#History #China #PersianEmpire #TurkicEmpire #MongolEmpire #RussianEmpire #SilkRoute #Eurasia #Transoxiana #FerganaValley #Uzbekistan #Tajikistan #Turkmenistan #Kazakhstan #Kyrgyzstan #Islam #MilitantIslamism #Jihad #CentralAsia #URSS #SovietUnion

from: Jihad : the rise of militant Islam in Central Asia
by: Ahmed Rashid

2 Conquerors and Saints: The Past as Present

The ethnic, political, and religious factions now vying for control in Central Asia have a history almost as old as the Central Asian civilizations themselves. Since around 500 B.C., when Darius I added the region known as Transoxiana (present-day Uzbekistan and Tajikistan) to the Persian Empire, to the 1920s, when Stalin forcefully divided the region into the five socialist republics that correspond to the current independent republics, Central Asia has been a center for war and empire, art and culture, religion and commerce.
Much of the reason for Central Asia's rich history is geographical: its huge landmass lies at the heart of the Eurasian continent. In ancient times it was considered the center of the world, linking China with Europe by means of the famous Silk Route. In reality this consisted of several routes, forged to allow merchants to carry goods by camel caravan across the two continents. But the travelers transported more than silk or spices; they also spread new technologies—such as papermaking, gunpowder, and silk weaving— new ideas, and new religions. The religion of the ancient Greeks, Buddhism, Judaism, Zoroastrianism, Nestorian Christianity, Hinduism, Manichaeanism, and most of the major ideas of Islam have at one time or another found a home in Central Asia. It is the prevalence of the various ideas on Islam, in particular, and how they have been received by the various rulers of the Central Asian landmass, that are essential to an understanding of the conflicts that threaten the region today.

The Importance of Geography

Central Asia's greatest strength in the past— and its greatest problem today— is that it is landlocked, bordering Iran and Afghanistan to the south, China to the east, and Russia to the north and west. The vast Central Asian steppe is bounded by the Caspian Sea in the west, the Hindu Kush and the Pamir Mountain ranges in the south, and the Tian Shan Mountains in the -est along the border with China. There are no clear geographical boundaries in the. north, where the Kazakh steppe merges into Siberia.
Central Asia was once known as "the land between the two rivers'' for the two major rivers, the Amu Darya (Oxus) and the Syr Darya (Jaxartes), that bounded much of its territory before emptying into the Aral Sea. These two rivers have created formidable geographical, cultural, and political boundaries that separated Central Asia from the rest of the world even as the Silk Route connected it.
The Amu Darya, for example, divided the nomadic Turkic and Mongol empires in Central Asia from the Persian Empire to the south, and helped act as a buffer— along with an independent Afghanistan— between the British Empire in India and tsarist Russia. Recently it has marked the border between Taliban-ruled Afghanistan and Central Asia.
The Syr Darya has protected Central Asian kingdoms from periodic invasions from Mongolia, Siberia, and the Gobi Desert. Rivers are not the only natural boundaries.
Central Asia lies at the crossroads of the world's highest mountain ranges: the Pamir Mountains, which cover 93 percent of today's Tajikistan; the Tian Shan Mountains, stretching to the east and north of the Pamirs; the Himalayas to the southeast; and the Hindu Kush to the south.
The legendary traveler Marco Polo crossed the Pamirs in 1273 on his way to China, dubbing the range the Roof of the World. "Ascending mountain after mountain, you at length arrive at a point, where you might suppose the surrounding summits to be the highest lands in the world. ... So great is the height of the mountains, that no birds are to be seen near their summits. Here there live a tribe of savage, ill disposed and idolatrous people, who subsist upon the animals they can destroy and clothe themselves with the skins," wrote Polo in his memoirs.
In the center of this vast, magnificent landscape of mountains and steppe are two of the largest deserts in the world.
In the south, covering much of Turkmenistan, is the Kara-Kum (black sands) Desert: more than 135,000 square miles where rain falls approximately once a decade.
To the north, in Uzbekistan, lies the Kyzyl Kum (red sands) Desert.
But between these bleak wastes lush, well-irrigated valleys provide oases around which settlements and cities have grown, each oasis a self-contained economic community whose citizens traded with the local nomads and caravans that passed through. The harsh, sparsely populated landscape made Central Asia ripe for conquest but difficult to rule: empires rose and fell periodically throughout its history.
The geographical face of Central Asia remained largely untouched until the late nineteenth and twentieth centuries, when the region became part of the Russian Empire and then the Soviet Union. The Russians and later the Soviets changed the landscape, building massive irrigation networks flowing from huge reservoirs to support cotton agriculture between the Amu and Syr Darya rivers. Although in the process they created irretrievable environmental damage and pollution that have eventually resulted in acute water shortages, the drying up of lakes and rivers, and further desertification, the water routes were for many years essential sources of agriculture and food. Today those irrigation networks lie broken, hostage to the political battles that divide the region.
Central Asia currently comprises five independent republics: Kazakhstan, Uzbekistan, Turkmenistan, Kyrgyzstan, and Tajikistan, whose fiercely disputed boundaries were drawn by Stalin as part of his divide-and-rule campaign. Its landmass of 1,542,200 square miles hosts a population of just 52 million people, representing more than one hundred ethnic groups, from the predominant Uzbeks, Kazakhs, and Tajiks to Germans, Koreans, and Tibetans. The largest ethnic group is the Uzbeks, who make up 72 percent of Uzbekistan's 22 million people as well as substantial minorities in all the other Central Asian republics. Before the breakup of the Soyiet Union, there were also some 10 million Russians, comprising one-fifth of the population, many the result of forced relocation by Stalin, as another means of weakening the power of the region's ethnic groups. A large number of these Russians have migrated to Russia since 1991.
But the heart of Central Asia has always been the Fergana Valley. Just two hundred miles long and seventy miles across at its widest point, the fertile valley has for centuries been the home for the largest concentration of people. Today it has 10 million inhabitants, 20 percent of the total population of Central Asia.
The emperor Babur, who conquered Afghanistan and founded the Mogul Empire in India in the fifteenth century, was born in the Fergana Valley, describing it in his memoirs as the closest place to Paradise on earth. From his splendid palaces in Delhi, Babur would recall the 140 varieties of grapes and watermelons produced in Fergana. Valley horses were prized as cavalry mounts by nomadic tribes and empire builders as far away as China.
More than crops and livestock flourished in the Fergana Valley. Fergana has also traditionally been the center of Central Asia's political and cultural Islam, producing saints, scholars, mystics, and warriors whose knowledge and learning spread across the Muslim world.
The bordering city of Osh, today the second-largest city in Kyrgyzstan, was a seat of Islamic learning in the tenth century. Legend has it that the large mountain in the center of the town was blessed by King Solomon; it still bears the name Takht-i-Sulaiman (Seat of Solomon) and was long a site of Muslim pilgrimage. To the west lie the ancient Muslim capitals of Bukhara and Samarkand. The 360 mosques and 113 madrassahs (Islamic religious schools) of medieval Bukhara produced scholars who spread their faith throughout Russia, China, South Asia, and the Middle East. In the words of a medieval proverb: "The sun does not shine on Bukhara, it is Bukhara that shines on the sun." Even after Bukhara became a Russian protectorate in 1868 there were still 100 madrassahs in Bukhara, with some 10,000 students.

