Why "Zem a Vek" isn't working? - Bart Digital Products Why "Zem a Vek" isn't working? - Bart Digital Products

Online Safety #1 Why “Zem a Vek” isn’t Working?

At the moment, we are all in an unprecedented situation. We are on the brink of a conflict unprecedented in modern European history. Neighbouring Ukraine is at war! The war takes many forms at present. It’s conducted not only conventionally, but also in the economic and virtual space.

Therefore, we’ve prepared for you the first part of a new section on how to behave safely in the virtual world. It won’t take you more than 5 minutes to read it.

Anonymous tweet, photo via Twitter


What is the purpose of a cyber attack?

Cyber attacks are carried out for various reasons. In most cases, the goal is to disable specific systems, retrieve data and pass it on to another party. In this particular case, the hacker group Anonymous targeted Russian news channels to pass a message to the Russian public!

KeepCoding, photo via Unsplash

Slovakia is not spared of cyber attacks

On Saturday, February 26, 2022, we had the opportunity to watch an attempt to disable a group of websites such as zemavek.sk, hlavnespravy.sk, aktuality.sk, zive.sk, etc.  

At this time, links began to circulate on social networks calling for a takedown of Russian websites. It was enough to just open the link in your browser or mobile phone and keep it running. How simple is that, right?

The original link looked trustworthy. It only included links to Russian websites that were supposed to be disabled by visitor activity. It didn’t take long and a Czech mutation of the web was created. In addition to the Russian pages, it also contained links to two Slovak targets – zemavek.sk and hlavnespravy.sk.

Of course, publicly collecting volunteers to carry out an attack in this way is literally an invitation for someone to modify the script against news websites and send it to the other group.

How to behave in virtual space?

The golden rule of conduct on the Internet is known to everyone – don’t open attachments in e-mails from unknown people. In the current situation, this is even more true. Blindly opening an unknown Internet link is a big risk. Don’t rely on a “trustworthy” accompanying text! As an ordinary user, you don’t have a chance to check the attached computer program!

The disaster may not be visible after the link is opened. The program may not be primarily focused on theft of personal data or payment data. In a better case, it’s intended for cryptocurrency mining – Cryptojacking.

Before 2017, cryptocurrency Monero was mined with a malicious script that websites and applications were loading instead of adverts.

Cryptocurrency Monero, photo via Unsplash

In the worst case scenario, instead of helping Ukraine, you could participate in an attack on its infrastructure!

In this particular case, the script did what it was supposed to do and it was strikingly simple. It was about a 100-line html file with a bit of javascript that sent a lot of requests to the servers defined in the table.

A sample of the part of the code that sent an infinite number of requests to each of the servers on the list.

We downloaded the source code `wget`, ommand so that it wouldn’t run on the browser, but at the same time it wouldn’t be a problem to open it and examine it. We only run it in a browser for a few seconds. It should be noted that the script didn’t run for everyone. For users who had browser security extensions installed, it simply didn’t run.

It was one of the simplest forms of a DDoS attack. It consisted of a large number of requests that burdened the target servers so much that they ceased to function.

This was successful in the case of zemavek.sk and hlavnespravy.sk. After detecting the attack, the administrators deployed protection and the sites were operational again without much damage.
Users who opened the script in most cases had no idea what sites they were actually attacking.

What’s next?

We don’t have information about the damage potentially suffered by Russian websites. However, we assume that the script occupied the administrators for at least a few hours.

The events in Ukraine show us the horrors of war and they rally us to help. Everyone wants to help as much as they can.

VHowever, it’s now much better to follow the official calls and follow the instructions from the official institutions. With our own initiative, we could do a lot of damage not only to ourselves, but we could also help someone who really isn’t worth it.

Glory to Ukraine!