Russian Roulette: Hacktivism In The Middle East - Jake Keast

yeah so uh yeah I'm Jake this is my first time here at bides I figured if I was going to come to a b sides me as well try to Smit a talk so I got four pints in at a pub and someone told me Jake subit your talk so I did and here I am uh so good way to start I guess um so yeah I'm just going to go over a little bit about me since it's my first time here so I'm a student at the University of York I'm on my placement year currently um I'm the treasur of cyber it's my third year on committee and I'm also the president of the M alternative

music Society if it wasn't already obvious but yeah so it means I do stuff like this uh for cyers um I deliver talks I've done talks on sort of like Monero and this one's about privacy I'm like the resident paranoid person for cyber going all about uh make sure that you diversify your services and kind that kind of thing uh and then I also get up stuff like this in my free time uh so I attend a lot of music festivals and that's kind of like the folks the Fring is trying to uh embrace the alternative culture and build an alternative culture in a city that really doesn't have too much of it um York is very very much it's got a couple

of venues but we're trying to like nurture the community that we have um so when I'm not doing stuff like this uh I'm working as a cyber threat intelligence internet scks um and that is a lot of words that means nothing uh are all buzzword what it really means is I read a lot of things every day I write reports every day uh and then I do research um yeah I I don't know why they have so many buzzword in their job titles honestly uh and here's one of the things that got me the job so I wrote a paper on how blockchain analysis falls apart with Monero uh Monero is a privacy focused cryptocurrency for you that for

anyone who doesn't know uh but this is uh where you can find my author page on the side site if you want to go and read read that you don't have to it's not too technical it's not terribly technical um I'd be lying if I said that I understood stuff like ECC because I absolutely do not that's eliptic C photography basically it's a load of maths and uh yeah I've got PTSD from further ma SE form so I don't really want to go any that um yeah so this is not a talk on Monero or music as much as I would like it to be uh this is a talk on hactivism so here's where I started with hactivism

uh back in February I stumbled across uh these guys so uh these guys called tyg team they're from Yemen um they have a lot of aliases and I have a few thoughts on why they have so many that I'll get to in a second um they've been active like properly active since March but like uh March 2022 they haven't really done much throughout 2022 it was sort of like late 2022 when they start actually attacking people and sort of trying to get their names out there um and that's why there's so many aliases because they've just hopped between different things and it makes me think that maybe this isn't a group but more like one

person they specialize in stuff like specialize in uh website defacement mainly and the occasional dos attack and what these websites would be showing is like oh hacked by Mr Sammy so when they're referring to themselves as an individual in these attacks but then when they're trying to be public about it they're using words like we and us and expect us and all the Alle and bollocks that you see with everyone claiming Anonymous phrases I have to read another activist group that says we are legion expect us like come up with something original please it's driving me ins right um yeah so they have uh a close affiliation with 1915 team which I'm also convinced as two people because

they like to post pictures of themselves um think like London roadman right it's those sort of pictures with their faces sort of blurred out it's really really weird um but yeah so you can find a lot of this when they post like they are not disagreed with what they do no no activist group is discreet with what they do because that defeats the point they are trying to attack targets and make themselves known they want you to know that it was them they want people to know it was them so that they can be feared and get their message across that's the point of them and what they'll do is they'll start posting all these hashtags um with all the people

that they're affiliated with or maybe that have helped them um as you can see like up there with what's the laser button I kep uh but yeah you can see here like uh 1915 team yeni hackers that's another one of TG teams aliases uh that's kind of like so that'll be like who's done this attack and then here's like everyone that we want to sort of big up and you know get names out there and there's a lot now the way my brain works is annoying in some senses I will get very very interested in the topic and then I have to know everything about this topic so as soon as I saw like as

soon as I started seeing posts like this I was like right there's 17 more groups here [ __ ] now I have to look at them all so I've gone through a bunch of them I have read thousands upon thousands of uh telegram chats every single day for the last six or seven months uh and yeah it's been a bit mental this is a small snippet of a larger graph that I created and I don't expect you to be able to read that I can't read it from here my sets terrible um but yeah you can see like uh there's I'm going to move around here so you can see TG team here uh they

were very handy and left a blog spot website which led to a link tree uh yeah link tree which led to a bunch of little socials for them these groups do like to have their socials telegram is primary for them um it just has been for a while but some of them do have like Twitter or Facebook groups or whatever uh which is interesting um they're just trying to make themselves them really uh you see groups here like G and then you have like campaigns so these campaigns are how they track activity so what will happen is you'll get a group of people that will turn around and go right we don't like this particular country uh we

don't like what they're doing or they've said something that's bad against our country it's not like start a campaign and originally like they're very original with the titles it is up country every single time so it makes it difficult to separate individual campaigns since there's been I think about 20 op indas since 2012 so uh yeah it's it's meant to be a way of tracking activity but in reality it gets very very confusing very quickly uh and honestly me standing up here rambling like this makes it is like this right it just is an absolute mess right but that's what we're trying to do today is we're trying to break down the mess and sort of explore activism now