History of Conquest

The history of Central Asia is a tale of conquest, of Mongol "hordes" and Arab holy warriors who swept across its steppes and crossed its mountains and, for a time, enfolded it within the largest empires in the world. Alexander, Tamerlane, Genghis Khan: at one time each of these conquerors added the territories of Central Asia to his vast empire, founding dynasties that survived for centuries— until the next invader arrived.
Early Central Asian history is dominated by the rivalry between the Persians to the south and the Turkic tribes to the north, who vied for control of the rich oasis cities. The Persian Empire under Darius I added Transoxiana to its territory around 500 B.C. but the Persians were ousted for a time by Turkic nomadic invasions from Siberia and Mongolia. These tribes had originally (beginning in about 1000 B.C.) inhabited the Alatau Mountains in eastern Central Asia. (The Chinese began using the word Tur or Turkic to identify all the nomadic tribes who posed a threat to their empire— the ancient origins of the word Turkistan [home of the Turks], used even today to identify Central Asia.) The resurgent Persians next fell victim to Alexander the Great, who conquered Bactria and Sogdiana (ancient Uzbekistan, Tajikistan, and Afghanistan) between 329 and 327 B.C., founding the modern-day city of Khujand. Alexander consolidated his control by urging his men to marry local women; he himself married a Sogdian princess, Roxana. Alexander's Greco-Sogdian heirs created the Bactrian Empire, which governed a large part of Central Asia and Afghanistan between 300 and 140 B.C. The western region of Central Asia (presentday Turkmenistan) was ruled by the Parthians, a tribal dynasty based on the Saka tribes, whose empire lasted until A.D. 226, when they were defeated by the Persian Sassanids. Meanwhile, the north of Central Asia was invaded in the last century B.C. by successive waves of Sakas, who in time were driven out by another tribal group of nomads from the Gobi Desert: the Hsiung-nu, the forefathers of the Mongols. The Hsiung-nu had spread west after defeating the Uighurs, another tribal confederation who at that time ruled present-day Xinjiang Province and western China. Continuing their westward march across Central Asia, the Huns, as they were now called, reached the Volga River by a.d. 400. Their empire— the first nomadic Mongol empire— now stretched from Korea to the Volga.
In the fifth century the Huns invaded Europe under their chief Attila and marched on Rome. As the Huns moved westwards the vacuum in eastern Central Asia was once again filled by invading Turkic tribes, who continued their incursions for several centuries. These nomadic invasions from Mongolia and western China have left behind few traces of their empires or culture, and little is known about the political system they erected to rule their vast landmass. Invariably, they would arrive to conquer and then move on eastwards whilst other tribes arrived to take their place.
One nomadic empire did leave some impressive traces: the Kushan Empire, which dates from the first and second centuries A.D. and also included northern India, Iran, and present-day Xinjiang Province in China. In the second century the great Kushan king Kanishka became a patron of the Mahayana school of Buddhism, which was the first to humanize the figure of Buddha. (Previously Buddha had been depicted only by symbols, such as the prayer wheel.) Massive and beautiful stylized Kushan Buddha statues have been unearthed in archaeological digs in the twentieth century in Afghanistan and Tajikistan. It is also noteworthy that in keeping with the religious tolerance that has always characterized Central Asia, the Kushans allowed Zoroastrianism and Hinduism to flourish alongside Buddhism.
For the first several centuries A.D., then, various groups contended over Central Asia: Huns, Sassanians, Turks, and Chinese, who invaded the Fergana Valley. But the next important series of incursions began around 650, when the Arabs came, bringing with them the new faith of Islam. During the next hundred years they sent invading forces into Transoxiana, capturing Bukhara and Samarkand. In 751 an Arab army defeated a Chinese army at Talas, in present-day Kyrgyzstan, decisively ending Chinese ambitions and establishing Islam in Central Asia, although the Arabs themselves did not remain to found substantial kingdoms in the region.
Independent Muslim kingdoms sprang up in the oasis cities. The most significant of these was the empire of the Persian Samanids (874-999), who made their capital at Bukhara. With a well-organized bureaucracy and army the Samanids regulated and expanded the Silk Route, spreading the Persian language and making Bukhara a trade, transport, and cultural center of the Islamic world. Physicians such as Ibn Sina, mathematicians like Al Biruni, and poets such as Firdausi ensured that the Samanid court would leave an indelible mark on the development of the Persian language and culture, an importance that would not be eroded in Central Asia for centuries.
The Samanid Empire came to an end with the arrival of a new wave of Turkic tribes. The Ghaznavids (based in Ghazni, Afghanistan) took over Khurasand, the Qarakhanids captured Bukhara, and later the Seljuks arrived to defeat them and conquer Central Asia and Turkey.
By 1055 the Seljuk chief Turhril was standing outside the gates of Baghdad. For the next two hundred years the Seljuks ruled the area from the Pamir Mountains and the borders of China to Iraq, uniting Central Asia with the Persian and Arab worlds for the first time under Turkic hegemony.
The Mongol hordes (ordas) were the next to sweep through the region. In 1218 the Seljuks had executed an envoy of the Mongol ruler Genghis Khan and murdered 450 merchants who had been trading with the Mongols. The infuriated Mongols set out to conquer the Seljuks, and historians have subsequently blamed Seljuk high-handedness for the Mongol onslaught that followed. Under Genghis Khan the Mongols captured Bukhara in 1220, killing thirty thousand people. Standing before a pile of heads in Bukhara, Genghis Khan declared, "You ask who I am, who speaks this to you. Know, then, that I am the scourge of God. If you had not sinned God would not have sent me hither to punish you." The Mongols continued eastwards, adding Russia and parts of Eastern Europe to their empire. Then, having conquered this vast area, they settled down to exploit it. They developed the Silk Route, which had broken down during the incessant invasions, building resthouses along the way and instituting a postal service. Under the Mongols it was possible for caravans to travel in safety from Istanbul to present-day Beijing. For the first time since the conquests of Alexander the Great, Europe was linked with Asia. After the death of Genghis Khan, Central Asia was ruled by his son Chagatai, whose descendants divided the region into two khanates: Transoxiana in the west and Turkistan in the east.
The last great explosion out of Central Asia was to leave the most significant cultural influence in the region. Timur (Tamerlane), who did not begin his conquests until he was forty years old, created the first indigenous empire in Central Asia. Timur was a Barlas Turk who had been born near Samarkand, and he made the city his capital in 1369. After he had conquered Central Asia, he added India, Persia, Arabia, and parts of Russia to his empire. Samarkand was already one of the largest cities in the world, with a population of 150,000, and under Timur it became one of the architectural marvels of the world as well, for Timur brought in artisans and architects from all the conquered regions. By now, after almost four hundred years of Turkic rule, the region had become established as the center for Turkic influence in Central Asia and of resistance to Persian cultural and political domination. Timur even replaced Persian with the Jagatai dialect of Turkish as the court language. The Shaybani Uzbeks, who traced their genealogy back to Uzbek Khan, a grandson of Genghis Khan, created the last of the great nomadic empires in Central Asia. In 1500 they defeated the Timurids (descendants of Timur) and set up their capital in Bukhara. Under Shaybani rule Turkic (Uzbek) language and literature flourished. The great Uzbek poet Mir Alisher Navai (1441-1501) created the first Turkic script, which replaced Persian.
After the sixteenth century, weakened by the decline of the Silk Route as sea routes opened linking Europe to Africa and India, the Shaybani Empire began to erode. Large empires and strong rulers were no longer needed to ensure the safety of the Silk Route, whilst the dramatic loss of income from the traffic in trade meant that rulers were no longer capable of keeping large standing armies and expanding their kingdoms. In addition, the conservative ulema (Islamic scholars, who had enormous influence over daily life) banned innovations in education and science, further marginalizing Central Asia. The Shaybani Empire gradually degenerated into a collection of small, squabbling, city-based fiefdoms. In the seventeenth and eighteenth centuries these emerged as three separate but weak khanates— Khiva, Kokand, and Bukhara — in which the khans (rulers) later established dynasties: the Kungrad in Khiva, the Mangyt in Bukhara, and the Ming in Kokand. The impoverished khans survived by the slave trade and the imposition of exorbitant taxes on the population.
It was inevitable that the tsars, seeking to expand their Russian empire, should eventually look to Central Asia. By 1650 the Russians had annexed Siberia and reached the Pacific Ocean. In the next two centuries Russia moved to conquer the Caucasus and Central Asia. Peter the Great invaded the Kazakh steppe in 1715 and began building Russian forts, the first at Omsk in 1716. By 1750 all the Kazakh khans, who saw the Russians as their best security against the marauding Uzbeks, had signed treaties with Moscow. The Russian expansion was fueled by the empire's vast military bureaucratic apparatus, which had subdued the Caucasus and was now without a role even as the tsars eyed the potential resources of Central Asia: minerals and cotton. When the American Civil War (1861-65) cut off vital cotton supplies to Russian factories, the urge to conquer Central Asia was irresistible. At the same time Russia was watching with apprehension the steady expansion of the British Empire in India from Bengal towards Afghanistan. This was the era of the Great Game —the vast power struggle between Russia and Great Britain for control of Asia that used Central Asia and Afghanistan as pawns in their efforts to outmaneuver each other, building influence. At the end of the nineteenth century, Afghanistan was established as buffer between the two empires of Russia and Britain.
In the brief period between and 1876, Russian armies captured Tashkent and much of modern-day Uzbekistan, Turkmenistan, and Tajikistan, although the border between Afghanistan and Tajikistan remained open, and tribal leaders and bandits frequently took refuge in one another's territories— a tradition that is being revived today amongst the Islamic extremists of Central Asia and the Taliban. The Russians established the province of Turkestan, whose capital was Tashkent and which was ruled by a governor general appointed by Moscow. They left the khanates of Bukhara and Khiva as autonomous political units, dependent on Russia. Whilst the settled regions were easily conquered, the nomadic tribes continued to resist for several decades, and periodic revolts broke out in the Fergana Valley. In 1885 Russian troops crushed a revolt in the valley towns of Osh, Margilan, and Andijan led by a Sun Dervish, Khan Tura. The most serious threat to Russian rule arose in May 1898, when twenty-two Russian soldiers were killed in Andijan by Islamic rebels. The revolt spread to other towns before Russian troops arrived and brutally quashed the rebellion.
As a way of controlling the region, the Russians began resettling Central Asia with ethnic Russians and Cossacks and turning the rest of the land over to cotton production; in 1891 alone more than a million Russian and Cossack farmers were settled on Kazakh lands adjoining Siberia. The Russians developed large cotton plantations by means of vast irrigation projects. New industries manned by Russian workers were also introduced, and Central Asia was linked with Russia through a railway network that for the first time brought the Russian Empire up to the borders of Afghanistan, Iran, China, and British India. Tsarist rule ended in a holocaust of suffering for the peoples of Central Asia. In 1916, with the region facing a massive famine, a revolt broke out after Moscow tried to draft Central Asians to fight for the tsarist army in World War I. The government also increased taxes and forcefully appropriated wheat from the region. The Kazakh and Kyrgyz nomads, who saw no reason why they should fight in Europe for the tsar, were the first to rebel, and the revolt soon spread across Central Asia. But as with previous rebellions, tsarist troops brutally suppressed it, killing tens of thousands of people in the process. In the Tian Shan Mountains a Cossack army carried out reprisals against the Kyrgyz, slaughtering flocks, burning down villages, and forcing huge numbers of Kyrgyz to flee across the border into Chinese Turkestan. Even today the Kyrgyz identify the 1916-17 repression as the worst period in their history, in which as much as a quarter of the Kyrgyz population was slaughtered or forced to flee.
But when the Russian Revolution broke out in 1917, Central Asia had no desire to become part of the new Soviet Union. Central Asians resisted Sovietization more fiercely than most other regions, with the Muslim Basmachis ("bandits"), as the Bolsheviks termed them, leading the struggle. By 1929, however, when the Basmachis were finally defeated, the map of Central Asia had been forcibly redrawn into five soviet republics, and the centuries of wars for control of the region seemed to have come to an end. That too was to change.

