As anyone who tracks attacks on the internet can tell you, Activists using hacking activity, aka "Hacktivists", have discovered that a relatively basic hacking approach, with buy-in from disenfranchised groups of people, can have significant effects on online businesses.
With names like #OpISIS, #OpParis, #OpMonsanto, #OpWhales, #OpKillingBay, #OpKKK, and #OpTrump, you can easily see that Hacktivists focus their attention on a wide variety of causes.
The 2016 Olympic Games are coming to a close, but we see that they are no different. If there is a major event with significant press coverage, it will typically draw Hacktivist attention.
The modern Olympic Games are considered the foremost sporting event in the world. They are held every four years in different host cities that are chosen by the International Olympic Committee (IOC) and draw the world's attention with millions of spectators around the globe.
This year's event is being held in Rio de Janeiro, Brazil, and is attracting the attention not only of sports fans but also of terrorists and cyber hacktivists.
Recent terrorist incidents in Belgium, France and other countries, as well as past incidents during Olympic Games like those in Munich in 1972 and Atlanta in 1996 raise concerns about threats at Rio 2016.
Figure 1 - Arrests made for plotting Olympic terror
In addition to threats to the physical safety and security of people and organizations involved in these Olympic Games, cybersecurity is also a real concern.
Hacktivist-related incidents aim to bring attention to several kinds of causes and have increased over the years. Some hacking groups, like Anonymous, have been leading operations and encouraging people to join causes for several years.
Several examples include Anonymous operations #OpNice (Operation "Nice") to "hunt" members of the terrorist group responsible for the attack on the French city which killed almost a hundred people, #OpKKK (Operation "Ku Klux Klan") to reveal the names of up to 1,000 members of the Ku Klux Klan and other affiliated groups, #OpIcarus (Operation "Icarus") to shut down the banks, and #OpWhales (Operation "Whales") targeting Iceland and Japan websites against whale slaughter.
A few months ago, before the start of Rio 2016, Anonymous announced another operation called #OpOlympicHacking (Operation "Olympic Hacking").
Figure 2 - Anonymous #OpOlympicHacking
#OpOlympicHacking has social motivation in Brazil as did #OpWorldCup (Operation "WorldCup"), launched by Anonymous during the 2014 FIFA World Cup held in Brazil which targeted various government organizations as a form of protest against hosting the event.
The Anonymous group released the following statement about #OpOlympicHacking:
"Hello Rio de Janeiro. We know that many have realized how harmful it was (and still is) the Olympic Games in the city. The media sells the illusion that the whole city celebrates and commemorate the reception of tourists from all over the world, many of them attracted by the prostitution network and drugs at a bargain price. This false happiness hides the blood shed in the suburbs of the city, mainly in the favelas thanks to countless police raids and military under the pretext of a fake war. Poverty is spreading throughout the city, forcing entire families to leave their homes and traditional neighborhoods on account of high prices of rent and / or removals made by a corrupt city hall and serves only the wishes of the civil construction. We already manifested in other communications our repudiation to the realization of megaevents in the middle of the glaring social inequalities in this country. Still, even after so many words, so many manifestos or protests on the streets (all always fully supervised by repression, if not repressed with brutal violence) looks like the goverment will continue ignoring the voices of their own people. Therefore, we will continue with our operations to unmask the numerous arbitrary actions of those who are state and therefore its own population enemies.
Two videos have been also published, calling people to join #OpOlympicHacking:
Figure 3 -" #OpOlympicHacking - Let The Games Begin" Youtube video
Figure 4 - "Exclusion of the Olympic Games" Youtube video
Anonymous describes itself as "an internet gathering" with "a very loose and decentralized command structure that operates on ideas rather than directives."
The Anonymous Brasil cell is coordinating the #OpOlympicHacking operation by using communication channels like Twitter, Facebook, Youtube and IRC channels.
These channels are used to coordinate DDoS attacks again certain targets and to publicize the results of previous attacks and campaigns, as shown in the examples below:
Figure 5 - Anonymous Brasil Twitter account coordinating the operation
Besides coordinating DDoS attacks against certain targets, these channels are also being used to discuss and encourage people to search for vulnerabilities in the targets.
Figure 6 - IRC #OpOlympicHacking channel
DDoS tool ("opolympddos")
A tool to perform DDoS attacks against certain targets has been especially developed and shared for the #OpOlympicHacking operation.
Figure 7 - #OpOlympicHacking DDoS tool executable file
The #OpOlympicHacking DDoS tool, or "opolympddos", is a set of executable (VB .NET and Python scripts converted to Windows executable files) and batch files. It allows anyone who wants to collaborate on the operation to perform DoS attacks by installing TOR and by clicking pre-configured buttons associated to specific targets, in order to launch Layer 7 DoS attacks against the targets. This is achieved by creating persistent connections and sending HTTP requests with random data and user-agents.
Figure 8 - #OpOlympicHacking DDoS tool main page
Other DDoS Tools
There is evidence that other DDoS tools have also been mentioned and shared among hacktivists to perform DDoS attacks against #OpOlympicHacking targets:
- A compressed file containing a set of "hacker tools". None of these are really new as shown in the table below:
|Compilation Time||VT first submission||Note|
|Anonymous External Attack.exe||22/03/12 11:54||23/03/12 09:09||HTTP Attacker. 26 antivirus identified as "HackerTool"|
|Bull-dosa.exe||05/11/11 05:59||07/12/11 01:56||DOS Tool. 21 antivirus identified as "HackerTool"|
|FireFlood.exe||21/01/12 22:03||22/01/12 00:20||DOS Tool. Possible anti-virtualization techniques.|
|LOIC.exe||13/12/14 07:09||14/12/14 00:57||DOS Tool with user tracking via google analytics.|
|LOIC 2013.exe||05/01/13 07:58||21/01/13 20:37|
|MacStartx User Attack [ tiger ].exe||26/10/13 06:14||25/10/16 11:00||
Tool offered in BR forum: hxxp://www.connect-trojan.net/2014/08/macstartx-user-attack-tiger-v461.html
Figure 9 - "Hacker Tools" to perform DDoS attacks
Figure 10 - LOIC tool
Figure 11 - httpdoser Python script shared in #OpOlympicHacking Facebook page
Anonymous leaders have been sharing a list of potential targets via Pastebin posts. So far, there is evidence that the #OpOlympicHacking operation is targeting the organizations tied to scandal rumors in relation to the Olympics.
A few websites have been targeted by DDoS and DoX attacks. The websites that Anonymous claims were shut down during the #OpOlympicHacking include sites pertaining to the National and local governments as well as sports organizations.
Figure 12 - Some targets went down after DDoS attacks
Additionally, Anonymous claims that several organizations and people related to the Olympic Games event had sensitive data exposed.
Figure 13 - Databases got hacked and leaked
The volume and frequency of attacks known to date is below what RSA experts had expected and with the majority of them being related to DDOS activity, fairly low tech and of limited longterm impact. RSA researchers are continuing to monitor and identify additional threats. With the conclusion of the Olympics on Sunday, August 21, the volume of #OpOlympicHacking attacks will likely decrease significantly and the next wave of threats may start percolating around the next big event.