activism what it used to be and activism what it is becoming with the uh changing like geopolitical climate I guess is the word so I've separated uh activists into like three subcategories so you've got like your true activists so as an example uh does everyone remember the foran raids um specifically the foran raids where they attack Scientology so that is an example of true activism is a collection Collective of people where they go we don't like this thing because we think it is morally bad so we are going to do something about it and do something uh to try and stop this thing because it is morally bad even if their methods are questionable that's kind of like true

activism pseudo activists are you groups that are like right we don't like this thing and we know that people don't like this thing so we're going to attack them but then we're also going to attack these guys for the sake of it and also join us because we don't like these things and oh you've joined us now so come and help us attack these things they kind of like Branch out and become almost Navy team they the thing that they try and do is they try and leverage the idea of hactivism and the glory and the like martydom of hactivism to these guys and to try and recruit more people to become an AP that's what the pseudo

activists are and then you get the Anarchy activists these guys just want to get everything they hate all governments uh regardless of who you are and they just want break [ __ ] and delete things and cause chaos for the sake of causing chaos activism is a bit loose but it's what they kind of like refers themselves as in a sense so we're going to do I'm going to look at I'm going to just take you through some of the groups that I've been looking at and this should help to understand the change in how hactivism has been over the last year or so so Anonymous you go anyone heard of anonymous s yeah very very famous uh in the last

year uh they have done a lot and yeah it's it's been annoying to track them um they yeah origin there is s San people debate this because of their ties with ket and Russia um I believe that they are most likely getting some sort of uh green light or state sponsorship from Russia uh based on some of their attacks and we'll I'll talk more about States sponsorship and hactivism a bit but these guys started out relatively small and somehow exploded they're huge I think their telegram has either five or six digits of which is insane for um yeah they've been very very active in op Israel um anyone guess which country that was targeting and op

Kenya specifically uh so op Israel I can't remember what kickstarted it but it was something to do uh with how I think it was actually um the Palestine stuff actually that kick started this um and they've got involved um because it was happening it was very recent and it's one of those things of like right we we disagree with what's going on we're going to attack based on our cause and our beliefs but also this is prime time for us as a group to get ourselves known if we can attack some big targets we can get ourselves known we can make ourselves feared we can maybe make some money that's what these guys kind of do uh

they also attacked Microsoft allegedly not sure if that was proven but um that was a few months ago uh they mostly just try and do DOS attacks so they'll partner with some other like bot Nets higher and that kind of thing and they'll just throw like as much Firepower they can try and take some service offline for an hour they don't really like have any lasting damage is the thing um I can't think of any case that I've looked at where any of the targets had lasting damage uh they just they're an annoyance but they're one of the most famous annoyances that I've looked at next we have user SEC yes this is a very very blurry image that is straight

from the telegram profile picture so the blurriness their fault not my fault that's the story and I'm sticking to it uh they're from Russia they don't really have any aliases um again it's kind of Uncertain like when they sort of became active because they were kind of there kind of not um they sort of got involved in naso and like targeting naso very very very quickly so they went from a group that had maybe a few members to in a matter of a few months being a group that was now attacking uh government related entities uh and anyone affiliated with NATO really um they are also part of KET and they um do stuff with Anonymous Russia sometimes uh so

Anonymous here I need to clarify is not the anonymous that we all think of anonymous is an idea it's not a group anymore um like the original group was the for CH Raiders um um people just take this because Anonymous has neury already so if you say we are Anonymous Russia for example you've got a nety from your name you're just taking an existing household name uh and trying to propel your um Nory from the GetGo um it's much better than something like uset like um you know that's just a generic name whereas Anonymous Russia it's like wow Anonymous we know Anonymous um so here is another one that was interesting so Tesla bot they're not

really a threat actor or activist per se but they were very very much working with some of these activist groups to take down some of these sites and all of a sudden they turn around and go yeah um we're not a uh we're not just sort of for H anymore we are a threat For Hire they invented their own acronym um which I'm sick of acronyms stop inventing acronyms please for the love of God stop inventing acronyms um but yeah they say we are a threat as a service now and we are going to get involved in the Russian NATO conflict and we're going to sort of change the game it's a very long wind of

saying we're being paid by the Russian government now um yeah we're going to help you guys out in this conflict but it was interesting from like to see just a partner of some of these activist groups just suddenly get involved um another major shift in the activism space was to do with this group of five families now they're not uh Affiliated really with uh Russia all that much but basically what they did was they took a bunch of leaders from a bunch of these groups and decided you know what we're going to establish ourselves as the group we are the group of AC activists we are the leading group we control this space now and then they proceeded to