Islam in Central Asia

The people of Central Asia are predominantly Sunni Muslims of the Hannafi sect. Shia Muslims make up a small minority in some of the great trading cities, like Bukhara and Samarkand, as well as in Tajikistan, where the Ismaeli sect, whose spiritual leader is the Aga Khan, can be found in the Gorno-Badakhshan region of the Pamir Mountains. (The Ismaelis also occupy adjacent areas south of the Pamirs in modern-day Afghanistan and Pakistan.) Since 1991 Central Asia has also seen a meteoric rise of militant Islamic sects, each with its own brand of orthodoxy and sharia (Islamic law), and this phenomenon has obscured one of the most important aspects of traditional Central Asian Islam— its tolerance. Characterized by major advances in philosophy, ethics, legal codes, and scientific research under largely liberal political rulers, and spread through a vast region by Arabs, Mongols, and Turks, the Islam of Central Asia took many forms. Early Central Asian Muslims coexisted in relative peace not only with one another but also with the Jews, Buddhists, Hindus, Zoroastrians, and Nestorian Christians who had established pockets of civilization in the region.
Perhaps the most important Islamic movement to arise in Central Asia was Sufism: a form of Islamic mysticism that preached direct communion with God and tolerance towards all other forms of worship. Sufism originated in Central Asia and Persia soon after the Arab invasions. The name derives from the rough woolen cloaks worn by the early Sufi brothers (sufi means "wool" in Arabic), who inherited some of the symbols of pre-Islamic nomadic mystics. The Sufis encouraged popular participation in Islam through their opposition to authority, intellectualism, and the mullahs (clergy).
Sufis urged all Muslims to experience God directly, without the intervention of priests or scholars— an important factor in the spread of Islam amongst Central Asia's sparse, nomadic population. The Sufi orders, or tariqas ("the way"), are best defined as "brotherhood[s] of Sufis who have a common pedigree of spiritual masters, ... in which elders initiate disciples and grant them formal permission to continue a common school of thought and practice."
Sufis invoke God through the zikr, vocal (or sometimes silent) prayers, Dervishes—another Sufi sect— perfected into an art form. Many of the tariqas evolved into secret societies with their own codes of behavior and prayer. The tariqas played a major role in reviving Islam in the thirteenth century after the Mongol destruction, and they continued to sustain Islamic faith and practice centuries later in the Soviet era, when Islam was driven underground by the authorities.
The most important tariqas are Naqshbandiyya, Qadiriyya, Yasawiyya, and Kubrawiyya.
The Qadiriyya, probably the oldest extant order, was founded by Abd al-Qadir. A minor tariqa in Baghdad in the twelfth century, the Qadiriyya moved to Central Asia, becoming particularly strong during the thirteenth century, and then spread to Afghanistan and India. Central Asian Qadiris were centered mainly in the cities of Transoxiana.
Kubra, the founder of Kubrawiyya, was martyred in the Mongol massacres in Central Asia in 1221. The Kubrawiyya order took strong hold in Khorezm (present-day Uzbekistan).
The Yasawiyya order was founded by the poet and mystic Ahmed Yasawi, who died in 1166 and is buried in southern Kazakhstan. Their main influence was in the Fergana Valley and amongst the southern Turkic tribes.
Muhammad ibn Baha ad-Din Naqshband (1317-89), the founder of the Naqshbandiyya tariqa, is still the most revered mystic and saint in Central Asia and Afghanistan. Even today his tomb outside Bukhara is the most important place of pilgrimage in Central Asia.
Unlike other Sufi sects the Naqshbandis, though mystics, believe in active missionary work and political activism; many led revolts against the tsar and the Communists. The leader of the 1898 revolt in Andijan was a Naqshbandi.
The Sufi orders spread their message to China via the Fergana Valley and to India and the Arab world through Afghanistan. Sufi spiritual leaders, especially the Naqshbandis, vied with the traditional ulema, who tended to be fiercely opposed to them, for influence amongst local rulers. And influence they had: the rulers of the Turkic dynasties would seek validation for their rule from the leading Sufi saints. The relationship of ruler and mystic, in the words of Islamic scholar Bruce Lawrence, tended to be "fraught with tension," for Sufi mystics saw themselves as eternal rulers, more powerful than the most autocratic temporal ruler.
In the eighteenth and nineteenth centuries the leading Naqshbandi families (leadership in the sect was frequently passed down from father to son) served as political advisers and spiritual guides to many of the khans who governed the increasingly fragmented Central Asia. Some of these Sufi families became rulers themselves. Many became rich and corrupt in the process, one of the reasons for the Jadid reforms in the nineteenth century. In the twentieth century Naqshbandi political activism played a major role in influencing militant Islamic movements in Afghanistan, Chechnya, and most recently the Fergana Valley.
But beyond the oasis towns and valleys, the spread of Islam on the Central Asian steppe was slow and sporadic. Islam did not come to the Kazakh steppe until the seventeenth century, and even then the predominant Sufism incorporated ancient shamanistic traditions of the nomadic culture, such as the veneration of animals and nature. Although Zoroastrianism, the religion of the Persian kings, was discouraged by the Islamic invaders, elements continued to thrive on the steppe, taking on an Islamic coloring, as well as in Iran and India.
Thus, early on in the history of Islam two branches of the religion emerged in Central Asia: the traditional, conservative, scholarly Islam of the settled areas and the oasis cultures that was dominated by local rulers and the ulema, and the much looser, less restrictive Islam of the nomads that still favored Sufism and pre-Islamic traditions.
As historian Fernand Braudel noted, "Islam is essentially an urban religion. So Islam consists of a few densely populated regions, separated by vast stretches of empty space."
Even today the nomadic Kazakh, Kyrgyz, and Turkmen tribes are far less Islamicized— and much less susceptible to Islamic radicalism— than their ethnic counterparts in the settled oasis areas.
The Arabs who brought Islam Central were soon displaced by Persian and Turkic tribes, each of whom adopted Islam. Of the two, for many centuries Persian was the dominant influence, lasting until the Safavid dynasty came to power in Persia around 1500. The Safavids changed Persia's state religion from Sunni to Shia Islam— step that considerably reduced Persian influence in Central Asia. In addition, Persia became preoccupied with combating the challenge of the Ottoman power in Turkey on its western borders, and Persian leaders therefore paid less attention to Central Asia.
Nevertheless, the earlier Persian empires had left an enormous legacy in Central Asia in the arts, language, poetry, and sciences. Not until the Shaybani Uzbeks, who aggressively made their empire more Turkic, did Persian control and influence in Central Asia wane. The only vestiges of Persian ethnicity remaining in Central Asia today are the Tajiks, who speak Persian and are proud of their Persian culture and heritage. But the tension between Persian and Turkic culture continues, both in the competition for influence in Central Asia between Iran and Turkey and in the ongoing disputes between Tajikistan and Turkic Uzbekistan over Tajiks in Uzbekistan and Uzbeks in Tajikistan, and over borders. Many Tajiks assert that the cities of Bukhara and Samarkand, which Stalin handed over to Uzbekistan, should rightfully belong to Tajikistan. For they are Tajik cultural and historical centers.
Central Asian Islam became less dynamic under the tsars, not because Central Asia's new Russian masters tried to interfere with the Islamic clergy, law, or practices but because they wooed them with modern advances: industry, education, technology. The Russians also supported the ultra-conservative ulema, whilst at the same time settling millions of ethnic Russians in the region to try and make good Russians out of Central Asians.
But the new colonial masters were only partly successful. The introduction of Western ideas and sciences paved the way for a modernist reinterpretation of Islam by the Jadids, a reform sect of Tartars whose inspiration was Ismail Bay Gasprinski (1851-1914), founder of the influential Tartar-language newspaper Tercuman in 1883. Based on Usul-i-jadid (new educational principles), Jadidism was one of the many intellectual Islamic reform movements that swept the colonized Muslim world in the late nineteenth century. All sought in varying degrees to reconcile the problems associated with exposure to Western modernism with Muslim religion and culture, particularly for Muslims who lived in colonies ruled by non-Muslims. These movements, in India, Egypt, Turkey, and Afghanistan, were primarily anticolonial and pan-Islamic, but they also advocated religious reform, modern education, and an understanding of the sciences.
Jadid teachers and scholars in Tashkent and the Fergana Valley founded new schools with modern curricula: math, the sciences, theater, poetry, and Russian and Turkic literature, as well as traditional Islamic subjects. They staged plays and operas and published a number of newspapers that helped revive the Turkic languages and develop a modern Turkic culture. The literature they generated analyzed local history, culture, and politics in a modern way for the first time. This embrace of modernism brought the Jadids into conflict not just with the Russians but also with the ulema, whom they considered reactionary and obscurantist. For their part the Russians had encouraged the ulema to continue their practice of a conservative interpretation of the sharia as a way of countering anti-Russian Islamic and nationalist movements.
For all their success the Jadids remained an intellectual rather than a mass movement, divided over ideology and politics. When the 1917 revolution came, some Jadids backed the Bolsheviks because they sought to throw over the tsarist empire and saw in the Communist ideology a chance of greater freedom, the adoption of modern ideas, and education whilst others resisted them because of their lack of respect for Islam. The Jadids who joined the Communist Party after 1917 played a critical role in helping build indigenous Communist parties in Central Asia, but it did them little good. The Soviets termed the Jadids bourgeois reformers and banned their literature. When Stalin came to power he began a steady purge of Jadids; the last Jadids were eliminated in the massacres of 1937. During the brief cultural flowering after independence in 1991, Uzbek intellectuals attempted to republish and popularize Jadid writings, but they were quickly suppressed. Uzbek President Islam Karimov discourages all attempts to renew interest in Jadidism, although the movement has immense relevance in today's discussion of the way Islam, nationalism, and democracy can coexist in Central Asia.

Sembra che Paolo Zampolli abbia ricevuto la nomina direttamente da Trump, ma nessuna istituzione italiana ne sa niente, e non si sa neanche cosa viene a fare

Questo “inviato speciale” degli Stati Uniti in Italia è un caso strano: ilpost.it/2025/02/27/zampolli-…

Q4 2024 saw fewer published exploits for Windows and Linux compared to the first three quarters. Although the number of registered vulnerabilities continued to rise, the total number of Proof of Concept (PoC) instances decreased compared to 2023. Among notable techniques in Q4, attackers leveraged undocumented RPC interfaces and targeted the Windows authentication mechanism.

Statistics on registered vulnerabilities

This section contains statistics on registered vulnerabilities. Data is sourced from the CVE portal: cve.org.

Total number of registered vulnerabilities and number of critical ones, Q4 2023 vs. Q4 2024 (download)

In Q4 2024, the trend of documenting software flaws that create vulnerabilities continued to gain momentum. The share of vulnerabilities labeled as critical was slightly higher than in Q4 2023. In general, more and more vulnerabilities are being assigned CVE identifiers through Bug Bounty programs and general software security research. Let’s also examine the number of public exploits.

Number of vulnerabilities, the share of critical ones, and those for which exploits exist, 2019–2024 (download)

As shown in the graph, the number of published exploits for vulnerabilities ended up at around 6%, which is 4 p.p. lower than in 2023. This decline may be due to vendors’ requirements not to disclose information about exploitation methods for discovered vulnerabilities and corresponding exploits—we believe researchers are increasingly encountering such requests. Thus, the main trends of 2024 were the growth in the number of registered vulnerabilities, the decrease in the number of PoCs, and the share of critical vulnerabilities remaining at 2023 levels.

Let’s examine the most popular types of vulnerabilities exploited in real attacks in 2023 and 2024.

Number of vulnerabilities by the most prevalent CWEs used in attacks on users in 2023 (download)

Number of vulnerabilities by the most prevalent CWEs used in attacks on users in 2024 (download)

As in 2023, the top three in the list are the following software issues:

• CWE-78—Improper or insufficient neutralization of command-line inputs (OS Command Injection);
• CWE-20—Improper input filtering and validation. This includes most vulnerabilities that allow attackers to take control of applications;
• CWE-787—Memory corruption vulnerabilities (Out-of-bounds Write).

These types of flaws have been known for a long time and remain actively exploited by attackers. The number of associated vulnerabilities has remained at the same level over the past two years.

