DOCSLIB.ORG

Cyber Activities in the Syrian Conflict CSS CY

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

CSS CYBER DEFENSE PROJECT Hotspot Analysis The use of cybertools in an internationalized civil war context: Cyber activities in the Syrian conflict Zürich, October 2017 Version 1 Risk and Resilience Team Center for Security Studies (CSS), ETH Zürich The use of cybertools in an internationalized civil war context: Cyber activities in the Syrian conflict Authors: Marie Baezner, Patrice Robin © 2017 Center for Security Studies (CSS), ETH Zürich Contact: Center for Security Studies Haldeneggsteig 4 ETH Zürich CH-8092 Zürich Switzerland Tel.: +41-44-632 40 25 [email protected] www.css.ethz.ch Analysis prepared by: Center for Security Studies (CSS), ETH Zürich ETH-CSS project management: Tim Prior, Head of the Risk and Resilience Research Group; Myriam Dunn Cavelty, Deputy Head for Research and Teaching; Andreas Wenger, Director of the CSS Disclaimer: The opinions presented in this study exclusively reflect the authors’ views. Please cite as: Baezner, Marie; Robin, Patrice (2017): Hotspot Analysis: The use of cybertools in an internationalized civil war context: Cyber activities in the Syrian conflict, October 2017, Center for Security Studies (CSS), ETH Zürich. 2 The use of cybertools in an internationalized civil war context: Cyber activities in the Syrian conflict Table of Contents 1 Introduction 5 2 Background and chronology 6 3 Description 9 3.1 Attribution and actors 9 Pro-government groups 9 Anti-government groups 11 Islamist groups 11 State actors 12 Non-aligned groups 13 3.2 Targets 13 3.3 Tools and techniques 14 Data breaches 14 Website defacement 14 DDoS 15 Malware 15 4 Effects 17 4.1 Social effects 17 4.2 Economic effects 18 4.3 Technological effects 18 4.4 International effects 19 5 Policy Consequences 20 5.1 Raising awareness of propaganda and radicalization online 20 5.2 Incentivizing social media to better control content 20 5.3 Improving cybersecurity 20 5.4 Monitoring the evolution of the conflict 20 6 Annex 1 22 7 Annex 2 28 8 Glossary 29 9 Abbreviations 30 10 Bibliography 31 3 The use of cybertools in an internationalized civil war context: Cyber activities in the Syrian conflict use of cybertools in the context of conflicts. The goal is The use of cybertools also to understand how victims handled and responded to attacks in order to learn from their experiences and in an internationalized be able to prepare for similar situations. civil war context: Description During the Arab Spring, Syrian dissidents saw an Cyber activities in the opportunity to claim more freedom. However, unlike in Tunisia and Egypt, their protests did not achieve the Syrian conflict overthrow of the Syrian President Bashar al-Assad, but instead resulted in civil war. The various groups of actors involved in the war have used cyberspace not only to Targets: Government institutions and pro- promote their ideologies, but also to target their government groups, anti-government enemies or enemies’ associates and partners with groups excluding Islamist groups, website defacement, Distributed Denial of Service Islamist groups, third-party states, attacks and spying malware delivered via spear phishing third-party organizations, and media emails. outlets. Tools: Distributed Denial of Service1, website Effects defacement, data breaches, misinformation, various freely Effects of cyber activities conducted in the available malware (e.g. DarkComet context of the Syrian civil war have been observed at RAT, njRAT, XtremeRAT both the domestic Syrian level and at the international Backdoor.breut, BlackWorm, level. The effects on Syrian society were marked by NanoCore, ShadowTech RAT propaganda campaigns on social media and a blurring of DroidJack), a customized malware, a the distinction between combatants and non- malicious Android application, spear combatants. Economic effects were felt through the phishing emails, fake social media login direct and indirect costs of Distributed Denial of Service pages and fake websites with malicious attacks and website defacements, but also due to the links. drop in the stock market value after a false message was Effects: Propaganda and misinformation on posted on the hijacked Twitter account of Associated social media and defaced websites, Press. Technological impacts were limited due to the low internationalization of the conflict sophistication of the cyberattacks. through cyberspace, drop in stock At the international level, the effects were mainly market due to defacement, use of characterized by the international nature of both the malware in support of ground victims and perpetrators of cyberattacks. Also, the operations. conflict did not escalate in cyberspace and spill over into Timeframe: From spring 2011 and still ongoing with the physical realm. Cyberattacks remained of