Brazil's World Cup Of Cyber Attacks: From Street Fighting To Online Protest
by
, 06-17-2014 at 06:43 PM (1442 Views)
Brazil's World Cup Of Cyber Attacks: From Street Fighting To Online Protest
Spear-phishing, DDoS attacks, malware. While people are protesting in the streets of São Paulo or Rio de Janeiro against the organizers of the FIFA World Cup, which they see as an useless waste of money, taking place while the majority of the population is still struggling to make a living, another conflict is raging online.
The report “The State of the Art of Digital Guerrilla during the 2014 Brazilian World Cup” (the link is to the Italian version, English version coming soon), released yesterday by Italian security company Tiger Security is a journey into the darker side of the competition, with hacktivists and cyber criminals both, for different reasons, casting a shadow of what otherwise should have been – and in part, still is – a cheerful event.
Tiger Security (whose work has been first covered by Wired.it) has been commissioned, together with other companies, to protect the Brazilian administration’s digital infrastructure before and during the event, making it well situated to comment and report on what’s going on.
“The attacks aimed at compromising governmental infrastructures have registered a significant increase since the end of April – Tiger Security’s Ceo Emanuele Gentili says – with an exponential growth to almost 2000 daily targets”. Most of the them are not coming from local hackers, but seem to originate from India, Turkey, Europe, Mexico and the U.S..
Foto da minha viagem de helicóptero pelo Rio. (Photo credit: Wikipedia)
The real onslaught started just days before the official beginning of the competition, with a spear-phishing attack to the email accounts of employees of the Ministry of Foreign Affairs. The hacktivist sent more than 600 emails to the officers, inviting them to insert their credentials in a fake website, built up specifically to collect them.
Then they used those very same credentials to access the employees’ emails and steal all their messages and address books. A Ministry’s spokeman said nothing important had been stolen and declared they had solved the problem; turned out it wasn’t so true, as the attackers showed they still had at least partial control of the emailing infrastructure.
More recently, the attacks grew in number and intensity: from DDoS that made unreachable domains like Mte.gov.br, belonging to the Ministry of Employment and Labor, the website of the Ministry of Sport and others; defacements of sites like BB.com.br (Banco do Brasil ), Universalmusic.com.br and many others, and to the leaks of detailed information from highly sensitive targets such as the website of the Rio de Janeiro’s State Military Police, or that of the National Regulatory Agency for Private Health Insurance and Plans (ANS), a regulator linked to the Ministry of Health, in charge of the health plans sector in Brazil.
Surprisingly enough, some of the attacks are perpetrated using an old-fashioned technique called Web Hive: basically volunteers are “lending” their web browser to use it as a weapon for a denial of service attack.
Of course, it’s not only hacktivists that are taking advantage of the attention given to the South American country during the competition. The mass of tourists travelling in the country to attend the World Cup represent also a boon for cyber criminals, whose motives are not as idealistic as the ones of the creators of .
As a recent report by security company McAfee also stated, in Brazil, organized crime is rife and laws to prevent it are few and ineffective, the country is becoming a laboratory for cybercrime, with hackers committing crimes such as identity and data theft, credit card fraud, and piracy, as well as online vandalism.
No wonder criminals are devising all kind of traps suited to the occasion: from fake websites selling tickets for the matches, to lotteries, to – even more troubling – the hacking of POS and ATMs that will be used massively in the coming days by tourists and football fans alike.