Next are software flaws that are less common but no less critical. In 2024, some of the most popular CWEs included the following:

• CWE-416—Improper use of dynamic memory resources (Use After Free);
• CWE-22—Improper handling of file system path formats (Path Traversal);
• CWE-94—Improper control of code generation (Code Injection);
• CWE-502—Deserialization of untrusted data;
• CWE-843—Improper handling of data types (Type Confusion);
• CWE-79—Improper neutralization of input during web page generation (Cross-site Scripting);
• CWE-122—Heap-based Buffer Overflow.

Compared to 2023, CWE-119—associated with performing operations outside buffer bounds—was the only one to drop out of the TOP 10. However, it was replaced by a similar type, CWE-122, associated with buffer overflow—so memory corruption vulnerabilities remained on the list. This confirms that the landscape of software flaws leading to exploitable vulnerabilities has remained unchanged over the past two years.

Exploitation statistics

This section contains statistics on the use of exploits in Q4 2024. The data is based on open sources and our telemetry.

Windows and Linux vulnerability exploitation

Among the exploits detected by Kaspersky solutions for Windows, the most popular throughout 2024, including Q4, were vulnerabilities in Microsoft Office applications:

• CVE-2018-0802—Remote code execution vulnerability in the Equation Editor component;
• CVE-2017-11882—Another remote code execution vulnerability also affecting the Equation Editor;
• CVE-2017-0199—A vulnerability in Microsoft Office and WordPad that allows an attacker to take control of the system.

Following these, the most common vulnerabilities in Q4 included those in WinRAR and various Windows subsystems:

• CVE-2023-38831—A vulnerability in WinRAR related to improper handling of objects contained in an archive;
• CVE-2024-38100—A vulnerability known as Leaked Wallpaper, which allows an attacker to obtain a NetNTLM hash used in user authentication protocols;
• CVE-2024-21447—A vulnerability in improper link handling within the file system. It resides in the UserManager service and, if exploited, allows privilege escalation;
• CVE-2024-28916—A vulnerability similar to CVE-2024-21447 in the Xbox Gaming Service.

Each of the above vulnerabilities can be used to compromise the system and gain the highest possible privileges, so we recommend regularly updating the corresponding software.

Dynamics of the number of Windows users encountering exploits, Q1 2023—Q4 2024. The number of users who encountered exploits in Q1 2023 is taken as 100% (download)

Kaspersky products for the Linux operating system triggered on exploits for the following vulnerabilities:

• CVE-2024-1086—Improper resource handling vulnerability in the nf_tables component of the kernel. Exploiting it allows privilege escalation in the system;
• CVE-2024-0582—A memory leak vulnerability in the io_uring component, which can be used to escalate privileges on the vulnerable system;
• CVE-2022-0847—A widespread vulnerability known as Dirty Pipe, allowing privilege escalation and control over running applications;
• CVE-2022-34918—Improper handling of kernel objects related to the netfilter component. Exploiting the vulnerability allows privilege escalation in the system.

Dynamics of the number of Linux users encountering exploits, Q1 2023—Q4 2024. The number of users who encountered exploits in Q1 2023 is taken as 100% (download)

For the Linux operating system, it is critically important to keep kernel components up to date, as well as any software used.

Most common published exploits

The distribution of published exploits for vulnerabilities by platform, Q3 2024 (download)

The distribution of published exploits for vulnerabilities by platform, Q4 2024 (download)

In Q4 2024, operating systems remained the most popular category of software in terms of the number of publicly available working exploits. At the same time, the share of exploits targeting Microsoft Office tools decreased, and no exploits for SharePoint vulnerabilities were published.

The distribution of published exploits for vulnerabilities by platform, 2024 (download)

Data for 2024 shows that the overall trend of attacks on operating systems continues to grow, increasingly displacing other categories of software. Researchers and attackers are finding new operating system components that still contain potentially exploitable vulnerabilities.

Vulnerability exploitation in APT attacks

We analyzed which vulnerabilities were most commonly used in APT attacks in Q4 2024. The ranking below is based on our telemetry, research, and open sources.

TOP 10 vulnerabilities exploited in APT attacks, Q4 2024 (download)

The list of vulnerabilities commonly used in APT attacks shows changes in the software exploited by attackers. Microsoft Office applications, whose vulnerabilities were not used as much in 2023, have returned to the top ten most frequently exploited types of software. In addition, vulnerabilities for PAN-OS appeared on the list for the first time. Moreover, remote access systems and corporate data processing solutions once again appeared among the vulnerable applications. These statistics highlight the issue of delayed patch installation, which attackers quickly exploit. We strongly recommend promptly updating the software listed.

Interesting vulnerabilities

This section contains the most interesting vulnerabilities published in Q4 2024.

CVE-2024-43572—Remote code execution vulnerability in Microsoft Management Console

The Windows operating system has many useful features and mechanisms that allow users to customize it for their convenience. One such feature is the Microsoft Management Console (MMC)—an interface for running applications that contain strictly structured information. These applications are called “snap-ins.” The operating system provides a number of built-in tools for working with MMC, such as
services.msc—an interface for managing services. This is an XML file that interacts with individual COM objects and allows you to set parameters for them in the management console.
According to Microsoft documentation, .msc files can be used for system administration. Attackers exploited this functionality to run commands on user systems: inside the .msc file, they specified the URI
urn:schemas-microsoft-com:xslt and commands in JavaScript and VBScript. These files were distributed as email attachments.

Header of the main .msc file

CVE-2024-43451—NetNTLM hash disclosure vulnerability

This vulnerability is also related to the functionality of the Windows operating system, specifically to the NTLM authentication mechanism with the SSPI interface, which is automatically launched in all versions of the OS up to and including Windows 10. During the transmission of the NetNTLM hash, an attacker can intercept it or redirect it to another service, resulting in the compromise of the victim’s credentials. In common legitimate Windows scenarios, users frequently need to authenticate using the NTLM protocol, which may attract attackers. In 2024, we observed the active use of files of various formats with the .url extension in attacks: these files contained links to resources that triggered authentication using NTLM mechanisms.

CVE-2024-49039—Elevation of privilege vulnerability in Windows Task Scheduler

Our 2024 reports mainly included vulnerabilities that were used either solely for privilege escalation or for initial system access. However, CVE-2024-49039 stands out because it allows stealthy persistence within the system, privilege escalation, and command execution.

This vulnerability exploits an undocumented RPC endpoint on the server side, which contains interfaces with a misconfigured security descriptor, enabling privilege escalation.

In recent versions of Windows, when a scheduled task is registered, applications can run in AppContainer, which generally limits their privileges. To exploit the vulnerability, an attacker needs to create a scheduled task that, upon execution, calls the undocumented RPC endpoint. The Task Scheduler contains a vulnerable application launch algorithm, and as a result of the RPC call, the application will be relaunched without AppContainer with the privileges of a regular or system user.

Conclusion and advice

The total number of vulnerabilities registered in the Q4 2024 continues to grow compared to 2023, but the number of published exploits decreased. This may be due to the fact that software vendors have not yet released patches because of the traditional lull during the holiday period. Notably, attackers continue to invent new methods of privilege escalation, as seen in the Task Scheduler vulnerability.

To stay safe, it is essential to respond promptly to the evolving threat landscape. Also, make sure that you:

• Ensure round-the-clock monitoring of your infrastructure, paying special attention to the perimeter;
• Maintain a patch management process: promptly apply security fixes. To configure and automate vulnerability and patch management, you can use solutions like Vulnerability Assessment and Patch Management and Kaspersky Vulnerability Data Feed;
• Use reliable solutions that can detect and block malware on corporate devices, and comprehensive tools that include incident response scenarios and up-to-date cyberthreat databases.

securelist.com/vulnerabilities…

Camper shells are a time-honored piece of truck gear, but with modern trucks having increasingly vestigial beds, the length of your overnight abode has increasingly shrunk as well. To combat this problem, [Ed’s Garage] built a camper shell that extends once you’ve arrived at your campsite.

[Ed] wanted to keep things relatively low profile while still tall enough to sit up in for convenience, leading to a small bit of the shell peeking over the truck’s roof. To keep the cold Canadian winter out, attention was paid to proper weather sealing around the sliding portion of the shell so that it stays warm and dry inside.

While this would work on any truck, the mains power plugs in the bed of some modern trucks mean that certain glamping conveniences like a heater and projector can be easily powered while you’re in camp. We get to see the camper shell in action at the end of the video where the pros and cons of having your sleeping space also being your storage while en route become apparent.

If you’re looking for something a little less conventional for your camping experience, how about this solar camper or this retro bike camper?

youtube.com/embed/MfxifnxYbPI?…

hackaday.com/2025/02/26/want-a…

Muon tomography (muography) is the practice of using muons generated by cosmic rays interacting with Earth’s atmosphere (or equivalent) to image structures on Earth’s surface, akin to producing an X-ray. In lieu of spending a lot of spending a fair bit of money on dedicated muon detectors, you can also hack such a device together with two Geiger-Müller tubes and related circuitry for about $100 or whatever you can source the components for.

The reason for having two Geiger-Müller tubes is to filter out the countless other (much more prevalent) sources of ionizing radiation that we’re practically bathed in every second. Helped by a sheet of lead between both tubes, only a signal occurring at the same time from both tubes should be a muon. Specially cosmic ray muons, as these have significantly more kinetic energy that allows them to pass through both tubes. As a simple check it’s helpful to know that most of these muons will come from the direction of the sky.

The author of the article tested this cobbled-together detector in an old gold mine. Once there the presence of more rock (and fewer muons) was easily detected, as well as a surge in muons indicating a nearby void (a mine shaft). While not a fast or super-easy way to image structures, it’s hard to beat for the price and the hours of fun you can have while spelunking.

hackaday.com/2025/02/26/buildi…

This week, Jonathan Bennett and Rob Campbell talk with Shimon Schocken about Nand2Tetris, the free course about building a computer from first principles. What was the inspiration for the course? Is there a sequel or prequel in the works? Watch to find out!

• Nand2Tetris

youtube.com/embed/X-CavXZjfGU?…

Did you know you can watch the live recording of the show right on our YouTube Channel? Have someone you’d like us to interview? Let us know, or contact the guest and have them contact us! Take a look at the schedule here.

play.libsyn.com/embed/episode/…

Direct Download in DRM-free MP3.

If you’d rather read along, here’s the transcript for this week’s episode.

Places to follow the FLOSS Weekly Podcast:

• Spotify
• RSS

Theme music: “Newer Wave” Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

hackaday.com/2025/02/26/floss-…

Picture a football (soccer ball) in your head and you probably see the cartoon ideal—a roughly spherical shape made with polygonal patches that are sewn together, usually in a familiar pattern of black and white. A great many balls were made along these lines for a great many decades.

