MS Risk Blog

Largest Cyber Attack in History Slows Internet Worldwide

Posted on in Cyber title_rule

Internet around the world has been slowed down in what security experts are calling the biggest Distributed Denial of Service (DDoS) attacks in Internet history. Five national cyber-police-forces are investigating the attacks.

Background:

The attacks originally targeted Spamhaus, a European, non-profit anti-spam organisation. Spamhaus blacklists what it considers sources of email spam, and sells those blacklists to Internet Service Providers (ISPs). Last week, Spamhaus blacklisted controversial Dutch web hosting company, Cyberbunker, which claims willingness to host website with the exception of child pornography or terrorism-related material.

Following the blacklisting, the attacks began as waves of large but typical DDoS assaults. Spamhaus has alleged that Cyberbunker is behind the attack. Cyberbunker has not directly taken responsibility for the attacks; however Sven Olaf Kamphuis, spokesman for Cyberbunker, said that Spamhaus was abusing its position, and should not be allowed to decide “what goes and does not go on the internet”.

How the Attacks Happened:

The attackers used Distributed Denial of Service (DDoS), which floods the target with large amounts of traffic, rendering it unreachable. Picture a door with thousands of people standing on outside of it. Everyone is trying to enter, and no one can get out. This is the equivalent of a DDoS attack.

In most common DDoS attacks, hackers use thousands of “zombie” computers to send traffic to a particular site, with the intention of overloading it. These computers have often been infected with malware (most often received through spam email), which gives a hacker control of the machine, unbeknownst to its owner. Hackers can amass large networks of these infected computers, called “botnets”, and use them to conduct attacks.

Once the attacks began, Spamhaus immediately hired a security firm, CloudFlare, which enacted systems to prevent the DDoS from making a large impact. The attackers then changed tactics and targeted network providers of CloudFlare. To do this, they exploited a fault in the Domain Name System (DNS). The DNS converts a web address into a numeric IP address. A DNS resolver finds the connection from the IP address to the server, which then delivers content to a user’s computer. If a network is set up incorrectly, an open resolver can become an easily exploited vulnerability.

In this case, the hackers identified 25 million vulnerable DNS servers worldwide which could be used for attack, and instructed those vulnerable servers to forward an initial attack. Thus the attack, which was initiated at a single location, was amplified millions of times by exploited DNS servers around the world.

Global Impact and Prevention

Because the Internet relies on DNS to work, a large scale, DNS amplified DDoS attack can have consequences beyond the scope of the attack. Part of the internet infrastructure which connects all the servers on the internet was getting overloaded. This would result in delays or unresponsiveness to completely unrelated websites that share the same lines that Spamhaus is using.

Some Internet Service Providers have been working to implement technologies which prevent hackers from spoofing victims’ IP addresses. But the process is slow. Network administrators need to close all open DNS resolvers running on their network.

If a company operates a network, they should visit openresolverproject.org, and type in the IP addresses of their network. This will show if there is an open resolver on their network. If there is, it is more than likely to be used by criminals to launch attacks such as these.

 

 

Banks Must Query Risks in Africa

Posted on in Africa title_rule

Banks financing projects and trade in Africa are being urged to get more involved in security management to avoid losses.

Speaking at law firm Thomas Cooper’s trade finance seminar in London, MS Risk international security advisor Liam Morrissey told bankers security risk management is not just an insurance or operations problem.

“There needs to be improved linkage between the investors and financiers of these projects and the insurance companies underwriting them, working better with the operators. When you put US$100mn into a project in Africa, you need to look at the security risks and how they will be managed; that’s not just an operational thing.”

He pointed out that borrowers don’t necessarily highlight security problems when asking for finance “for fear of scaring [banks] off”, and that therefore, banks should always query these issues.

During his presentation on the various risks impeding business in Africa, including corruption, kidnapping and terrorist attacks, Morrissey said these risks would continue to increase in the next few years, but would not deter investors from coming into the continent due to its undeniable potential.

“There’s a great potential for companies that go to Africa to generate wealth and if some of you are not involved in African project at the moment, the day is coming when you will be.

“The disenfranchise [from rebel groups] will continue to grow, which will mean more threats, more attacks, more involvement from foreign powers, but despite all that, commerce will also continue to grow. Burkina Faso for example has now shifted from a cotton-based economy to a gold-based economy. Mali is continuing to mine gold despite the trouble it is having. 8% of the world’s uranium is provided out of Niger, and the French nuclear industry is powered from this uranium,” he told the audience and GTR.

Africa has proven extractable stocks of energy resources of oil, natural gas, coal, uranium valued at US$13-14.5tn, and holds 70% of the world’s strategic minerals.

On top of corruption, blackmail and extortion, kidnapping, terrorist attacks and medical threats, Morrissey mentioned the risk of shrinkage, which according to him is often overlooked, pointing to a report that Shell is losing 60,000 barrels a day in Nigeria. “Some of it is lost through theft, some of it through inefficient pipelines, some of it through waste, but that’s a significant amount of loss,” he said.