do nothing uh and then they proceeded to do nothing again and then they proceeded to do one thing and then nothing uh they've been silent for about a month it's kind of disappointing really like you see a message like this and like I'm on the edge of my seat like wow something might actually change and then nothing changes it's if you're going to do something if you're going to say you're going to do something do it um yeah the five families is an interesting case of like these groups they kind of didn't really interact all that much and then all of a sudden they are um and yeah Siege te they're they're an anarchist group as well which is

interesting so um They Don't Really Care all that much for order or dominance they just want to mess around with everything because they can and cause much chaos to the camp but now they're getting involved in uh I guess a cyber Mafia weird right um here's another group again this is their profile picture pulled straight from their telegram um don't know where they're from don't know any of their aliases uh we don't know if they have any affiliation with anyone but they uh hate all government entities uh paraphrasing them uh they don't care who you are they don't care what to do uh they just want to attack and delete things uh they went into I think it was

a Bangladeshi government thing uh recently they went in went haha we're in also we've nuked it uh good luck and they just wiped everything from some of the Serv that they just want to watch the world bur like that's what they do but it's interesting to keep an eye on like this um because it helps us establish sort of a threat landscape uh for this kind of area which in of itself is very very difficult to establish how can you predict who's going to get targeted if the target is everyone um but it's still useful to look at like ttps what the that this group are using uh and see if it's just opportunistic or if they're

actually predetermining these things then we have WC so Indonesia I know Indonesia is is not the Middle East is um they are South Asian however uh India and Indonesia and India and Pakistan are always fighting with each other um in the activism space some of these groups their sole focus is to just [ __ ] with the other one like that's all they do uh I read so many different things on daily basis of just we're attacking these guys because they said something about us so now we're going to attack the governments and some of their agriculture industry and uh telecoms cuz why not let's do it uh um they also uh these guys don't do it so much actually

for V SEC but people like Indian cyber force um they're always attacking um Indonesia these guys are kind of almost true activists and I'll sort of explain that in a minute but uh they genuinely do care about what they do and it sort of shows even if their methods are morally wrong um so they attack their own government uh in retaliation to some of the policies that they put in but they also get involved in some of the environmental stuff so uh if we look here um anyone read this news story when it was out yeah so um Fukushima you don't know what Fukushima was um they have been treating their water and is below the safe levels

reportedly below the safe levels well below start releasing it back into the ocean and stuff and in response VC went right we're going to attack you with why if we can and how if we can because we don't agree with this um so some of these groups do establish a code and it is important to distinguish between the groups that establish code and distinguish between the groups that say they establish code and are actually just trying to profit off of uh ongoing issues in the world um so here is something that like again sort of gives VC a little bit of credibility I'm not trying to sound like I'm sympathizing with VC or like saying

these guys are the good activists or anything but these guys are very much setting out a scope and making the world understand that you know we do this for a reason uh we're not just jumping on band weapons so um tldr of this is uh they actually did want to get hired by some important people to do this properly uh rather than just you know attack for to get a point across except that they don't get paid properly and they're just going to get like e certificates for it so they attack their own government because it's more profitable for them uh to keep their thing going which is uh it is interesting to see that like they

clearly do want to try and do some good in the world but this is more profitable for them so they have to resort to this kind of thing but again not trying to sympathize with W SEC here they have done some they have attacked the wrong people on numerous occasions and uh industries that don't deserve it to be honest um yeah we'll we'll look back around to this so we've I've given you a bunch of different cases so as said um true activist almost uh anarchists uh pseudo activist right pseudo activist these guys um you can you can definitely categorize them into the categories that I've given you here but what's happening more and more in

the world now is that this true activist thing almost doesn't exist a lot of these groups as I said are trying to establish themselves to make themselves like feared so they can extort a lot of the time some of these groups have done extortion methods in the past uh Anonymous sadan uh definitely tried to extort Microsoft which why like you're losing that battle don't don't try and extort Microsoft um but it's quite clear they're doing this for some sort of financial gain rather than to send a message even if like yeah the message is going to get lost essentially um but as like as we have changed in the world like the Russia Ukraine crisis we start to see more and

more of these groups emerge and then more and more of these groups get swallowed up by the parties involved um in an effort to return the ties of some of these crisises so I said there was um go back to Tesla bot they were just a bot net and now they're attacking participating in the Russia Ukraine crisis um and again it's not just Russia but there's the Ukraine cyber Army and they're also Outsourcing and it's this Outsourcing the constant Outsourcing of these smaller groups that establish themselves for one reason or another trying to do some sort of me like trying to send some sort of message or do some sort of good in the world or whatever