Eventually, though, technology moved on. Footballs got rounder, smoother, and more colorful. This was seen as a good thing, with each new international competition bringing shiny new designs with ever-greater performance. That was, until things went too far, and the new balls changed the game. Thus was borne the “knuckleball” phenomenon.

Smoother Is Better, Right?

An Adidas Telstar from the 1974 World Cup. The original Telstar design actually predates 1974, and the combination of 12 pentagonal and 20 hexagonal panels and black and white patterns had been used before, too. Regardless, the Adidas design was soon globally known, and eventually became the “default” design for a football in media. Credit: shine2010, CC BY 2.0
From the late industrial era onwards, footballs were traditionally made with leather panels wrapped around some form of rubber bladder. As it’s not easy to produce a seamless leather sphere, balls were instead sewn together from individual leather panels in order to create a vaguely spherical whole. Early designs had few panels, and weren’t particularly good at approximating the shape of a sphere. They often had large, wide seams that stretched far across the surface of the ball. Larger seams were by and large undesirable, as they made the ball harder to control. Ridges where the panels met could catch on the foot and lead to unpredictable behavior.
The 32-panel design persisted at the World Cup level until 2002, with the Fevernova ball. Credit: Nicola, CC BY-SA 4.0
Over time, there was a desire to create smoother, rounder balls for professional play. By the 1970s, football designs began to coalesce around a common format. The standard became 12 pentagonal and 20 hexagonal panels, which could be sewn together into a relatively good approximation of a sphere. This also allowed the construction of a ball with very fine seams, creating a more predictable ball which enabled far finer control. The format was perhaps best popularized by the Adidas Telstar as used in the 1970 and 1974 World Cups. Even though it wasn’t the first to use the 12-and-20 design, the layout and the black-and-white pattern has been firmly etched in footballing consciousness ever since. Indeed, starting at the 1970 World Cup, Adidas has made every following World Cup ball since.

For a time, it seemed as if the design of the football was settled science. Adidas stuck with the 32-panel design up until the 2006 World Cup, when it revealed the +Teamgeist design. It used 14 curved panels that were bonded instead of stitched, creating a smoother ball for yet more predictable handling. It was also intended that the design would be more waterproof, to avoid gaining weight in wet matches. The ball was criticised by some for its erratic flight patterns, but by and large was seen as fit for purpose.
The Jabulani proved controversial, with its ultra-smooth design criticised for creating its unpredictability in flight. Credit: Adidas, editorial use
With another successful World Cup under its belt, Adidas innovated further for the 2010 World Cup. It created the Jabulani, which consisted of just eight spherically-moulded panels bonded together into an ultra-smooth and cohesive sphere. If the 2006 World Cup ball was slightly controversial, the Jabulani was outrageous. The ball was referred to as “supernatural” for its tendency to suddenly change direction in flight, which pleased strikers to a degree, but frustrated goalkeepers to no end. Ultimately, though, this tendency wasn’t good for getting balls on target. Just 147 goals were scored in the 2010 World Cup, the fewest since the competition changed its tournament format in 1998.

The problem came down to a phenomenon known as “knuckling.” This happens when the ball is travelling through the air with little to no spin. At a certain speed, the seams on the ball tend to interact with the airflow, channeling it such that it creates sudden and unpredictable movements. The term first developed in baseball, but became relevant to football with the development of the 2006 and 2010 World Cup balls, which suffered this phenomenon more often in play.

The phenomenon became so well known that NASA scientists took the opportunity to throw World Cup balls in a test chamber to demonstrate the effects at play. Knuckling behavior tends to peak at a certain critical speed, with the effect lessened either side of the peak. The problem was that the smoother designs were “knuckling” at higher speeds than balls from previous generations. NASA researchers found that the Jabulani would undergo unpredictable flight due to knuckling at speeds of 50 to 55 mph—right around the speed at which professional strikers can deliver a ball to the net. Meanwhile, more traditional 32-panel balls tend to see a peak in knuckling around 30 mph. Since strikers were typically kicking beyond this speed, knuckling—and thus unpredictable flight—wasn’t such a problem with the older designs.
The Brazuca demonstrated a critical knuckling speed closer to a traditional 32-panel ball in NASA’s tests. “What we are looking for in the smoke patterns is at what speed the smoke patterns suddenly change,” notes Rabi Mehta, NASA’s chief of the Experimental Aero-Physics Branch. “This is when the knuckling effect is greatest.” Credit: NASA
Being well aware of the problem after the 2010 World Cup, Adidas went back to the drawing board and developed the Brazuca for the 2014 competition. The number of panels was reduced yet further to just six. However, Adidas wasn’t intending to just go smoother yet again. Instead, the Brazuca had longer, deeper seams than the Jabulani, and panels covered in textured bumps. Through the company’s careful design efforts, this brought the critical knuckling speed back down to around 30 mph, much more akin to a traditional 32-panel ball.

By and large, the Brazuca proved far less controversial than its two predecessors. Search for articles on the 2014 ball, and you’ll find a little speculation from before the World Cup, before the story died completely once competition began. No more were unpredictable balls confounding the world’s finest footballers. Meanwhile, democratically speaking, where the +Teamgeist and Jabulani each have hundreds of words spilled on Wikipedia over controversy and criticism, the Brazuca has none.
Adidas gave the Brazuca deeper seams and a bumpy finish to improve its stability in flight. Credit: Nicola, CC BY-SA 4.0
The story of the Jabulani is one of unintended consequences. Adidas had intended to improve its product in a predictable and routine manner, only to find an unexpected effect at play which threw a spanner in the works. Once the effect was understood, it could be controlled and refined out with careful design. Football hasn’t suffered a “supernatural” ball since, even as the technology marches ever further into the Smart Ball era. Still, who knows what comes next at the 2026 World Cup?

hackaday.com/2025/02/26/too-sm…

While electric vehicles (EVs) are generally less likely to catch fire than their internal combustion counterparts, it does still happen, and firefighters need to be ready. Accordingly, the UL Research Institute is working with reverse engineering experts Munro & Associates to characterize EV fires and find the best way to fight them.

There is currently some debate in the firefighting community over whether it’s better to try to put an EV battery fire out with water or to just let it burn. Research like this means the decision doesn’t have to fall on only anecdotal evidence. Anyone who’s worked in a lab will recognize the mix of exceedingly expensive equipment next to the borderline sketchy rigged up hacks on display, in this case the super nice thermal imagers and a “turkey burner on steroids.” The video goes through some discussion of the previous results with a Chevy Bolt, Hyundai Kona, Ford Mustang Mach E, and then we get to see them light up a Tesla Model 3. This is definitely one you shouldn’t try at home!

While the massive battery banks in modern EVs can pose unique challenges in the event of an accident, that doesn’t mean they can’t be repurposed to backup your own home.

youtube.com/embed/kOz0ewP5fdM?…

hackaday.com/2025/02/26/ul-inv…

We’re proud to announce the last round of speakers, as well as the two workshops that we’ll be running at 2025 Hackaday Europe in Berlin on March 15th and 16th — and Friday night the 14th, if you’re already in town.

The last two years that we’ve done Hackaday Europe in Berlin have been awesome, and this year promises to keep up the tradition. We can’t wait to get our hands on the crazy selection of SAO badge addons that are going to be in each and every schwag bag.

Tickets for the event itself are going fast, but the workshop tickets that go on sale at 8:00 AM PST sell out even faster. And you need the one to enjoy the other, so get your tickets now!

Giovanni Salinas
Manufacturing the Hackaday Supercon Badge

When the Hackaday community gathers for Supercon, curious makers dig into their swag bag looking for the undisputed most sought-after piece of swag: the Supercon Badge. In this talk we will explore how idealistic manufacturing principles crash face-first with capricious electronic designs and unreasonable deadlines, and how through love, collaboration and ingenuity, the Hackaday community rises to the challenge and saves the day.

Rehana Al-Soltane
Make PCBs Bend Over Backwards for You

PCBs-as-we-know-them are usually flat and rigid, but what if you could create flexible boards in the shape of anything your heart desires? In this talk, I’ll explain how I created a flexible PCB in the shape of a crown while at MIT, using a Javascript- and web-based open-source tool. Discussing code-based techniques and pitfalls, there will be helpful points for you to consider when embarking on your own journey when creating flexible PCBs.

Christel Sanders
HEU1993 to WHY2025: Dutch hacker camps from the past and the future

This history lesson will go in depth in the history of the Dutch Hacker Camps, their culture, influence and the projects through the years.

Francis Stokes
More Than Motors: Decoding the Software Behind Pen Plotters and CNC Devices

When it comes to building CNC-type devices, much of the information out there emphasises the mechanical and electrical assembly; The gears, belts, motors, and wires. But what about the firmware that brings these machines to life? This talk covers the often-overlooked software magic that drives pen plotters, 3D printers, and CNC mills!

Workshops

Matthew Venn
Tiny Tapeout

In this workshop, you will get the opportunity to design and manufacture your own design on an ASIC! You will learn the basics of digital logic, how semiconductors are designed and made, how to use an online digital design tool to build and simulate a simple design, and how to create the GDS files for manufacture on the open-source Sky130 PDK. Participants will have the option to submit their designs to be manufactured on the next shuttle as part of the Tiny Tapeout project.

Satisfying-Senseless-Sonic Add-On (SSSAO)

Want to build a cool noise-making device, leverage the I2C proto-petal badge add-on from your hackaday swag bag AND get to grips with low-cost open-hardware RISC-V microcontrollers? In this workshop we’ll do all three. It goes like this: solder a motor circuit to your proto petal, add your choice of a few sonically-resonating-items to be actuated by the motor, program the onboard microcontroller from one of our pre-configured laptops, then go join the badge-orchestra!

If you still don’t haven’t yet, go get your tickets to Hackaday Europe. We’ll be announcing a keynote speaker next week, and then we’ll see you all in Berlin!

hackaday.com/2025/02/26/hackad…

Holography is about capturing 3D data from a scene, and being able to reconstruct that scene — preferably in high fidelity. Holography is not a new idea, but engaging in it is not exactly a point-and-shoot affair. One needs coherent light for a start, and it generally only gets touchier from there. But now researchers describe a new kind of holographic camera that can capture a scene better and faster than ever. How much better? The camera goes from scene capture to reconstructed output in under 30 milliseconds, and does it using plain old incoherent light.
The camera and liquid lens is tiny. Together with the computation back end, they can make a holographic capture of a scene in under 30 milliseconds.
The new camera is a two-part affair: acquisition, and calculation. Acquisition consists of a camera with a custom electrically-driven liquid lens design that captures a focal stack of a scene within 15 ms. The back end is a deep learning neural network system (FS-Net) which accepts the camera data and computes a high-fidelity RGB hologram of the scene in about 13 ms. How good are the results? They beat other methods, and reconstruction of the scene using the data looks really, really good.

