April 15th is generally a good day for most Sri Lankans: post Avurudu, we’re usually working off the kiribath and lazily wondering whether to check the office mail or not. As it turns out, some people had other things to do.
On the 15th and the following day, Anonymous hackers launched #OpSrILanka – a kind-of-global hack on a number of government and industrial websites in Sri Lanka in a vendetta against supposed Tamil genocide. Judging by the data trail, teams Anon Ghost, Indian Haxors Team, Indian Cyber Rakshak, RedCult (Lebanon), Muslim Cyber Corporation (Indonesia), Pakistan Haxors Crew, Ip Sova Crew(Malaysia), Indonesian Red Code Team, Elite Cyber Army (Philippines), Afghan Cyber Army, Indian Cyber Devils, Sec~Team-7 and Sec_dark took part in the operation. A number of individual hackers are also creidted as being part of the operation. Shadowforce, which seems to be the net manager of the Op, may be a team or an individual – we’ve yet to find out.
These attacks are seen as a way of raising awareness against the Sri Lankan government. They’re a bit late to the party, given that the war ended in 2009. That apparently didn’t stop them from hitting a lot of top-level websites, like nic.lk, gov.lk and quite a few websites belonging to corporations around Sri Lanka. AnonGhost, the Afghan Cyber Army and the Indian Haxors seem to be particularly active. Based on their publications, they’ve tried to attack almost 130 sites. Initially they seem to have tried to deface the sites, but failing that, they’ve tried to DDOS (Distributed Denial of Service) them.
Sri Lanka’s primary infrastructure seems to have stood up remarkably well to this. While a few sites were defaced, sporting hacker slogans from the various teams involved, some seem to have completely shrugged off the attack (hats off to you, network admins). It looks like the hackers expected most site maintenance staff to be offline for the Sinhala and Tamil New Year, but based on the rapid recovery we’ve been seeing over the past 30-odd hours, relatively little damage has actually been done. As of the time of writing, most of the sites that blinked at the time the attack are also back up and running.
Here’s a list of the 129 sites the hackers targeted. Note that at the time of writing, all the government sites and most of the better-maintained sites seem to be operational: