OpenAI hack: return of the DDoS as tensions soar
Security experts have warned that western banks, airlines and software firms with public-facing websites are all in the line of cyber fire after a spate of distributed denial of service attacks (DDoS) culminated last week in outages at ChatGPT developer OpenAI.
The silicon software firm reported last week that ChatGPT and its API were suffering from “periodic outages” since around midday PST on November 8.
A pro-Russian pro-Palestinian group Anonymous Sudan took to Telegram later to claim responsibility for attack, which it says was carried out in response to the CEO’s past support of Israel.
Other reasons for the attack, listed in the same post, included the use of AI in weapons by the Israeli army and the fact that the company was American “and we are still targeting any American company,” it added.
The hackers additionally claimed that ChatGPT had “general biases towards Israel and against Palestine”.
Anonymous Sudan, a group that first surfaced in January this year, was also behind a June attack on Microsoft, which caused outages to services such as 365 as well as several attacks in Sweden following a public burning of the Quran.
The self-proclaimed African hacktivist group also claimed to be behind over 24 DDoS attacks in Australian firms, including healthcare, aviation and education organisations.
A DDoS attack is a malicious attempt to disrupt the normal traffic of a targeted service, server or network, by overwhelming it with traffic, leading to a site crash and/or outages in service.
According to Sergey Shykevich a researcher at US-Israeli cyber security firm Check Point, which has been closely following Anonymous Sudan, all western organisations are targets from groups carrying out these kinds of attacks – and have been since the Russia-Ukraine war.
“DDoS attacks used to be very popular in the last decade but in the last 5-6 years corporations and governments increased their protection.
“But then a resurgence of geopolitical type gangs emerged from the Russia-Ukraine war and these gangs saw a gap: If public-facing websites are integral to the services they provide, they can cause more damage.
“Hence the attacks against Microsoft in June and Open AI last week. Airport websites are vulnerable too as are banks as when these sites go down it leads to real disruption for the services they offer.”
As well as ensuring there are robust DDoS protection and mitigation software in place on websites, firms also need to secure their networks, their end point devices and their cloud storage, Shykevich advises.
According to the Check Point researcher, hackers claim to be able to bypass networks such as Cloudflare, and are selling this ability on the dark web for US $5,000.
Like other commentators, Shykevich maintains that Anonymous Sudan is a pro-Islam and Russian state-backed group – which might not even be based in Africa – with a mission to amplify anti-Western sentiment.
He added that “50% to 60% of its attacks” are carried out in partnership with notorious Russian hackers KillNet.
While Check Point is not actively tracking any pro Israeli hacking groups, the cyber security news website The Cyber Express identified several groups on each side of the divide last month.
Some of these 35 pro Palestinian hacking groups included Ghosts of Palestine and Mysterious Team Bangladesh.
Among the four pro- Israel groups identified were Indian Cyber Force – which claims to have taken down a range of target sites, including the Ministry of Transportation and the Hamas official website. Other pro-Israeli groups include Team UCC Operations and Silent One.
The current war was triggered last month by an attack by the militant group Hamas. So far, the war has killed nearly 11,000 Palestinians, including more than 4,400 children, according to the Gaza health ministry, an agency of the Hamas-run government.
More than 1,400 people in Israel have been killed, primarily during Hamas attacks, with 239 people taken hostage by Hamas.
Subscribe to our Editor's weekly newsletter