One might wonder what makes this different from, say, a 3D scene captured by a stereoscopic camera, or with an RGB depth camera (like the now-discontinued Intel RealSense). Those methods capture 2D imagery from a single perspective, combined with depth data to give an understanding of a scene’s physical layout.

Holography by contrast captures a scene’s wavefront information, which is to say it captures not just where light is coming from, but how it bends and interferes. This information can be used to optically reconstruct a scene in a way data from other sources cannot; for example allowing one to shift perspective and focus.

Being able to capture holographic data in such a way significantly lowers the bar for development and experimentation in holography — something that’s traditionally been tricky to pull off for the home gamer.

hackaday.com/2025/02/26/new-ca…

Analisti Sentinel LABS hanno scoperto una fuga di dati della società di sicurezza cinese TopSec che rivela dettagli su come i sistemi di monitoraggio dei contenuti web vengono utilizzati per censurare gli interessi sia del governo che di clienti privati.

I documenti dimostrano che la TopSec forniva servizi specialistici a un’impresa statale quando il suo leader fu indagato per corruzione. Ciò conferma la stretta collaborazione tra le autorità cinesi e le società private di sicurezza informatica nella gestione delle crisi informatiche.

La fuga di notizie contiene oltre 7.000 righe di log e codice utilizzati per configurare l’infrastruttura DevOps e i servizi ai clienti. Sono stati trovati script che collegano a domini del governo cinese, istituzioni accademiche e siti di notizie. Ciò indica il possibile utilizzo di TopSec nel sistema di controllo di Internet in Cina.

I documenti menzionano i clienti di TopSec, tra cui la Commissione di ispezione disciplinare di Shanghai, l’Ufficio petizioni del distretto di Gucheng e l’Illegal Information Suppression Center. Sono stati rinvenuti anche documenti relativi alla collaborazione con il Ministero della Pubblica Sicurezza per progetti di monitoraggio a Shanghai e Dandong.

I documenti rivelano anche l’uso del sistema Sparta per identificare le parole “sensibili” da censurare. Se vengono rilevate tali espressioni, vengono inviati segnali di allarme alle chat aziendali di WeChat. Ciò dimostra quanto profondamente TopSec sia integrato nei meccanismi di censura statale di Internet.

È interessante notare che il giorno delle segnalazioni di contenuti sospetti, WeChat ha annunciato un’indagine sul capo della Commissione per la gestione dei beni statali di Shanghai, Bai Tinghui. La notizia venne presto confermata dalle autorità e il suo nome scomparve rapidamente dalla maggior parte delle fonti ufficiali.

Fondata nel 1995, TopSec è specializzata in monitoraggio, sicurezza IT e servizi cloud. L’azienda possiede più di 1.000 brevetti, 87 copyright di software e 12 filiali. TopSec fornisce inoltre alle autorità del Paese vulnerabilità da sfruttare a fini di intelligence civile. Secondo il rapporto annuale dell’azienda, i servizi cloud di TopSec coprono tutte le 31 regioni amministrative del Paese.

Gli esperti sottolineano che, sebbene la cooperazione in materia di sicurezza informatica sia la norma in molti Paesi, il modello cinese prevede un’integrazione molto più profonda. Questo caso evidenzia l’importanza di controllare la registrazione e la gestione delle credenziali nella propria infrastruttura per evitare fughe di dati sensibili.

L'articolo Leak esplosivo: ecco come la Cina censura e sorveglia il web! proviene da il blog della sicurezza informatica.

Google ha lanciato una nuova versione gratuita del suo strumento di assistenza e completamento del codice basato sull’intelligenza artificiale, Gemini Code Assist for Individuals.

Allo stesso tempo, la società ha presentato Assistenza Gemini Code per GitHub — un sistema di analisi automatizzata del codice che identifica gli errori e suggerisce soluzioni direttamente su GitHub.

Gemini Code Assist for Individuals consente agli sviluppatori di interagire con l’intelligenza artificiale tramite chat utilizzando il linguaggio naturale. Lo strumento può correggere errori, integrare il codice e spiegare argomenti complessi. Si basa su una versione speciale del modello Gemini 2.0, ottimizzata per la programmazione. È supportata l’integrazione con VS Code e JetBrains tramite plugin, nonché il funzionamento con diversi linguaggi di programmazione.

Uno dei principali vantaggi dello strumento è il suo generoso limite di utilizzo:

• 180.000 completamenti di codice al mese, ovvero 90 volte in più rispetto al piano gratuito di GitHub Copilot (2.000 completamenti).
• 240 richieste di chat al giorno, ovvero quasi 5 volte il limite di GitHub Copilot.

La finestra di contesto del modello è di 128.000 token, ovvero più di 4 volte maggiore rispetto alle capacità dei concorrenti. Ciò consente all’intelligenza artificiale di analizzare grandi quantità di codice in un’unica query.

Per chi volesse testare il nuovo strumento, il 20 febbraio Google ha reso disponibile l’accesso gratuito al pubblico.

Gemini Code Assist per GitHub, a sua volta, analizza automaticamente le richieste pull, identificando gli errori e suggerendo miglioramenti. Questa mossa dimostra l’aggressiva strategia di Google di competere con Microsoft e GitHub nel settore degli strumenti per sviluppatori.

Sette mesi fa, Google ha incaricato Ryan Salva, che in precedenza aveva guidato il team GitHub Copilot, di occuparsi degli strumenti di intelligenza artificiale per gli sviluppatori. La strategia dell’azienda, ha affermato, è quella di attrarre sviluppatori all’inizio della loro carriera offrendo gratuitamente uno strumento potente, per poi promuoverli verso piani aziendali.

Da un anno Google offre una versione business di Gemini Code Assist, con funzionalità aggiuntive come revisione contabile registri, integrazione con Google Cloud e supporto per repository privati.

L'articolo Google lancia Gemini Code Assist, l’AI per i programmatori proviene da il blog della sicurezza informatica.

Gli esperti di sicurezza hanno collegato il gruppo di hacker nordcoreano Lazarus al furto di quasi 1,5 miliardi di dollari dall’exchange di criptovalute Bybit. Nel frattempo, la società ha annunciato una ricompensa pari al 10% dei fondi rubati (circa 140 milioni di dollari) per qualsiasi informazione che aiuterà a restituire i fondi rubati.

Il furto di 1,5 milardi di dollari in criptovaluta

Ricordiamo che alla fine della scorsa settimana, degli aggressori hanno rubato criptovalute per un valore di oltre 1,46 miliardi di dollari da Bybit, prelevando fondi dall’exchange. L’attacco è stato il più grande attacco hacker di criptovaluta della storia, più che raddoppiando il record precedente.

“Il 21 febbraio 2025, alle ore 12:30 UTC circa, Bybit ha rilevato un’attività non autorizzata in uno dei nostri cold wallet Ethereum (ETH) durante un normale processo di trasferimento. Il trasferimento faceva parte di uno spostamento pianificato di ETH dal nostro portafoglio multisig ETH verso un altro portafoglio” ha affermato Bybit in un rapporto sull’attacco . — Sfortunatamente, la transazione è stata manipolata utilizzando un attacco sofisticato che ha modificato la logica dello smart contract e l’interfaccia della firma, consentendo all’aggressore di ottenere il controllo del cold wallet ETH. Di conseguenza, più di 400.000 ETH e stETH per un valore di oltre 1,5 miliardi di dollari sono stati trasferiti a un indirizzo sconosciuto”.

È opportuno sottolineare che gli esperti di Check Point ritengono che gli aggressori abbiano identificato i responsabili dell’approvazione delle transazioni multisig e poi abbiano hackerato i loro dispositivi utilizzando malware, phishing o un attacco alla supply chain. Ricordiamo che Multisig è una funzionalità di sicurezza che richiede più chiavi per autorizzare una transazione di criptovalute. I portafogli Multi-Sig mirano a fornire una protezione migliorata, in particolare per le aziende o i gruppi che hanno bisogno di salvaguardare i loro asset digitali.

Il CEO di Bybit Ben Zhou ha dichiarato che Bybit è solvibile e sarà in grado di coprire tutte le perdite.

Il coinvolgimento degli hacker nord coreani di Lazarus

Poco dopo l’attacco, l’analista blockchain ZachXBT, che per primo ha scoperto l’incidente, ha riferito che probabilmente dietro l’attacco c’era il gruppo di hacker nordcoreano Lazarus.

Il fatto è che gli aggressori hanno inviato i fondi rubati da Bybit a un indirizzo Ethereum che era già apparso in precedenza negli attacchi a Phemex, BingX e Poloniex.

Il ricercatore ha inoltre affermato che Lazarus ricicla gli ETH rubati utilizzando il mixer eXch e trasferisce i fondi in Bitcoin tramite Chainflip. Le scoperte di ZachXBT sono confermate dagli esperti di TRM Labs , che scrivono anche che dietro l’attacco informatico a Bybit ci sono degli hacker nordcoreani.

Anche gli analisti blockchain di Elliptic attribuiscono questo attacco a Lazarus e notano che i fondi rubati sono già passati attraverso un gran numero di wallet e in questo modo gli hacker stanno cercando di nascondere la vera origine dei beni, rallentando i tentativi di rintracciarli.

“Un particolare exchanger, eXch, sembra aver consapevolmente riciclato decine di milioni di dollari in fondi rubati nonostante gli appelli di Bybit a fermarlo”, ha affermato Elliptic. — I fondi rubati vengono convertiti principalmente in bitcoin. Se i precedenti schemi di riciclaggio di denaro dovessero ripetersi questa volta, possiamo aspettarci che vengano utilizzati mixer di Bitcoin per coprirne le tracce.”

Riciclaggio internazionale e ricompensa per i fondi rubati

Allo stesso tempo, eXch nega tutte le accuse di riciclaggio intenzionale di fondi rubati a Bybit, affermando che “eXch non ricicla denaro per Lazarus e la Corea del Nord”. A quanto pare, solo una piccola parte dei fondi rubati da Bybit è stata ricevuta da eXch, si è trattato di un incidente isolato e la commissione derivante da questa operazione sarà devoluta in beneficenza.