low a hot phase from 2011 to 2014. intensity and focused mainly on harassment and espionage. Syria attracted considerable international attention during the Arab Spring, when the government Consequences violently repressed protests. The demonstrations escalated into a civil war, which was simultaneously The consequences that can be derived from the conducted in cyberspace. Pro-government, anti- context of the Syrian conflict in cyberspace mostly relate government and Islamist groups fight each other online to increasing awareness of propaganda and using cybertools such as website defacement, radicalization on social media and incentivizing social Distributed Denial of Service attacks and malware. media stakeholders to better control contents posted on This report examines cyber activities in the their platforms. This report also recommends that state context of the Syrian civil war. It also studies the impacts actors improve their cybersecurity through awareness- of cyberattacks on Syrian society, the economy, building campaigns and technological solutions. Finally, technology and at the international level. the analysis suggests that the development of the Syrian The aim of this hotspot analysis is to develop a conflict and its actors both on the ground and in better understanding of the possible mechanisms of the cyberspace should be closely monitored. 1 Technical terms written in italic are explained in a glossary in Section 8 at the end of the document. 4 The use of cybertools in an internationalized civil war context: Cyber activities in the Syrian conflict Section 4 studies the effects of the cyberattacks on Syrian society. These were characterized by propaganda on social media trying to discredit enemies, 1 Introduction an internationalization of the conflict through activities During the Arab Spring in 2011, cyberspace conducted in cyberspace by sympathizers of either side played a significant role in the development of anti- to the conflict, and an increase in mistrust among government protests and the spread of democratic members of anti-government groups targeted by ideas. In 2000, when Bashar al-Assad became Syria’s impersonation of social media accounts. The second leader, only 0.2% of the Syrian population used sub-section examines the economic effects of the computers. The number of users significantly increased cyberattacks. These can be summarized as the direct to reach 22.5% in 2012 (Grohe, 2015). The growth of and indirect costs of Distributed Denial of Service (DDoS) internet users in Syria and the start of the Arab Spring in and defacement attacks and by the stock market’s Tunisia and Egypt emphasize the role of cyberspace in negative reaction to false information posted on the the Syrian conflict. The use of hotspots to evaluate each hijacked Twitter account of Associated Press. Sub- concrete case can support the theoretical and abstract section 3 investigates the technological effects of concepts of cybersecurity. This hotspot analysis cyberattacks carried out during the Syrian civil war. examines the cyber-dimension of the Syrian civil war. These technological impacts are identified as physical During the Arab Spring, it became evident that tampering with internet functionality by the Syrian cyberspace was often used to organize protests and government and the fact that cyberattacks were demonstrations against the Tunisian and Egyptian generally not sophisticated, relying on malware that is governments. This also occurred during protests in Syria, easily available online. and relevant activities evolved into platforms for gaining The last sub-section looks into the impacts of the domestic and international support for both the anti- cyberattacks at the international level. The analysis government and the pro-government groups. demonstrates that the cyberattacks taking place in the The study of this hotspot is relevant because it context of the Syrian conflict affected people and illustrates how the use of cyberspace evolved from a businesses internationally, but that perpetrators may context of domestic unrest to civil war involving a variety also have originated from outside Syria. It also shows of actors. This hotspot is also placed into the context of that the use of malware mainly focused on gathering international tensions between local rival states and information to support the battlefield and notes that major powers such as the USA and Russia. Western states imposed international economic The aim of the analysis is to describe how victims sanctions on Syria. of cyberattacks were affected and how they responded. Finally, Section 5 provides a number of This document will be updated as new elements are recommendations to state actors in order to decrease discovered or significant changes occur. The
Recommended publications
  • Country of Origin Information Report Syria June 2021

    Country of Origin Information Report Syria June 2021

    Country of origin information report Syria June 2021 Page 1 of 102 Country of origin information report Syria | June 2021 Publication details City The Hague Assembled by Country of Origin Information Reports Section (DAF/AB) Disclaimer: The Dutch version of this report is leading. The Ministry of Foreign Affairs of the Netherlands cannot be held accountable for misinterpretations based on the English version of the report. Page 2 of 102 Country of origin information report Syria | June 2021 Table of contents Publication details ............................................................................................2 Table of contents ..........................................................................................3 Introduction ....................................................................................................5 1 Political and security situation .................................................................... 6 1.1 Political and administrative developments ...........................................................6 1.1.1 Government-held areas ....................................................................................6 1.1.2 Areas not under government control. ............................................................... 11 1.1.3 COVID-19 ..................................................................................................... 13 1.2 Armed groups ............................................................................................... 13 1.2.1 Government forces .......................................................................................
  • Officials Say Flynn Discussed Sanctions

    Officials Say Flynn Discussed Sanctions

    Officials say Flynn discussed sanctions The Washington Post February 10, 2017 Friday, Met 2 Edition Copyright 2017 The Washington Post All Rights Reserved Distribution: Every Zone Section: A-SECTION; Pg. A08 Length: 1971 words Byline: Greg Miller;Adam Entous;Ellen Nakashima Body Talks with Russia envoy said to have occurred before Trump took office National security adviser Michael Flynn privately discussed U.S. sanctions against Russia with that country's ambassador to the United States during the month before President Trump took office, contrary to public assertions by Trump officials, current and former U.S. officials said. Flynn's communications with Russian Ambassador Sergey Kislyak were interpreted by some senior U.S. officials as an inappropriate and potentially illegal signal to the Kremlin that it could expect a reprieve from sanctions that were being imposed by the Obama administration in late December to punish Russia for its alleged interference in the 2016 election. Flynn on Wednesday denied that he had discussed sanctions with Kislyak. Asked in an interview whether he had ever done so, he twice said, "No." On Thursday, Flynn, through his spokesman, backed away from the denial. The spokesman said Flynn "indicated that while he had no recollection of discussing sanctions, he couldn't be certain that the topic never came up." Officials said this week that the FBI is continuing to examine Flynn's communications with Kislyak. Several officials emphasized that while sanctions were discussed, they did not see evidence that Flynn had an intent to convey an explicit promise to take action after the inauguration. Flynn's contacts with the ambassador attracted attention within the Obama administration because of the timing.
  • 2016 8Th International Conference on Cyber Conflict: Cyber Power

    2016 8Th International Conference on Cyber Conflict: Cyber Power

    2016 8th International Conference on Cyber Conflict: Cyber Power N.Pissanidis, H.Rõigas, M.Veenendaal (Eds.) 31 MAY - 03 JUNE 2016, TALLINN, ESTONIA 2016 8TH International ConFerence on CYBER ConFlict: CYBER POWER Copyright © 2016 by NATO CCD COE Publications. All rights reserved. IEEE Catalog Number: CFP1626N-PRT ISBN (print): 978-9949-9544-8-3 ISBN (pdf): 978-9949-9544-9-0 CopyriGHT AND Reprint Permissions No part of this publication may be reprinted, reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior written permission of the NATO Cooperative Cyber Defence Centre of Excellence ([email protected]). This restriction does not apply to making digital or hard copies of this publication for internal use within NATO, and for personal or educational use when for non-profit or non-commercial purposes, providing that copies bear this notice and a full citation on the first page as follows: [Article author(s)], [full article title] 2016 8th International Conference on Cyber Conflict: Cyber Power N.Pissanidis, H.Rõigas, M.Veenendaal (Eds.) 2016 © NATO CCD COE Publications PrinteD copies OF THIS PUBlication are availaBLE From: NATO CCD COE Publications Filtri tee 12, 10132 Tallinn, Estonia Phone: +372 717 6800 Fax: +372 717 6308 E-mail: [email protected] Web: www.ccdcoe.org Head of publishing: Jaanika Rannu Layout: Jaakko Matsalu LEGAL NOTICE: This publication contains opinions of the respective authors only. They do not necessarily reflect the policy or the opinion of NATO CCD COE, NATO, or any agency or any government.
  • Issue No. 486 AUGUST 2021

