"Mom, I'm a hacker": how fighters of the invisible front of the XXI century appear
In 2013, the world learned about the fugitive Edward Snowden, who revealed the fact of comprehensive surveillance, which caused a strong reaction around the world. The authorities of many countries expressed their intention to “do something”, but this “something” turned out to be absolutely not a trial, suppression and punishment in the execution of the ECtHR or the court of The Hague. In fact, the exposure of Edward led to wholesale automation in all the leading intelligence agencies of the world, as well as the legalization of the collection of information about people.
Today we live in a world that hasn't changed in the way that Edward imagined, and targeted advertising, the protection of "personal information" and database leaks no longer surprise anyone.
hacker competition
In 1993, the first major hacker conference was born, located in Las Vegas, Nevada. The name was chosen symbolically - DEF CON, which literally refers to the name of the readiness scale of the armed forces of the United States of America. The majority of listeners and participants of the conference are information security specialists, journalists, lawyers, civil servants, as well as hackers of various specializations.
Over time, the conference has turned from a place for the exchange of experience and employment into one of the most prestigious venues for competitions. There are many disciplines, although everything started with a banal "capture the flag" (CTF). Surely, a crowd of schoolchildren in a computer class playing a game immediately appears in my head, but this is a little different.
Initially, the teams simply competed in hacking the target (laptop, server, access) for speed, not forgetting to attack the enemy in parallel. Subsequently, the whole process was overgrown with additional disciplines, for the implementation of which participants receive points:
1. Reverse - parsing a binary code consisting of ones and zeros and searching for vulnerabilities.
2. Feat - Finding and exploiting vulnerabilities.
3. Website - web security tasks.
4. Cryptocurrency – study and search for weaknesses of cryptographic algorithms. In simple terms, breaking a cipher is akin to breaking an Enigma.
5. Stegano - extraction of often encrypted, hidden information from the source file.
6. Forensic – investigation simulation and file analysis. These are tasks related to recovering deleted files and hidden partitions. Viruses or databases are often analyzed.
7. PPC (Professional Programming and Coding) - applied programming.
8. Misc - "non-standard" tasks like competitive intelligence or entertainment.
Competitions have long become international, and smaller variations are regularly held here in Russia. Some of them become a pass to Las Vegas. At the time of this writing, teams under our flag occupy 3rd, 8th, 23rd and 40th places in the international arena from the top 50 I have watched. Unfortunately, neither the successes in this direction, nor the ongoing activities at the national level are practically covered.
By the way, in 2018, China banned its information security experts from participating in international competitions. This despite the fact that teams from China were among the strongest.
Hunt for a hacker
For the first time in the USSR, Avtovaz was subjected to a documented hacker attack with the capture of the culprit in 1983. Of course, by today's standards, this incident is more likely to be sabotage, but a computer maintenance programmer disrupted the pipeline for 3 days.
During the investigation, it turned out that this was far from the first case, but other programmers who deliberately disrupted the work themselves eliminated the problem and received bonuses, awards and allowances for this. Nevertheless, even for 3 days of downtime, damage was caused in millions of rubles, and in 1983 it was a completely different value of money.
One of the first convicted hackers in the United States was Kevin Mitnick, who exploited phone network vulnerabilities at the age of 12. Subsequently, he received several more terms, including for hacking the Pentagon network.
One of the most elusive hackers to be identified is Russian Evgeny Bogachev. A talented programmer, entrepreneur and leader, Evgeny first created the Zeus virus and then began selling it to other hackers, providing them with technical and informational support.
The end result is a real high-end product, and there is a $3 million reward for information about Yevgeny's whereabouts.
In most cases, hackers and their groups pursue the goals of banal enrichment, but there are also those who interfere in both the domestic and foreign policies of countries. The United States still accuses Russia of interfering in the 2016 elections, when the servers of the US Democratic Party and the Democratic Party Congressional Committee were attacked. During the attack, additional information surfaced about the terrorist attacks on the US consulate in Benghazi in 2012.
In 2020, hackers from the Anonymous group attacked US law enforcement and intelligence networks. The result was 269 gigabytes of classified data, as well as planning and intelligence documents over the past ten years. Including those that confirmed the existence of surveillance of Black Lives Matter activists.
In general, such attacks, even on state structures, were limited to obtaining classified information. However, 2022 has shown that the opportunities here are much wider.
How did hackers return transit to the Kaliningrad region?
Since the beginning of the special military operation, cyberattacks have been used not only to steal data, for example, the spring drain of the Yandex.Food customer base, but also to deliberately disrupt the performance of government services.
For example, due to problems with transit to the Kaliningrad region, the Killnet group disrupted the operation of the Lithuanian analogue of Gosuslug for two days, the airport of the capital and two cities, the Central State Archive, the Supreme Administrative Court, the State Tax Inspectorate, the Seimas and the government of the country, the electronic declaration system , a large network of gas stations, the telecommunications company Telia Lietuva and a number of smaller companies.
Transit, as we know, was eventually returned. Of course, this is not the sole merit of hackers, but what is the scope? To carry out an attack of this magnitude against one of the countries that are members of the EU. Against whom after such a sanction to introduce?
In addition to Lithuania, Poland also got it. Almost all law enforcement websites, the tax service portal were disabled, and the work of eight Polish airports was paralyzed.
Conclusions
Nine years have passed from the moment when everyone found out about surveillance on the Internet to hacker attacks on the social structures of countries participating in armed conflicts. Considering that the Internet appeared only 50 years ago, events are developing rapidly.
Satellite constellations like Starlink, monitoring programs like DELTA, drones of varying complexity, nuclear power plants that are required to transmit data to the IAEA, airports with reservation and logistics systems, hospitals with digitized file cabinets, schools, backbone communication networks and local Internet providers, mobile operators - all this is connected to a single network, which is no longer possible isolate. It is enough to hack into the smartphone of a fairly high-ranking military man to get a great chance to learn something extremely important.
You don’t seriously think that Comrade General understands all these complexities like viruses, vulnerabilities, encryptions and wants to use an inconvenient secure “brick” instead of a familiar device?
How difficult is such a task for an experienced specialist, given how many of our compatriots become victims of scammers who do not even need to hack anything. Hanging tongue, ingenuity, social engineering skills - and voila! The “bank specialist” is already counting the profit.
Moreover, this is a threat of such a level that the state represented by the Ministry of Telecom and Mass Communications, the FSB, Roskomnadzor, the Central Bank, as well as telecom operators and banks have to fight it. News about a similar interdepartmental group appeared in September 2020.
Evaluate the success of the venture yourself.
Information