Nel frattempo, i rappresentanti di Bybit hanno annunciato il lancio di un programma di ricompensa che dovrebbe aiutare a restituire i fondi rubati e a identificare gli hacker dietro questo attacco. Bybit ha promesso di pagare il 10% dei fondi recuperati (fino a 140 milioni di dollari) agli esperti di sicurezza che “svolgono un ruolo attivo nella restituzione delle criptovalute rubate”.

L'articolo Lazarus ruba 1,5 miliardi in crypto: Bybit offre 140 milioni per ritrovarli! proviene da il blog della sicurezza informatica.

Le forze dell’ordine svedesi stanno facendo pressioni per una legge che obblighi le app di messaggistica Signal e WhatsApp a creare backdoor tecniche per consentire l’accesso ai messaggi crittografati. Questo è quanto riportato sull’edizione svedese SVT Nyheter.

Meredith Whittaker, presidente della Signal Foundation, ha affermato che l’azienda abbandonerebbe il mercato svedese se tale legge entrasse in vigore. Whittaker ha sottolineato che la creazione di una backdoor indebolirebbe la sicurezza dell’intera rete Signal.

Se il disegno di legge verrà approvato, il parlamento svedese lo esaminerà l’anno prossimo. Tale disegno stabilisce che i messenger sono tenuti a conservare i messaggi e a fornire, su richiesta, alla polizia e al Servizio di sicurezza svedese la cronologia della corrispondenza dei sospettati di reato.

Il Ministero della Giustizia svedese ritiene che l’accesso ai dati sia estremamente importante per il lavoro delle forze dell’ordine. L’iniziativa ha però incontrato l‘opposizione delle forze armate del Paese, che utilizzano attivamente Signal per impedire la sorveglianza.

L’esercito avverte che la presenza di una backdoor potrebbe creare vulnerabilità sfruttabili dagli aggressori. WhatsApp e Signal non hanno rilasciato dichiarazioni ufficiali in merito al possibile disegno di legge.

Nel Regno Unito, il governo ha recentemente richiesto da Apple di fornire l’accesso ai backup crittografati di iCloud. In risposta, l’azienda ha rifiutato l’opzione di crittografia end-to-end per gli utenti del Regno Unito.

L'articolo La Svezia chiede l’accesso Backdoor a Signal e WhatsApp! Signal pronta a lasciare il mercato proviene da il blog della sicurezza informatica.

Gli hacker di NoName057(16) continuano anche oggi le loro attività ostili contro diversi obiettivi italiani, attraverso attacchi di Distributed Denial-of-Service (DDoS).

A farne le spese oggi sono il Comune di Milano, il Consiglio regionale della Valle d’Aosta, la Regione Abruzzo, la Regione Basilicata e il Comune di potenza. Questo è quanto gli hacktivisti hanno scritto poco fa sul loro canale Telegram.
Inviati Missili DDoS ai siti web di regioni e comuni italiani

❌Progetti e iniziative del Comune di Milano
check-host.net/check-report/236fc2d7k54f

❌Consiglio regionale della Valle d'Aosta
check-host.net/check-report/236fc31ck4a0

Regione Abruzzo
check-host.net/check-report/236fea4bkda1

Regione Basilicata
check-host.net/check-report/236fc35ek38e

❌Comune di Potenza
check-host.net/check-report/236fc633k712

Tradotto con DeepL.com (versione gratuita)
NoName057(16) è un gruppo di hacker che si è dichiarato a marzo del 2022 a supporto della Federazione Russa. Hanno rivendicato la responsabilità di attacchi informatici a paesi come l’Ucraina, gli Stati Uniti e altri vari paesi europei. Questi attacchi vengono in genere eseguiti su agenzie governative, media e siti Web di società private

Che cos’è un attacco Distributed Denial of Service

Un attacco DDoS (Distributed Denial of Service) è un tipo di attacco informatico in cui vengono inviate una grande quantità di richieste a un server o a un sito web da molte macchine diverse contemporaneamente, al fine di sovraccaricare le risorse del server e renderlo inaccessibile ai suoi utenti legittimi.

Queste richieste possono essere inviate da un grande numero di dispositivi infetti da malware e controllati da un’organizzazione criminale, da una rete di computer compromessi chiamata botnet, o da altre fonti di traffico non legittime. L’obiettivo di un attacco DDoS è spesso quello di interrompere le attività online di un’organizzazione o di un’azienda, o di costringerla a pagare un riscatto per ripristinare l’accesso ai propri servizi online.

Gli attacchi DDoS possono causare danni significativi alle attività online di un’organizzazione, inclusi tempi di inattività prolungati, perdita di dati e danni reputazionali. Per proteggersi da questi attacchi, le organizzazioni possono adottare misure di sicurezza come la limitazione del traffico di rete proveniente da fonti sospette, l’utilizzo di servizi di protezione contro gli attacchi DDoS o la progettazione di sistemi resistenti agli attacchi DDoS.

Occorre precisare che gli attacchi di tipo DDoS, seppur provocano un disservizio temporaneo ai sistemi, non hanno impatti sulla Riservatezza e Integrità dei dati, ma solo sulla loro disponibilità. pertanto una volta concluso l’attacco DDoS, il sito riprende a funzionare esattamente come prima.

Che cos’è l’hacktivismo cibernetico

L’hacktivismo cibernetico è un movimento che si serve delle tecniche di hacking informatico per promuovere un messaggio politico o sociale. Gli hacktivisti usano le loro abilità informatiche per svolgere azioni online come l’accesso non autorizzato a siti web o a reti informatiche, la diffusione di informazioni riservate o il blocco dei servizi online di una determinata organizzazione.

L’obiettivo dell’hacktivismo cibernetico è di sensibilizzare l’opinione pubblica su questioni importanti come la libertà di espressione, la privacy, la libertà di accesso all’informazione o la lotta contro la censura online. Gli hacktivisti possono appartenere a gruppi organizzati o agire individualmente, ma in entrambi i casi utilizzano le loro competenze informatiche per creare un impatto sociale e politico.

È importante sottolineare che l’hacktivismo cibernetico non deve essere confuso con il cybercrime, ovvero la pratica di utilizzare le tecniche di hacking per scopi illeciti come il furto di dati personali o finanziari. Mentre il cybercrime è illegale, l’hacktivismo cibernetico può essere considerato legittimo se mira a portare all’attenzione pubblica questioni importanti e a favorire il dibattito democratico. Tuttavia, le azioni degli hacktivisti possono avere conseguenze legali e gli hacktivisti possono essere perseguiti per le loro azioni.

Chi sono gli hacktivisti di NoName057(16)

NoName057(16) è un gruppo di hacker che si è dichiarato a marzo del 2022 a supporto della Federazione Russa. Hanno rivendicato la responsabilità di attacchi informatici a paesi come l’Ucraina, gli Stati Uniti e altri vari paesi europei. Questi attacchi vengono in genere eseguiti su agenzie governative, media e siti Web di società private

Le informazioni sugli attacchi effettuati da NoName057(16) sono pubblicate nell’omonimo canale di messaggistica di Telegram. Secondo i media ucraini, il gruppo è anche coinvolto nell’invio di lettere di minaccia ai giornalisti ucraini. Gli hacker hanno guadagnato la loro popolarità durante una serie di massicci attacchi DDOS sui siti web lituani.

Le tecniche di attacco DDoS utilizzate dal gruppo sono miste, prediligendo la “Slow http attack”.

La tecnica del “Slow Http Attack”

L’attacco “Slow HTTP Attack” (l’articolo completo a questo link) è un tipo di attacco informatico che sfrutta una vulnerabilità dei server web. In questo tipo di attacco, l’attaccante invia molte richieste HTTP incomplete al server bersaglio, con lo scopo di tenere occupate le connessioni al server per un periodo prolungato e impedire l’accesso ai legittimi utenti del sito.

Nello specifico, l’attacco Slow HTTP sfrutta la modalità di funzionamento del protocollo HTTP, che prevede che una richiesta HTTP sia composta da tre parti: la richiesta, la risposta e il corpo del messaggio. L’attaccante invia molte richieste HTTP incomplete, in cui il corpo del messaggio viene inviato in modo molto lento o in modo incompleto, bloccando la connessione e impedendo al server di liberare le risorse necessarie per servire altre richieste.

Questo tipo di attacco è particolarmente difficile da rilevare e mitigare, poiché le richieste sembrano legittime, ma richiedono un tempo eccessivo per essere elaborate dal server. Gli attacchi Slow HTTP possono causare tempi di risposta molto lenti o tempi di inattività del server, rendendo impossibile l’accesso ai servizi online ospitati su quel sistema.

Per proteggersi da questi attacchi, le organizzazioni possono implementare soluzioni di sicurezza come l’uso di firewall applicativi (web application firewall o WAF), la limitazione delle connessioni al server e l’utilizzo di sistemi di rilevamento e mitigazione degli attacchi DDoS

L'articolo Dieci Giorni di DDoS! NoName057(16) colpisce il Comune di Milano e la Regione Abruzzo proviene da il blog della sicurezza informatica.

Una vulnerabilità critica legata all’esecuzione di codice remoto (RCE), CVE-2023-20118, che colpisce i router Cisco Small Business, è diventata una nuova arma per i criminali informatici che distribuiscono webshell e payload backdoor avanzati. La vulnerabilità, causata da una convalida errata degli input nell’interfaccia di gestione basata sul Web dei router, consente ad aggressori non autenticati di eseguire comandi arbitrari inviando richieste HTTP appositamente predisposte.

Questa falla è stata sfruttata attivamente dalla fine di gennaio 2025, come osservato dal team Threat Detection & Research (TDR) di Sekoia.io. Tra il 22 e il 31 gennaio 2025, alcuni aggressori hanno sfruttato questa vulnerabilità per distribuire una webshell sui router Cisco presi di mira.

L’attacco è iniziato con comandi di ricognizione per confermare la presenza della webshell. In caso di assenza, gli aggressori la distribuivano incorporando payload dannosi nelle richieste HTTP. La webshell è stata codificata in Base64 e compressa tramite gzip prima di essere inserita nello script di autenticazione del router per garantirne la persistenza.

Per l’esecuzione dei comandi, la webshell distribuita richiedeva una chiave di autenticazione nelle intestazioni HTTP. Questo meccanismo ha consentito agli aggressori di mantenere il controllo sui dispositivi compromessi, riducendo al contempo l’esposizione al rilevamento. Ma l’analisi suggerisce che la webshell serviva principalmente come meccanismo di distribuzione di malware di seconda fase, poiché durante le scansioni sono stati identificati solo quattro router infetti.

Gli aggressori hanno coordinato attacchi simultanei da più indirizzi IP, il che è indicativo di attività botnet. Questi attacchi comportavano il download e l’esecuzione di uno script shell denominato “q” tramite FTP. Lo script installava un payload backdoor TLS cipher_log noto per l’architettura MIPS64.