    Issue No. 486 AUGUST 2021

    Issue Brief ISSUE NO. 486 AUGUST 2021 © 2021 Observer Research Foundation. All rights reserved. No part of this publication may be reproduced, copied, archived, retained or transmitted through print, speech or electronic media without prior written approval from ORF. The Limits of Military Coercion in Halting Iran’s Nuclear Weapons Programme Kunal Singh Abstract Israel believes that the use of force is essential to stopping Iran from making the nuclear bomb. A vocal section of the strategic affairs community in the United States agrees with the proposition. This brief argues that military means are unlikely to sabotage the nuclear weapons programme of an advanced-stage bomb-seeker like Iran. Moreover, use of force could be counterproductive as it can incentivise Iran’s pursuit of the bomb, and it may erode the confidence required for diplomatic negotiations that can possibly help cease the weapons programme. Attribution: Kunal Singh, “The Limits of Military Coercion in Halting Iran’s Nuclear Weapons Programme,” ORF Issue Brief No. 486, August 2021, Observer Research Foundation. 01 n early April in Vienna, the Biden administration initiated efforts with Iran to reinstate the Joint Comprehensive Plan of Action (JCPOA), more commonly known as the Iran nuclear deal, from which the United States (US) had exited during the tenure of former US President Donald Trump. A week later, an explosion at Iran’s Natanz uranium enrichment Ifacility caused a power blackout. Israel, the state most vocally opposed to the JCPOA, is widely believed to have
  • Iran: Recent Incidents Likely a Coordinated String of Deliberate Attacks

    Iran: Recent Incidents Likely a Coordinated String of Deliberate Attacks

    The Cambridge Security Initiative IRAN: RECENT INCIDENTS LIKELY A COORDINATED STRING OF DELIBERATE ATTACKS JULY 2020 Richard C. Baffa Since early May, Iranian critical infrastructure and national security facilities have been subject to at least nine fires, explosions, and apparent cyberattacks; eight of these have taken place since 26 June. The nature of the targets and the short period of time in which they have occurred is unprecedented, strongly pointing to deliberate attacks and/or sabotage. Tehran has downplayed many of the incidents as accidents, but unofficially blamed the United States, Israel, and an unnamed Arab state (likely Saudi Arabia and/or the United Arab Emirates), and has vowed to retaliate. Two of the sites, the Natanz enrichment facility and Khojir military base, are highly secure national security facilities, harbouring sensitive nuclear and ballistic missile capabilities, including the IR-4 and IR-6 generation of modern centrifuges. At Natanz, an explosion and fire damaged a new, high-value centrifuge production/assembly plant on 2 July; the building is adjacent to underground fuel production facilities where the U.S. and Israel conducted the Stuxnet cyberattack a decade ago. An unnamed Middle Eastern intelligence official claimed Israel was responsible, using a powerful bomb. On 26 June, another explosion took place at Khojir missile production site, a highly secretive facility for missile engines and propellant development and testing near Tehran. In addition, on 10 July, local witnesses in Garmdarreh, west of Tehran, reported a series of explosions followed by widespread power outages. Multiple reports claimed the explosions occurred at Islamic Revolutionary Guard Corps (IRGC) missile depots, possibly the Islam IRGC Aerospace military base; there are also other military facilities, a chemical weapons research site, and power plants in the area.
  • Hacking for ISIS: the Emergent Cyber Threat Landscape