Morrissey advised banks to get involved in the risk assessment process, know how much of the overall project cost is being spent on security, and liaise with insurance companies to ensure the adequate crisis management processes are in place.

~ Article courtesy of GTR.

Bombings and Gun Attacks Continue in Kano; New Attacks in Ganye

Posted on in Cameroon, Nigeria title_rule

This past week has seen a number of gun attacks and suicide bombings in the northern region of Nigeria, specifically in Kano and in the eastern border town of Ganye.  Police have confirmed that suspected Islamist gunmen have launched a series of gun and bomb attacks in a remote town near the border with Cameroon.  At least twenty-five people have died in the town of Ganye after gunmen attacked a prison, police station, bank and bar.  The most recent attack in Nigeria’s northern region comes just days after two suicide bombers exploded their car at a bus station in Kano.

The simultaneous attacks that occurred in Ganye have killed at least twenty-five people. Ganye, Nigeria   According to the police spokesman for the western Adamawa state, Mohammed Ibrahim, the gunmen carried out four simultaneous assaults in Ganye, which is located in the Adamawa state.  They opened fire on a bar, a bank, a prison and a police station.  The gunmen also set free an unspecified number of prisoners.  The police spokesman further noted that the men used explosives and assault rifles in the attack on the police station, during which a policeman was shot.  Seven people were shot in the bar, six near the bank while the others were gunned down either outside their homes or on the streets.  Troops and policemen who have been deployed to the town have recovered three unexploded bombs, a Kalashnikov rifle and some rounds of ammunition, which were left by the attackers.  Although no group has claimed responsibility for the attack, police are suspecting Boko Haram militants to be behind it as the raids resemble previous ones, which have been claimed by the group.  Currently, no arrests have been made.

The town of Ganye is located some 100 km (60 miles) from the state capital of Yola.  Although it is located near the border with Cameroon, it is not near the area where a French family of seven were kidnapped and taken across from Cameroon into Nigeria last month. The family – a couple, their children (all under the age of twelve) and an uncle – were kidnapped by six gunmen on three motorbikes in Sabongari, which is located 7km from the northern village of Dabanga.  Sources close to the French embassy in Cameroon had indicated that the family had earlier visited Waza national park.  While the exact border-crossing route taken by the kidnappers remains unknown, it is highly likely that the militants would have remained near the area and crossed over into Nigeria shortly after the kidnapping.  As such, while Ganye is too far south from the general area where the family was taken, it is highly likely that the militants may have crossed the border area closer to Maiduguri, which is a known Boko Haram stronghold.

Daganda, Cameroon

Violence carried out by Islamist insurgents throughout Northern Nigeria has been on the rise in the past weeks after a brief calm.  On Saturday, three bombs exploded in the North’s main city of Kano.  According to Kano state police spokesman Magaji Majia, one
of the bombings was a suicide attack, however the incident claimed no lives apart from the bomber.  In a separate incident, a remote-controlled bomb that targeted a joint military and police checkpoint did wound a number of police officers.  A separate gun attack in the city’s Dakata district also killed one person on Saturday.  According to Kano state police spokesman, four people have been arrested in connection with the attacks.

On Monday, March 18 a bomb blast, which targeted a bus station in an area of Kano that is mostly inhabited by southern Christians, killed at least 41 people and wounded 65.  The attack occurred when two suicide bombers exploded their car into a bus station in Kano, setting off a large explosion that hit five buses.  Witnesses have described hearing multiple blasts and seeking wounded victims fleeing the area as authorities cordoned off the scene.  The bus station that was targeted in Monday’s attack primarily services passengers who are heading south to the mostly Christian regions of the country.  The bus station was previously attacked in January 2012, a blast which left a number of wounded civilians.  So far, authorities have not provided any information relating to who is behind this latest bombing.  Furthermore there has been no claims of responsibility, however this attack is similar to the hit-and-run tactics that are favored by Boko Haram militants.

With more suicide attacks and bombings occurring every week in the northern region of the country, it is becoming evident that the Nigerian government is finding it difficult to Maiduguri, Nigeriaadequately manage Boko Haram and related criminal gangs who have overtaken militancy in the oil-producing south-eastern Niger Delta region as the main threat to the stability of Africa’s oil producer.  Furthermore, while the town of Ganye is located further south, and away from the cities of Kano and Maiduguri, which have been hit by a number of attacks over the past few months, it demonstrates the capabilities of Boko Haram and similar criminal groups in carrying out hit-and-run attacks outside of the normal regions where they are known to operate.  It indicates that the militants throughout this region of Nigeria are able to freely move around to stage attacks, signifying that they may also be able to cross over the border into Cameroon in order to carry out attacks and to kidnap westerners.  It is also believed that Boko Haram may have members in Nigeria, Cameroon, Niger and Chad.

France Confirms Death of Abou Zeid

Posted on in Mali title_rule

The French Presidency has confirmed that death of al-Qaeda in the Islamic Maghreb (AQIM) commander Abdelhamid Abou Zeid, stating that he was killed in fighting in Mali.  While this confirmation has ended weeks of speculation about whether one of the group’s leading commanders had been killed, it nevertheless increases fears for the lives and safety of the remaining fourteen French hostages who are being held in captivity in the Sahel region.