and now they're getting swallowed up by government entities um well I guess we can't say that can we I guess uh government entities are leaving a package of money near this some of these groups and saying oh it'd be cool if you targed these guys and walking off um obviously they're not going to announce which groups to hireing but uh yeah this true activist thing is almost non-existent and it's only going to progress more like that as we move forward the the landscape is very very difficult to Define so I've had to write some reports for some clients with my job of like hey uh can you tell us what the threats are to this area from uh groups

and it's like well that was odly specific thank you um but you can't just predict what's going to get hereit if a group says we don't like this country that technically means the whole country is now Target regardless of the industry they could be hitting small businesses they could be hitting government entities we just don't know a lot of them do work optionistics some of these groups have been developing tools or specific CVS that just they unleash them onto the internet a specific uh um I don't know specific range or whatever and just go right go and then if they get into anything they do if they don't they don't um they have very very different

methods as said there's defacement there's um you know using cbus a lot of them don't really steal data unless you're Elmo over there Elmo likes stealing data Elmo also likes deleting the data from the people that he stole them from um that was ridiculous but um yeah so to wrap it up it's activism in of itself is what is it well it's a word that I'm sick of saying at this point but also it's not really a real thing uh due to the Ever Changing climate that we live in um and political issues that are going on in the world there are threat groups there are um skids there are Anarchist threat groups there are APS

um and there are probably more acronyms but yeah the activism isn't really a real thing anymore at this point it is impossible to get back to True activism uh with the way that the world is now so that is uh everything I have to say on matter uh if you would like to ask any questions now at the time and there's my Twitter and by email if you want to get in touch

any questions do you think an Sudan is actually a kill project then what's your thoughts on so the thing is with Anonymous Sudan is it's weird because they existed before like well before they established themselves as part of Kil net you'd think if it was a Kil net project they'd establish themselves with Kil net straight away and say like do a few smaller attacks and say hey we've been picked up by kill that but it took a very long time um I think it was about four or five months from when I was looking at them for them to be picked up by Kil net and start doing attacks with ket but also they do a lot of attacks

that have nothing to do with russer or Kil net which makes me question the whole thing of like is it a killet project really because we can't say for certain because uh we're not going to ever get told that information and if you do get told that information don't accept tea from anybody but um yeah but we we can't really know for certain but I personally don't think that Anonymous San was a killet side project I think it they were just a group that got themselves affiliated with kill that very very quickly because of their rapid expansion um in your role in CTI um is there a threat actor or group that irritates you more than the rest that

you deal with like you see that name from a foreign force and they just irritate you immediately and why like specific tror or okay so who's your least favorite wish we could turn on head I did say my least favorite client but I can't say my least favorite th actor for a while was an H because of just the frequency of stuff coming through it's like I'm tired of reading this report and I'm tired of seeing uh this security team say this thing about Onan which is very clearly incorrect um but yeah I mean uh to go off little bit of tangent but uh These Guys these guys on uh I will not name the uh security firm that

did the report but they said these guys were state sponsored to which these guys absolutely ripped the [ __ ] out of them in the telegram for immediately after but that was quite amusing it was just you see this thing all the time where people sort of like Mis categorize things because they jump to conclusions and that was a very very reach reaching conclusion yeah anly I were very much someone that I did not appreciate the volume of messages that I have to read through any more questions what kind of got inspired into going into more Frist side things uh so I came to UNI not knowing what I want to do uh as a lot of people do so I came to

UNI I did I picked computer science because I was going to take at gcsc levels and it was an interest and I picked the year in Industry pathway because my logic was if I end up as a software engine for a year it's a year experience I don't care um and then I sort of discovered cyers and I like I kept up with news a lot of time for specifically te new and um I remember that so my first into it was looking at the sil Road and Dread pirate Roberts case and just be able to like watch a bunch of these video essays and read through like the manuscripts of the chats and everything it was just

fascinating so I think when I came to UNI and I found cyers it sort of like reignited that passion of research and that's how I got into doing sort of more research there's no specific area that I like doing because my brain's aw like that it's just does this interest me yes cool I'll focus on this for all um hence Monero and uh activism they do not go together but they're just two areas that I looked at but yeah it's just about the like the enjoyment of doing research I guess that's kind of what got me into this role where would you put the um Crown sa um Cyber attack such as like I UK crine

like where would I put them as yeah like based on like you've got true activists you know because they're openly state sponsored right yeah they are again so that's where I put them as the pseudo activist because like there is a message but the message is too generic to be for a cause the cause is we're going to do what our country says we should do not because they like because they believe it's right obviously but it's not like it's not to stop an objective or like moral good or something it's not like hey this is an ecological issue that is going to be affecting loads of people down the line um we want to try

and do something to spread awareness or hey Scientology is bad let's make people aware about scientology kind of thing um it's just it's another form of Warfare at that point and at that point you can't consider them Act I I would say um I think they just use the guys of activism to uh just as a means of like hey it's not real Warfare so yeah it's kind of just soften in the blow of terms really any more cool let's give jaob