    Hacking for ISIS: the Emergent Cyber Threat Landscape

    Hacking for ISIS: The Emergent Cyber Threat Landscape By Laith Alkhouri, Alex Kassirer, & Allison Nixon April 2016 Hacking For ISIS Contents Click on a title to navigate to the page Introduction ...........................................................................................................................................2 Cyber Caliphate ...................................................................................................................................3 Islamic State Hacking Division .......................................................................................................6 Islamic Cyber Army ............................................................................................................................9 Rabitat Al-Ansar ................................................................................................................................ 12 Sons Caliphate Army ...................................................................................................................... 15 United Cyber Caliphate .................................................................................................................. 17 Techniques, Tactics, & Procedures (TTPs) .............................................................................. 20 The Future of ISIS’s Cyber Capabilities .................................................................................... 24 Conclusion .........................................................................................................................................
  • Duqu the Stuxnet Attackers Return

    Duqu the Stuxnet Attackers Return

    Uncovering Duqu The Stuxnet Attackers Return Nicolas Falliere 4/24/2012 Usenix Leet - San Jose, CA 1 Agenda 1 Revisiting Stuxnet 2 Discovering Duqu 3 Inside Duqu 4 Weird, Wacky, and Unknown 5 Summary 2 Revisiting Stuxnet 3 Key Facts Windows worm discovered in July 2010 Uses 7 different self-propagation methods Uses 4 Microsoft 0-day exploits + 1 known vulnerability Leverages 2 Siemens security issues Contains a Windows rootkit Used 2 stolen digital certificates Modified code on Programmable Logic Controllers (PLCs) First known PLC rootkit 4 Cyber Sabotage 5 Discovering Duqu 6 Boldi Bencsath Announce (CrySyS) emails: discovery and “important publish 25 page malware Duqu” paper on Duqu Boldi emails: Hours later the “DUQU DROPPER 7 C&C is wiped FOUND MSWORD 0DAY INSIDE” Inside Duqu 8 Key Facts Duqu uses the same code as Stuxnet except payload is different Payload isn‟t sabotage, but espionage Highly targeted Used to distribute infostealer components Dropper used a 0-day (Word DOC w/ TTF kernel exploit) Driver uses a stolen digital certificate (C-Media) No self-replication, but can be instructed to copy itself to remote machines Multiple command and control servers that are simply proxies Infections can serve as peers in a peer-to-peer C&C system 9 Countries Infected Six organizations, in 8 countries confirmed infected 10 Architecture Main component A large DLL with 8 or 6 exports and 1 main resource block Resource= Command & Control module Copies itself as %WINDIR%\inf\xxx.pnf Injected into several processes Controlled by a Configuration Data file Lots of similarities with Stuxnet Organization Code Usual lifespan: 30 days Can be extended 11 Installation 12 Signed Drivers Some signed (C-Media certificate) Revoked on October 14 13 Command & Control Module Communication over TCP/80 and TCP/443 Embeds protocol under HTTP, but not HTTPS Includes small blank JPEG in all communications Basic proxy support Complex protocol TCP-like with fragments, sequence and ack.
  • Reimagining US Strategy in the Middle East