The death of Abdelhamid Abou Zeid, a senior figure in AQIM, has been confirmed by France, which noted that DNA samples had made it possible to formally identify him.  A statement released by the Elysee Presidential Palace indicated that “the President of the French Republic confirms with certainty the death of Abdelhamid Abou Zeid after an offensive by the French army in the Adrar des Ifoghas mountains in the north of Mali, at the end of February.”  The statement went onto say that the death of “one of the main leaders of AQIM marks an important stage in the fight against terrorism in the Sahel region.”

Mali

Last month, officials in Chad had claimed that Chadian forces fighting alongside French troops in northern Mali had killed Abou Zeid on 22 February.  Days later, reports surfaced that fellow militant Mokhtar Belmokhtar was also killed in fighting that occurred in the mountainous regions of northern Mali.  The fate of Mokhtar Belmokhtar, who was reportedly killed on 2 March 2013, has yet to be confirmed.  Although AQIM formally acknowledged the death of Abou Zeid, officials in France made little comment regarding his death, stating that while it is “probable” that the commander was killed in fighting, the death would not be confirmed by French officials until a body was produced and verification through DNA testing was completed.  Speculation mounted that France’s reluctance in confirming the death of Abou Zeid was due to fears that the remaining French hostages may be used as human shields during bombing raid, or that they could be subjected to reprisal executions.

Abou Zeid, who is believed to be 47, was a pillar of AQIM.   Considered to be one of the most radical AQIM leaders, he is responsible for the death of at least two European hostages as well as the leader of the extremist takeover of northern Mali in March 2012.  In June 2009, his men kidnapped British tourist Edwin Dyer.  According to a number of eye witness reports, Abou Zeid personally beheaded the British national.

While the death of Abou Zeid was confirmed by members of AQIM weeks ago, France’s official acknowledgement and confirmation may result in militant rebels in Mali carrying out retaliatory hit-and-run attacks in an attempt to place increased pressure on France to withdraw its military intervention.  Likewise, the lives of the French hostages will likely be in jeopardy as they may be executed in retaliation for his death.  Unconfirmed reports released earlier this week indicated that a French hostage had been executed in Mali on 10 March 2013.  A man claiming to be a spokesman for AQIM stated that Philippe Verdon was “killed on 10 March in response to the French military intervention in the north of Mali.”  While there was no mention of his execution being directly linked to the death of Abou Zeid, it is highly likely that today’s confirmation by France may lead to further executions which will undoubtedly be blamed on his death.

 

First Suicide Bombing in Timbuktu

Posted on in Mali title_rule

One Malian solider has died while two others have been left injured in the first suicide bombing to target the city of Timbuktu on the eve of the one year anniversary of a coup that paved the way for the Islamist takeover of Mali and the eventual collapse of one of West Africa’s most stable democracies.

The bombing occurred near the airport in Timbuktu when an Timbuktu - Mapattacker set off an explosive belt inside a car that had been stopped at a checkpoint.  According to a military source, “the jihadist who set off his belt was killed instantly and one of the soldiers injured in the explosion died in hospital.”  Malian army spokesman Captain Samba Coulibaly stated that the suicide bombing took place at a road block that is manned by Malian soldiers, just before a French checkpoint.  French military officials also confirmed that at least ten Islamist fighters were killed in clashes that occurred after the bombing while sources in the city have reported that sustained gunfire continued until 3AM (local time) on Thursday morning.  French army spokesman Colonel Thierry Burkhard stated that French and Malian forces had repelled an attempt by militants to infiltrate Timbuktu’s airport on Thursday morning.  He further indicated that there were no French casualties.

Timbuktu was liberated by French and Malian troops in late January 2013 after the city and its resident endured a nine-month rule by al-Qaeda-linked Islamists who had imposed a harsh form of Sharia law on the population.  Since then, the town has seen relative clam, unlike the northern city of Gao which has been hit by a number of suicide bombings and guerrilla attacks since the Islamist rebels were driven out.

This most recent suicide bombing has further cast a doubt over France’s claims that the Islamist resistance in Mali is close to being crushed.  The bombing also comes just one day after French President Francois Hollande stated that the military operation in Mali was in its last phase and that the country was just “days away” from regaining its territorial integrity.  Although thousands of Malians have remained skeptical about French assurances that the northern region of the country was increasingly becoming safer, yesterday’s suicide bombing has proven that while French and Chadian troops are continuing their efforts on capturing Islamist rebels in the Ifoghas mountains, groups of Islamist rebels remain throughout the country and therefore are a continued threat to the country’s security and stability.  The suicide bombing in Timbuktu also raises questions about France’s possible troop withdrawal which is set to take place at the end of April and whether or not African forces will be ready to cope with a threat that is increasingly turning towards hit and run attacks as a mechanism of maintaining its presence within Mali and as a way of destabilizing the security of the country.