As anticipated by activists claiming to be Anonymous on the internet, 8th of December has been a full day of attacks and hacks on French entities. Mostly a couple of public websites have been down because of DDoS attacks, and more severely, the release of sensitive personal information of 1400 civil servants of the French Republic.
Security expert Damien Bancal has been updating the public through social media about the doxing and continuous cyber attacks.
Around noon of 8th of December 2018, journalist Damien Bancal found traces of a list containing the names, e-mail, and phone numbers of 1400 French public servants, including the Ministry of Justice. The authors, who claim to support the Yellow Vests, are trying to spread the list as widely as possible to further cause instability. It has been indicated that the hacking group might have anarchist beliefs.
When asked about the validity of the list, Damien replied:
“In my opinion, this does not come from a ministry. The data looks credible, but it’s impossible to know at this time whether this list is from last week or a year ago.”
According to the expert, the groups are trying to disseminate as much chaos and fear through the leaking of personal information.
The second part of the day brought about several cyber attacks which resulted in the crashing of several institutional websites. In order of crashing: The Bank of France, The Ministry of Culture, The Cohesion Territories, The National Security Agency of Information Systems, and The Artisanal, Commerce, and Tourism website.
Commercial companies such as Total or Saint-Globe have also taken a hit. Even the DynDNS website went under heavy strokes of DDoS initiatives.
The majority of such attacks were committed using the help of two pieces of software available on the clear net. More precisely, hping3 and Loic. Hping3 is a network program able to send custom TCP/IP packets and to display target replies, while Loic (Low Orbit Ion Cannon) is also an open-source software written in C# capable of generating massive network traffic and analyzing responses. These programs are used by motivated groups to commit cyber attacks and are accessible to anyone online, legally. More software names include HOIC, XOIC, HULK (HTTP Unbearable Load King), R-U-Dead-Yet, DDOSIM—Layer 7 DDOS Simulator, etc.