    Reimagining US Strategy in the Middle East

    REIMAGININGR I A I I G U.S.S STRATEGYT A E Y IIN THET E MMIDDLED L EEASTS Sustainable Partnerships, Strategic Investments Dalia Dassa Kaye, Linda Robinson, Jeffrey Martini, Nathan Vest, Ashley L. Rhoades C O R P O R A T I O N For more information on this publication, visit www.rand.org/t/RRA958-1 Library of Congress Cataloging-in-Publication Data is available for this publication. ISBN: 978-1-9774-0662-0 Published by the RAND Corporation, Santa Monica, Calif. 2021 RAND Corporation R® is a registered trademark. Cover composite design: Jessica Arana Image: wael alreweie / Getty Images Limited Print and Electronic Distribution Rights This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited. Permission is given to duplicate this document for personal use only, as long as it is unaltered and complete. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial use. For information on reprint and linking permissions, please visit www.rand.org/pubs/permissions. The RAND Corporation is a research organization that develops solutions to public policy challenges to help make communities throughout the world safer and more secure, healthier and more prosperous. RAND is nonprofit, nonpartisan, and committed to the public interest. RAND’s publications do not necessarily reflect the opinions of its research clients and sponsors. Support RAND Make a tax-deductible charitable contribution at www.rand.org/giving/contribute www.rand.org Preface U.S.
  • Introduction Points

    Introduction Points

    Introduction Points Ahmia.fi - Clearnet search engine for Tor Hidden Services (allows you to add new sites to its database) TORLINKS Directory for .onion sites, moderated. Core.onion - Simple onion bootstrapping Deepsearch - Another search engine. DuckDuckGo - A Hidden Service that searches the clearnet. TORCH - Tor Search Engine. Claims to index around 1.1 Million pages. Welcome, We've been expecting you! - Links to basic encryption guides. Onion Mail - SMTP/IMAP/POP3. ***@onionmail.in address. URSSMail - Anonymous and, most important, SECURE! Located in 3 different servers from across the globe. Hidden Wiki Mirror - Good mirror of the Hidden Wiki, in the case of downtime. Where's pedophilia? I WANT IT! Keep calm and see this. Enter at your own risk. Site with gore content is well below. Discover it! Financial Services Currencies, banks, money markets, clearing houses, exchangers. The Green Machine Forum type marketplace for CCs, Paypals, etc.... Some very good vendors here!!!! Paypal-Coins - Buy a paypal account and receive the balance in your bitcoin wallet. Acrimonious2 - Oldest escrowprovider in onionland. BitBond - 5% return per week on Bitcoin Bonds. OnionBC Anonymous Bitcoin eWallet, mixing service and Escrow system. Nice site with many features. The PaypalDome Live Paypal accounts with good balances - buy some, and fix your financial situation for awhile. EasyCoin - Bitcoin Wallet with free Bitcoin Mixer. WeBuyBitcoins - Sell your Bitcoins for Cash (USD), ACH, WU/MG, LR, PayPal and more. Cheap Euros - 20€ Counterfeit bills. Unbeatable prices!! OnionWallet - Anonymous Bitcoin Wallet and Bitcoin Laundry. BestPal BestPal is your Best Pal, if you need money fast. Sells stolen PP accounts.
  • Reporting, and General Mentions Seem to Be in Decline

    Reporting, and General Mentions Seem to Be in Decline

    CYBER THREAT ANALYSIS Return to Normalcy: False Flags and the Decline of International Hacktivism By Insikt Group® CTA-2019-0821 CYBER THREAT ANALYSIS Groups with the trappings of hacktivism have recently dumped Russian and Iranian state security organization records online, although neither have proclaimed themselves to be hacktivists. In addition, hacktivism has taken a back seat in news reporting, and general mentions seem to be in decline. Insikt Group utilized the Recorded FutureⓇ Platform and reports of historical hacktivism events to analyze the shifting targets and players in the hacktivism space. The target audience of this research includes security practitioners whose enterprises may be targets for hacktivism. Executive Summary Hacktivism often brings to mind a loose collective of individuals globally that band together to achieve a common goal. However, Insikt Group research demonstrates that this is a misleading assumption; the hacktivist landscape has consistently included actors reacting to regional events, and has also involved states operating under the guise of hacktivism to achieve geopolitical goals. In the last 10 years, the number of large-scale, international hacking operations most commonly associated with hacktivism has risen astronomically, only to fall off just as dramatically after 2015 and 2016. This constitutes a return to normalcy, in which hacktivist groups are usually small sets of regional actors targeting specific organizations to protest regional events, or nation-state groups operating under the guise of hacktivism. Attack vectors used by hacktivist groups have remained largely consistent from 2010 to 2019, and tooling has assisted actors to conduct larger-scale attacks. However, company defenses have also become significantly better in the last decade, which has likely contributed to the decline in successful hacktivist operations.
  • Point and Shoot Education Screening Dear Teachers

