Hacker Faces Charges for Attempting Lethal Cyberattacks on Hospitals

For those involved in cybercrime, denial-of-service attacks that overwhelm targets with excessive traffic are usually more of a blunt instrument than a catastrophic force. However, the US Department of Justice has reported that two Sudanese brothers believed to be part of the hacktivist group Anonymous Sudan undertook a series of these unrefined cyberattacks that proved to be both devastating and ruthless, impacting numerous hospitals across various nations, Israel’s missile alert system, and countless digital services. This reckless campaign has led to one brother facing charges not only for criminal hacking but also for the unusual allegation of attempting to inflict physical harm and fatalities.

On Wednesday, the DOJ revealed charges against brothers Ahmed and Alaa Omer, who are accused of unleashing a relentless series of over 35,000 distributed denial-of-service, or DDoS attacks, targeting hundreds of organizations. Their actions resulted in the disruption of websites and various network systems as part of their ideologically driven hacktivism, efforts at extortion, and services provided to clients wanting to hire cyberattack capabilities for profit. Reports from US prosecutors and the FBI indicate their targets included Microsoft’s Azure cloud services, OpenAI’s ChatGPT, video game companies, media corporations, airports, as well as significant government entities such as the Pentagon, the FBI, and the Department of Justice.

Documentation features Ahmed Omer’s passport as shared by the FBI.

“We declare cyber war on the United States,” Ahmed Omer declared in a message to the Anonymous Sudan Telegram channel in April of the previous year, as stated in the indictment. “The United States will be our primary target.”

Anonymous Sudan also launched attacks against hospitals in various countries, including the US, Denmark, Sweden, and India. In one particular incident in February, it was reported that the assaults on Cedars-Sinai Health Systems in Los Angeles led to several hours of service disruption, forcing patients to be redirected to alternative medical facilities. The Justice Department asserts that during the Los Angeles incident, one of the two hackers aimed to inflict potentially lethal damage.

“Bomb our hospitals in Gaza, we shut down yours too, eye for eye,” Ahmed Omer purportedly stated on Telegram while the attack was ongoing. Consequently, due to these hospital attacks, charges are being leveled against Ahmed Omer, which could result in a life sentence. Prosecutors have indicated that these charges represent the most severe legal actions ever taken against a hacker involved in denial-of-service offenses.

In previous incidents, US officials allege that the hackers utilized cyberattacks to cripple Israel’s Tzeva Adom, or “Code Red,” missile alert system, rendering it inoperative during lethal rocket assaults conducted by Hamas, particularly during the events of October 7th last year.

An Anonymous Sudan reference was presented in the FBI’s complaint concerning the Omer brothers.

“The actions taken by this group were callous and brazen,” Martin Estrada, a US attorney for the Central District of California and lead prosecutor in the case, shared during a conference call with reporters. “This group was motivated by their extremist ideology, essentially a Sudanese nationalist ideology.”

While announcing the charges against the two individuals involved, Estrada chose not to disclose their current locations, although he confirmed that they are in custody. An FBI affidavit related to the indictment claims that FBI agent Elliott Peterson conducted interviews with the Omer brothers, during which Ahmed Omer confessed to being an administrator for Anonymous Sudan.

In March of this year, law enforcement agencies appear to have launched an operation targeting the infrastructure of Anonymous Sudan, effectively preventing the group from executing additional attacks. Around this time, the Telegram channel where the group had showcased its attacks and promoted its paid services went completely silent and has since been dismantled. “Anonymous Sudan in name and in operation is effectively dead,” remarked Chad Seaman, a principal security researcher at tech firm Akamai and a member of Big Pipes, a working group focused on DDoS that monitored the group and collaborated with law enforcement throughout the investigation.

Between mid-2023 and the takedown, Anonymous Sudan became known among self-identified hacktivists for executing a series of remarkably large and attention-grabbing DDoS attacks. For instance, in June of the previous year, the group attacked Microsoft’s Azure cloud services for several days, intermittently taking it offline and demanding a ransom of one million dollars to halt the attacks. They also managed to take down OpenAI’s ChatGPT multiple times in December, citing the pro-Israeli posts of one of the company’s employees as their reason for targeting the organization in messages on Telegram.

At various times, Anonymous Sudan has shown possible connections to anti-Israel entities. According to legal authorities, it initiated disruptive cyberattacks aimed at Israel’s Tzeva Adom missile alert system on October 7, 2023, coinciding with attacks from Hamas’s militant faction that resulted in the deaths of nearly 1,200 Israelis. Following Israel’s bombardment and invasion of Gaza, which led to the deaths of tens of thousands of Palestinian civilians in the subsequent months, Anonymous Sudan frequently articulated the rationale behind its attacks as being the defense of Palestinians in its Telegram communications.