Questa backdoor stabiliva canali di comunicazione criptati con server di comando e controllo (C2) e includeva meccanismi di persistenza e auto-occultamento. La botnet PolarEdge, così chiamata dai ricercatori per l’utilizzo dei certificati PolarSSL (ora Mbed TLS), ha infettato oltre 2.000 dispositivi in ​​tutto il mondo.

Oltre ai router Cisco, il malware prende di mira anche i dispositivi Asus, QNAP e Synology, utilizzando tecniche simili.

L'articolo Router Cisco sotto attacco: una RCE critica sta distribuendo malware avanzato! proviene da il blog della sicurezza informatica.

Specialisti di SecurityScorecard loro segnalano , un’enorme botnet composta da oltre 130.000 dispositivi compromessi sta conducendo attacchi di password spraying sugli account Microsoft 365 in tutto il mondo. L’attacco prende di mira il meccanismo di autenticazione legacy Basic Authentication (Basic Auth), consentendo agli aggressori di aggirare l’autenticazione a più fattori (MFA).

I criminali informatici utilizzano credenziali rubate tramite un keylogger. L’attacco viene eseguito tramite tentativi di accesso non interattivi tramite Basic Auth, che consente agli aggressori di eludere il sistema di sicurezza.

Gli esperti avvertono che le organizzazioni che si affidano esclusivamente al monitoraggio degli accessi interattivi restano vulnerabili. L’accesso non interattivo, spesso utilizzato per connessioni di servizi e protocolli legacy (ad esempio POP, IMAP, SMTP), nella maggior parte dei casi non richiede la conferma MFA. Nonostante Microsoft abbia gradualmente eliminato Basic Auth, il metodo è ancora abilitato in alcuni ambienti aziendali, il che lo rende un bersaglio interessante per gli attacchi.
Porte utilizzate per il controllo delle botnet (SecurityScorecard)
Basic Auth viene utilizzato per attaccare con forza bruta gli account con password comunemente utilizzate (o trapelate). Se la password viene selezionata correttamente, l’MFA non viene attivato, il che consente agli hacker criminali di accedere al tuo account senza ulteriori conferme. Questo stesso meccanismo consente di aggirare i criteri di accesso condizionale, rendendo l’attacco praticamente invisibile.

Le credenziali compromesse possono consentire agli aggressori di accedere a servizi legacy che non supportano MFA o di utilizzare i dati per ulteriori attacchi di phishing allo scopo di impossessarsi completamente degli account. I segnali degli attacchi possono essere trovati nei log degli ID Entra. Tra i segnali rientrano un aumento dei tentativi di accesso non interattivi, molteplici tentativi di autorizzazione non riusciti da diversi indirizzi IP e la presenza dell’agente “fasthttp” nei log.

I ricercatori ipotizzano che la botnet possa essere collegata a gruppi provenienti dalla Cina, anche se non ci sono ancora informazioni definitive. L’attacco è scalabile distribuendo i tentativi di accesso su un numero enorme di indirizzi IP, rendendo la botnet difficile da rilevare e bloccare.

La botnet è controllata tramite 6 server C2 situati nell’infrastruttura del provider americano Shark Tech e il traffico passa attraverso gli hosting UCLOUD HK (Hong Kong) e CDS Global Cloud (Cina). I server C2 sono basati su Apache Zookeeper e Kafka e il fuso orario del sistema è impostato su Asia/Shanghai. I registri di uptime mostrano che la botnet è attiva da dicembre 2024.

L'articolo Microsoft 365 Sotto Attacco! Spraying Password sui sistemi legacy da Una Botnet di 130.000 Dispositivi proviene da il blog della sicurezza informatica.

Il settore delle telecomunicazioni è sempre più nel mirino dei cybercriminali, e l’ultimo attacco subito da Orange Group, uno dei principali operatori francesi, lo dimostra. Un hacker, noto come Rey, ha dichiarato di aver violato i sistemi dell’azienda, sottraendo migliaia di documenti contenenti dati di clienti e dipendenti.

L’attacco ha avuto conseguenze significative, con la pubblicazione online di informazioni sensibili dopo il rifiuto dell’azienda di pagare un riscatto. Orange ha confermato la violazione, dichiarando che ha riguardato una applicazione non critica, ma il volume dei dati esfiltrati solleva interrogativi sulla sicurezza informatica nel settore delle telecomunicazioni.

Attacco mirato ad un colosso delle telecomunicazioni

Orange Group è un attore chiave nel settore delle telecomunicazioni e dei servizi digitali, con una presenza globale che comprende oltre 280 milioni di clienti. Il gruppo opera in numerosi paesi e offre servizi di telefonia fissa, mobile, internet a banda larga e soluzioni aziendali, oltre a essere coinvolto nello sviluppo di infrastrutture digitali e nell’innovazione tecnologica.

Questa posizione di rilievo lo rende un obiettivo particolarmente appetibile per i criminali informatici, dato il valore dei dati trattati: informazioni personali, contratti, credenziali di accesso e persino dati finanziari. L’attacco subito da Orange Romania, una delle divisioni più importanti del gruppo, dimostra come gli hacker prendano di mira nodi strategici delle infrastrutture aziendali.

Telecomunicazioni nel mirino: perché le aziende del settore sono bersagli strategici?

Le aziende di telecomunicazioni gestiscono enormi quantità di dati sensibili, inclusi i dettagli delle comunicazioni dei clienti, informazioni di fatturazione e credenziali di accesso ai servizi. Questi dati rappresentano una risorsa preziosa per i cybercriminali, che possono sfruttarli per:

• Attacchi di phishing e frodi finanziarie, utilizzando gli indirizzi email e i dati personali sottratti
• Accesso non autorizzato ai sistemi aziendali, se le credenziali compromesse non vengono aggiornate
• Spionaggio industriale e vendita di dati a terze parti

Inoltre, un attacco a un operatore di telecomunicazioni può avere conseguenze su milioni di utenti, mettendo a rischio la loro privacy e la sicurezza delle loro comunicazioni.

Attualmente, non possiamo confermare l’autenticità della notizia, poiché l’organizzazione non ha ancora pubblicato un comunicato ufficiale sul proprio sito web in merito all’incidente. Le informazioni riportate provengono da fonti pubbliche accessibili su siti underground, pertanto vanno interpretate come una fonte di intelligence e non come una conferma definitiva.

Secondo quanto riportato dallo stesso hacker su un noto forum del dark web, Orange Group sarebbe stata contattata per il pagamento di un riscatto, ma la società avrebbe rifiutato di negoziare. A seguito di questo rifiuto, Rey ha deciso di rendere pubblici i dati sottratti, pubblicando un annuncio corredato di link per il download.

L’attacco è stato confermato da Orange, che ha dichiarato che la violazione ha coinvolto una applicazione non critica. Tuttavia, la quantità e la natura dei dati compromessi destano preoccupazioni.

Oltre 600.000 record esposti

Rey sostiene di aver avuto accesso ai sistemi di Orange per oltre un mese prima di avviare l’estrazione dei dati, operazione che sarebbe durata circa tre ore senza essere rilevata. Secondo l’hacker, il breach include:

• 380.000 email uniche appartenenti a clienti, ex dipendenti, partner e collaboratori di Orange Romania
• Dati di clienti e dipendenti, inclusi dettagli personali e contrattuali
• Codici sorgente di software interni
• Documenti riservati, come fatture, contratti e piani progettuali
• Informazioni parziali sulle carte di pagamento di alcuni clienti rumeni
• Nomi e indirizzi email degli utenti del servizio Yoxo, l’abbonamento senza vincoli di Orange

L’hacker ha dichiarato di aver sfruttato una combinazione di credenziali compromesse e vulnerabilità nei sistemi di Orange, in particolare all’interno di Jira, un software utilizzato dall’azienda per la gestione di bug e ticket interni.

Rey ha inoltre precisato che l’attacco non è stato eseguito nell’ambito di un’operazione ransomware del gruppo HellCat, di cui fa parte, ma come azione indipendente.

L’intrusione ha permesso all’hacker di infiltrarsi nei sistemi della compagnia senza essere rilevato e di esfiltrare un totale di circa 6,92GB di dati distribuiti su 12.000 file.

La risposta di Orange e le implicazioni sulla sicurezza

Orange Group ha confermato la violazione e ha dichiarato di aver avviato un’indagine interna per valutare l’entità dell’incidente e mitigare i danni.

“Abbiamo preso immediatamente provvedimenti e la nostra priorità rimane proteggere i dati e gli interessi di dipendenti, clienti e partner. L’attacco ha colpito un’applicazione di back-office non critica e non ha avuto impatti sui servizi rivolti ai clienti”, ha dichiarato un portavoce dell’azienda.

Il caso solleva però gravi preoccupazioni sulla sicurezza informatica. L’uso di credenziali compromesse e falle in software interni dimostra la necessità per le aziende di implementare autenticazione multi-fattore per ridurre il rischio di accesso non autorizzato ed effettuare controlli di sicurezza regolari per individuare e correggere vulnerabilità.

Orange non ha ancora chiarito se informerà i clienti e i dipendenti coinvolti nella violazione, ma è bene a chiunque potrebbe essere potenzialmente interessato di fare attenzione a possibili tentativi di phishing o frodi.

Conclusioni: un segnale di allarme per l’intero settore

La violazione subita da Orange Group è solo l’ennesimo esempio di attacchi informatici rivolti ad aziende di telecomunicazioni. La capacità degli hacker di rimanere nei sistemi aziendali per settimane senza essere scoperti dimostra l’urgenza di strategie di difesa più avanzate.

Questo episodio dimostra l’importanza di adottare strategie di cybersecurity proattive, migliorando la protezione delle credenziali, rafforzando i controlli di sicurezza e investendo in soluzioni per la rilevazione tempestiva delle minacce.

Mentre Orange lavora per contenere i danni e proteggere i propri clienti, la violazione rappresenta un chiaro monito per tutte le aziende del settore: nel mondo digitale di oggi, la sicurezza informatica non è più un’opzione, ma una necessità fondamentale.

RHC monitorerà l’evoluzione della vicenda in modo da pubblicare ulteriori news sul blog, qualora ci fossero novità sostanziali. Qualora ci siano persone informate sui fatti che volessero fornire informazioni in modo anonimo possono utilizzare la mail crittografata del whistleblower.

L'articolo Orange Group colpita dal Threat Actors Rey : dati sensibili di clienti e dipendenti esposti proviene da il blog della sicurezza informatica.