    Point and Shoot Education Screening Dear Teachers

    Point and Shoot Education Screening Dear Teachers, Welcome to the Milwaukee Film Education Screenings! We are delighted to have you and thankful that so many Milwaukee-area teachers are interested in incorporating film into the classroom! So that we may continue providing these opportunities, we do require that your class complete at least one activity in conjunction with the screening of Point and Shoot. Your cooperation ensures that we are able to continue applying for funding to bring in these films and offer them to you (and literally thousands of students) at such a low cost. This packet includes several suggestions of activities and discussion questions that fulfill a variety of Common Core Standards. Let me know if you need a different file format! Feel free to adapt and modify the activities for your own classroom. Students could also simply journal, blog, or write about their experience. New this year we are introducing an Essay Contest to this packet! Submit writing from your students in response to the standard prompt we offer here by November 3, 2014 for consideration. A panel of judges will select the best essay and a runner-up in each grade range to receive a bookstore gift certificate as a prize. See the Essay Contest handout in this packet for more details. You can send evidence of the work you did to integrate the film into your classroom electronically or by mail. This could include: links to online content, Google Drive folders, scanned material, photocopied or original student work concerning the film/film-going experience or even your own anecdotal, narrative accounts.
  • Zerohack Zer0pwn Youranonnews Yevgeniy Anikin Yes Men

    Zerohack Zer0pwn Youranonnews Yevgeniy Anikin Yes Men

    Zerohack Zer0Pwn YourAnonNews Yevgeniy Anikin Yes Men YamaTough Xtreme x-Leader xenu xen0nymous www.oem.com.mx www.nytimes.com/pages/world/asia/index.html www.informador.com.mx www.futuregov.asia www.cronica.com.mx www.asiapacificsecuritymagazine.com Worm Wolfy Withdrawal* WillyFoReal Wikileaks IRC 88.80.16.13/9999 IRC Channel WikiLeaks WiiSpellWhy whitekidney Wells Fargo weed WallRoad w0rmware Vulnerability Vladislav Khorokhorin Visa Inc. Virus Virgin Islands "Viewpointe Archive Services, LLC" Versability Verizon Venezuela Vegas Vatican City USB US Trust US Bankcorp Uruguay Uran0n unusedcrayon United Kingdom UnicormCr3w unfittoprint unelected.org UndisclosedAnon Ukraine UGNazi ua_musti_1905 U.S. Bankcorp TYLER Turkey trosec113 Trojan Horse Trojan Trivette TriCk Tribalzer0 Transnistria transaction Traitor traffic court Tradecraft Trade Secrets "Total System Services, Inc." Topiary Top Secret Tom Stracener TibitXimer Thumb Drive Thomson Reuters TheWikiBoat thepeoplescause the_infecti0n The Unknowns The UnderTaker The Syrian electronic army The Jokerhack Thailand ThaCosmo th3j35t3r testeux1 TEST Telecomix TehWongZ Teddy Bigglesworth TeaMp0isoN TeamHav0k Team Ghost Shell Team Digi7al tdl4 taxes TARP tango down Tampa Tammy Shapiro Taiwan Tabu T0x1c t0wN T.A.R.P. Syrian Electronic Army syndiv Symantec Corporation Switzerland Swingers Club SWIFT Sweden Swan SwaggSec Swagg Security "SunGard Data Systems, Inc." Stuxnet Stringer Streamroller Stole* Sterlok SteelAnne st0rm SQLi Spyware Spying Spydevilz Spy Camera Sposed Spook Spoofing Splendide