For example, in December 2023, Anonymous Sudan executed a series of DDoS attacks that took OpenAI’s ChatGPT offline, spurred by the company’s executive Tal Broda openly endorsing the Israel Defense Forces’ actions in Gaza. “More! No mercy! IDF don’t stop!” Broda had stated on X alongside an image capturing the devastation in Gaza. Additionally, he rejected the very existence of Palestine in another posting.

In a Telegram announcement detailing its motivation for targeting OpenAI, Anonymous Sudan asserted, “We will persist in our efforts against ChatGPT until the genocide supporter, Tal Broda, is dismissed and ChatGPT ceases to harbor dehumanizing perspectives regarding Palestinians.”

However, the underlying objectives of Anonymous Sudan may not always be purely ideological, according to Akamai’s Seaman. The organization has also promoted access to its DDoS network for sale to other hackers: posts on Telegram as recently as March indicated a willingness to provide its DDoS service, referred to as Godzilla or Skynet, for a monthly fee of $2,500. This points to the possibility that its seemingly politically driven attacks might, at least in part, serve as a promotional tool for its profit-driven ventures, Seaman contends.

“It seems they approached this thinking, ‘We can engage, really inflict damage, and promote our service simultaneously,’” Seaman comments. He highlights that, particularly in its anti-Israel, pro-Palestine stance after the October 7 incidents, “there’s undoubtedly an ideological aspect at play. However, the manner in which it intertwined with the various victims is something that perhaps only the attackers fully grasp.”

Occasionally, Anonymous Sudan targeted Ukrainian entities, seemingly collaborating with pro-Russian hacker groups like Killnet. This raised suspicions among some in the cybersecurity field that Anonymous Sudan might actually be a Russia-connected operation utilizing its Sudanese guise as a mask, especially since Russia has been known to exploit hacktivism for deception. The accusations against Ahmed and Alaa Omer imply that the group is genuinely Sudanese in its roots. Yet aside from its name, it doesn’t appear to have any substantial links to the original Anonymous hacker collective, which has seen little activity over the past ten years.

Beyond its targeted actions and political statements, the group has set itself apart with a relatively innovative and impactful technical method, as noted by Akamai’s Seaman: It developed its DDoS service by accessing hundreds or possibly thousands of virtual private servers—often formidable machines provided by cloud service firms—by leasing them using fraudulent credentials. It then utilized these machines to execute what are known as layer 7 attacks, which inundate web servers with site requests, in contrast to the traditional lower-level assaults of raw internet data requests that many DDoS attackers have typically employed. Anonymous Sudan and its DDoS service users would then unleash an overwhelming volume of those layer 7 requests on their targets simultaneously, occasionally employing strategies referred to as “multiplexing” or “pipelining” to create multiple demands on server bandwidth until those servers became unresponsive.

For at least nine months, the group’s technical capabilities and its erratic, unpredictable targeting made it a significant worry for the anti-DDoS community, according to Seaman—and for its numerous victims. “There was considerable uncertainty surrounding this group, regarding their capabilities, motivations, and rationale for choosing specific targets,” explains Seaman. “When Anonymous Sudan vanished, there was a noticeable spike in curiosity and certainly a collective sigh of relief.”

The Justice Department’s move to file a criminal charge against Ahmed Omer for a denial-of-service attack, which could result in a life sentence, may appear inconsistent, especially considering that state-sponsored cyberattacks and ransomware have inflicted significantly greater harm on health care networks. Josh Corman, a researcher at the Institute for Security and Technology focused on health care-related hacking, expresses optimism about the acknowledgment of the potential grave impacts of even basic cyberattacks. He emphasizes that these can lead to severe, and sometimes fatal, outcomes for victims.

Corman states, “Indeed, denial-of-service attacks can compromise and obstruct patient care, leading to loss of life. While this might be the first such case and could seem arbitrary without further details, it is encouraging to witness a recognition of the significant consequences brought by these attacks.”

Updated 5 pm ET, October 16, 2024: Although Anonymous Sudan is allegedly responsible for thousands of attacks, the actual number of targeted entities was in the hundreds. This update clarifies the distinction.

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Article

Sora's Return: Kingdom Hearts Fans Can Now Snag Nintendo's Sora Amiibo Again!

Next Article

How Our Gadgets Are Becoming More Conversational: The Rise of Smart Technology

Related Posts