A cyber attack with peaks of 130,000 simultaneous access attempts, mostly from Germany, has hit the CGIL servers just as the demonstrators led by Forza Nuova broke down the glass doors of the union headquarters in Rome.
A DDoS attack, that is Distributed Denial of Service, which has put out of use site, communication and newspaper of the CGIL on the Saturday of the No Vax protests and which continued for 3 days, obscuring the union’s online presence until Monday morning, when the site became visible again, but only because the Californian company in charge of protecting it, CloudFlare, inhibited access from from outside Italy. “For now there are no extortion threats, it is an ideological attack and we do not know who they are or where they come from,” they told us.
The CGIL has never suffered attacks of this type, but for the trade unionists the synchrony with the No Vax demonstrations and the assault on the Roman seat is evident. But “we don’t have sensitive data on that server, we are doing the analyzes” and “we don’t know the targets of the attackers”, told us who was in the trenches to defend the union’s digital fort. What is certain is that “we have not yet returned to normal”.
A powerful attack, but “stupid” that does not need expert hackers to be executed, and then the question becomes: is it the work of some computer expert sympathetic to the protests against vaccines and Green Pass or is it attributable to the Black Web, that is to network of the European right online? “Soon to say, we are waiting for the data”, the cigiellino technician who confirmed the dynamics of the assault, and Stefano Milani, communications director of the confederal union repeat in unison.
the secrets of the network
What are CDNs and why are they essential for the Internet
by Alessandro Longo
DDoS attacks on political sites
In the last two years the attacks on the sites of the political and trade union left have been different, and at least in one case aimed at stealing personal data of members and also those relating to online donations. Had happened in the attack on the Democratic Party servers in July 2020 with rather complex intrusion attempts which then turned into low intensity and effective disturbing actions. But digital burglary professionals do this, sneak into IT infrastructures, take everything they can and then launch a DDoS attack to wreak havoc or activate dormant ransomware on servers to erase traces of their passage. DDoS does not only serve to make servers unreachable to obscure the communication of those who manage them.
Once DDoS attacks were done by hand, they were called NetStrike and served to attract attention to issues of social importance such as the spread of AIDS. It was the early 90s, then they arrived the hacker activists of Anonymous who automated attacks with Loic, the Low Orbit Ion Cannon, a computer program that simulated successive and recurring requests for access to a site to saturate its capabilities and send it offline. Finally the boaters arrived. Not to be confused with boat enthusiasts (boats, in English), they are the resellers of botnets, zombie computer networks, which can be used at will to make attacks of various kinds to desired targets.
They are easily found on Instagram because the criminal gangs that have control of the botnets use the kids who frequent the social network as gallops to resell their services with lots of ads, “rent a botnet, 20 euros for two hours ”and it is immediately Crime as a Service: crime for rent, that is, on request, like going to buy fruit at the supermarket. To rent a botnet capable of attacking the same target for 8 hours, 100 euros are enough, but more than one analyst has observed over the years that politically motivated groups and groups have refined the ability to act in a coordinated manner to cause disservices and interrupt adversary communications. , as if they were guerrilla groups.
This was confirmed by Donato Apollonio, engineer responsible for data management of the Democratic Party: “The reasons may be different, a DDoS attack can hide an attack aimed at stealing data that are very precious in politics or compromising systems, but then there is the factor psychological, because the attack serves to generate chaos in the IT sector of a company or a party, when operations slow down and the risk of making mistakes increases due to stress. Finally, there is the economic factor, because companies are often forced to upgrade the infrastructure and to resort to additional resources of means and people that can have a non-negligible cost “.
Also for this reason, the hypothesis has emerged that the interruption of the service of the CGIL site could be related to the attack physically carried out by the demonstrators led by Roberto Fiore and Luciano Castellino of Forza Nuova, who attacked the headquarters of Maurizio Landini’s union.
Rip effect
Rest in peace, but not too much: this is how ransomware gangs make fun of their victims
by Arturo Di Corinto
CGIL servers kicked (for real)
The computer technicians of the CGIL also confirmed that one of the servers was kicked by protesters who broke into the dedicated room and then tore the cables, but they themselves confirm that the DDoS attack and related disruptions began at the same time as the assault. In short, it could be a coordinated action.
On the CGIL newspaper, also affected by the inefficiencies, we read: “The hacker attack on the institutional site of the national CGIL confirms, if still necessary, the premeditation of the fascist assault on Saturday 9 October. The attempts (partially rejected) of an IT incursion started at the same time as the action against the Corso Italia headquarters and testify to a wide-ranging organization aimed at also hitting the technological infrastructure of the confederation in an attempt to block its autonomous sources of communication “. Again: “The IP addresses used to convey the action mostly come from foreign countries (Germany, China, Czech Republic, United States, Indonesia) and generated peaks of 130 thousand simultaneous connection attempts that caused the servers to overload, making the site unreachable several times “.
A little over a year ago, the secretariat of the Democratic Party had denounced “repeated hacker attacks” on the PD site which had “generated 31 million requests from 21 thousand different IPs”. This year the site dedicated to the memory of the Resistance coordinated by the Anpi was targeted. The site noipartigiani.it, just inaugurated, had been attacked by the thugs of the Web. And, news of these days, even the online platform for organizing sympathizers and members of the Democratic Party is under recurrent attack.
Denis Roio and Puria Nafisi Azizi, technical managers of Dyne.org, which among the projects takes care of the new participatory platform of the Democratic Party, they confirmed that “we receive daily attacks, some more trivial and others targeted, but it is a risk that we have taken into account since we started working on large-scale platforms such as the Democratic Agora. We work with decentralized systems and apply encryption techniques advance to avoid the worst. Unfortunately, keeping a platform on the Web is no longer as easy as it once was: you need a lot of precautions if you want to do it well and reliably “.
.