad” hackers. Those hackers will hack because they can, they will destroy systems, steal data, or even commit identity fraud to get a certain good or service. The white hats on the other side are the “save the world” type of hacker, they hack to test security loop holes and then report this to the owner of the website or program.
Under those groups there are sub-groups, and one most common these days are “Hacktivists”. This type of hacker combines hacking and activism. Activism is all about protesting against some governmental action like the protest against the data retention law or the federal trojan program (I will discuss this later). One major player in those activists are called Anonymous.
It all started with those masked activists who were protesting against the Scientology sect. Those activists where crowded together infront of the Scientology church. Those original Scientology activists protested mainly with their mask and plakards standing outside the church, even though some also shut down the Scientology servers.
Now, the hacktivism part of Anonymous actually started with the hack against credit card companies, such as Visa and Mastercard. Those credit card companies funded the famous Wikileaks website. Because those companies, after a controversial video got leaked, stopped the funding, the hackers crashed the servers of those credit card companies by a method called Denial of Service Attack or DoS for short. DoS is a popular method where by attackers send so much traffic to a webserver that it cannot handle it anymore and rejects usefull access to the websites.
In Austria the Anonymous group AnonAustria has hacked and leaked many information of Austrian goverments and federal institutions. The local newspapers like Kurier, Der Standard, Heute and News, all reported about the attacks. Most recent news was about the information leakage of the federal police. But more crutial was the attack against the “Fees Information Service” or GIS (Gebühren Info Service) which was shut down and took several weeks until it got up again. Other websites that where shut down were the ones from political parties such as the SPÖ (socialists party) and the FPÖ (freedom party).
What does this show us? That austria doesn’t take computer security serious. For some information you do not even need to be a hacker to gain it, all you need is Google! Methods used, such as cross side scripting or SQL injection can be learned easily. However it is also easy to protect from those loop holes. If companies have decent website developers who actually care about security as well as the look of the website, this may not have happend. But like always, something must happen first before people get active.
Now to other news. Recent news from the ORF website showed that the german CCC (Chaos Computer Club) got a copy of the feared Bundestrojaner (Federal trojan program) and found that this software does more than it should. It was said that the government can secretly install a trojan program from the government on suspicious computers and watch their traffic, this can be telephone and internet traffic. However as the CCC revealed the program does more. It also takes screenshots of your desktop, a builtin keylogger records the keystrokes of the user and sends it to the author of the trojan and takes webcam pictures and sends those to the author. In addition to that, the trojan can even load a program to the victim’s computer and actually execute that! Now this actually threatens the privacy of the computer user and is against the German Privacy Act.
If you understand German, please watch the following youtube video and see for your self what the Bundestrojaner can do:
After reading all those information about cybercrime activities and spying from the government, I will ask you, what will come next? will the next world war be fought online? or will the internet be controlled and nobody can do anything anymore?
Please make your own views on the topic, and feel free and post a comment after reading my blog.
And as always, stay crispy in milk 
