Hacked: Hacking Finance

Hacker Claims Responsibility For Turkey Attacks

Introduction

Lester Coleman

Lester Coleman

Lester Coleman is a veteran business journalist based in the United States. He has covered the payments industry for several years and is available for writing assignments.


LATEST POSTS

Mid-Cap ETFs: Growth And Stability At A Better Value 23rd May, 2017

Exchange Traded Funds Hit Record $2.865 Trillion In April; May Reach $5.9 Trillion By 2021 16th May, 2017

Breaches

Hacker Claims Responsibility For Turkey Attacks

Posted on .

Who is really behind the distributed denial of service (DDoS) attacks against Turkey’s Internet? Russia and Anonymous-branded social media accounts have been named as candidates, but an investigation by The Daily Dot indicates it was likely the work of a person who possessed powerful cyberweapons.

The Daily Dot interviewed a person through encrypted messages who claims to be the culprit and was able to demonstrate their capabilities. The individual explained how they attacked Turkey’s Internet and said they were doing it on account of the country’s helping or ignoring ISIS.

The Biggest Cyberattack Ever

The DDoS attack on Dec. 14, which has been described as the biggest cyberattack ever, targeted NIC.tr., the server that registers domains with Turkey’s country code which serves as administrator of the country’s academic Internet.

The attack peaked at 40 Gbps, undermining the country’s Internet. Nameservers became overloaded and could not respond to normal visitor requests. Nearly all domains ending in “.tr” could not be reached.

In response to the attack, NIC.tr administrators blocked all requests from outside of the country. This defensive action slowed the attacks, but emails sent to Turkish nameservers received an “unknown host” error. The blocking action left Turkey invisible to the rest of the world’s Internet for nearly a day.

Russia was immediately suspected as the culprit on account of Turkey’s downing a Russian jet near the Syria border. There is no evidence to support this suspicion.

CyberBerkut, a pro-Russian hacktivist group, was also suspected. This group, however, did not claim responsibility as it has following other attacks.

Anonymous Connection Rises

On Dec. 18, an Anonymous-branded account posted a YouTube video taking credit for the Turkish attacks as part of a campaign against Islamic State. On Dec. 23, a shorter version of the video replaced the original one.

The videos said they would not accept Turkey President Recep Tayyip Erdogan’s helping ISIS. The video justifies the attacks and cites evidence that the Turkish government is helping ISIS.

Despite Anonymous’ claims, there is no evidence the Anonymous-branded account has any connection to the DDoS attacks on Turkey’s Internet. There are other reasons to doubt such a connection.

Anonymous usually announces its attacks in advance rather than waiting for days following an attack to claim responsibility. When Anonymous does attack, it does so to infiltrate networks to leak and steal data, not just to launch DDoS attacks. There is no evidence the DDoS attacks in Turkey involve anything besides DDoS attacks.

There are also issues with the Anonymous-branded YouTube videos. The first video posted three months ago. Following a silence, the party behind the account began uploading videos about different Anonymous operations, which is unusual behavior.

Anonymous sources interviewed by the Daily Dot claimed the video is not related to the attacks. Two longtime Anonymous members suspected the account is connected to Anonymous “wannabees” seeking credit for the attack.

A New Suspect Claims Credit

The Daily Dot eventually identified an individual who provided few personal details but a lot of evidence suggesting they were behind the attacks.

The suspect demonstrated his or her capabilities during a conversation with The Daily Dot. The person was able to pull down Syria’s DNS servers for nearly 15 minutes. The Daily Dot posted a screenshot showing Syria’s DNS servers falling. The suspect was also able to attack jihadist and radical Muslim organizations’ websites simultaneously.

The attacker told The Daily Dot they paralyzed the NIC.tr by partly using a tactic called DNS Amplification Attack. Such an attack uses the system against itself to achieve a larger attack than normally possible. CloudFlare, a web services company that protects clients against DDoS attacks said a DNS Amplification Attack can be 50 times as powerful as other attacks.

Asked if he or she tested NIC.tr for particular weaknesses, the suspect told The Daily Dot this effort was experimental and that he or she learned the most effective methods on the fly.

The attacker did not reveal their nationality but said their motivation was political. The suspect said the Turkish government and its president were helping ISIS or ignoring the group. The attacker also said they were helping some Anonymous groups with an anti-ISIS campaign.

Also read: Russia claims Turkey’s president engages in illegal trade with ISIS

A Part-Time Anonymous Hacker

The suspect told The Daily Dot he or she does not work under Anonymous full-time, but occasionally works with different Anonymous teams and often works alone.

On Dec. 24, another attack wave besieged Turkey’s top banks. RedHack, a leftist hacktivist group in Turkey, claimed the bank attacks. Since RedHack is part of the Anonymous hacktivist group, some suspected a link between the bank attacks and the Anonymous videos claiming responsibility for the ongoing DDoS attacks in Turkey. RedHack, however, always claims credit for its attacks and did not claim credit for the attacks against NIC.tr.

Featured image from Shutterstock.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

DON'T MISS OUT

Lester Coleman

Lester Coleman

Lester Coleman is a veteran business journalist based in the United States. He has covered the payments industry for several years and is available for writing assignments.

There are no comments.

View Comments (0) ...
Navigation
A root kit or rootkit is a software suite, most…