Can a couple of cyberpunks who can bring down entire nations with nothing more than laptops and an internet connection?

It sounds like something straight out of a sci-fi flick, but that’s exactly what two Sudanese brothers have been accused of doing. Federal prosecutors in the United States charged Ahmed Salah Yousif Omer and his brother, Alaa Salah Yusuuf Omer, with orchestrating one of the most prolific cyberattack-for-hire operations in history.

Their small group, Anonymous Sudan, was behind an astonishing 35,000 denial-of-service attacks in a single year. Like, they successfully knocked offline the websites of major corporations like Microsoft, OpenAI, and PayPal, among others. This wasn’t just some mischievous group of hackers causing havoc for fun. The prosecutors said their attacks had the power to cripple infrastructure, and they targeted hospitals, government agencies, and even military warning systems.

The brothers, along with three unnamed accomplices, allegedly ran Anonymous Sudan with about 80,000 subscribers on their Telegram channel. From January 2023 onwards, they took down key websites for a modest fee of around $600. Just think! For such a small price, anyone could hire them to disrupt the operations of massive organisations and institutions. Their motives? A potent mix of nationalist ideology and financial gain, according to Martin Estrada, U.S. Attorney for the Los Angeles region. He pointed out that what made this group stand out was their intense ideological drive, which seemed to overshadow their desire for profit.

What makes this case even more mind-boggling is that the brothers allegedly pulled this off from their war-torn home country of Sudan, a nation deeply affected by civil war and famine. A small group, operating from a country in crisis, could take down the sites of tech giants like Microsoft, FBI, and even a critical hospital in the U.S.! This is a stark reminder of the vulnerability of the digital world. Anonymous Sudan attacks went as far as disrupting Israel’s Red Alert system, a crucial early warning network for incoming rocket fire, during the Hamas invasion in 2023.

Anonymous Sudan didn’t just limit themselves to targeting American companies. They also launched attacks against government websites in several countries, including Dubai, Bahrain, Chad, and the United States. For a time, the group even claimed to be working with Killnet, a notorious Russian hacktivist group known for its attacks against Ukraine. While some researchers believed that Anonymous Sudan might have had Russian backing, or were a front for Russian intelligence, no evidence has surfaced to support this theory.

Despite their international reach, it appears the Omer brothers and their small team managed all this on their own. Investigators have found no evidence of external support from any governments or intelligence agencies. This makes their achievements – if you can call them that – even more terrifying. They were a small, highly skilled team of cyberpunks working independently, and yet they had the power to bring down systems that many nations rely on.

Their method? Ingenious but sinister. They defrauded cloud services and hosting providers, rotating through accounts so quickly that they often didn’t get caught until it was too late. They leveraged these cloud networks and boosted internet traffic through relay points, which made it look like the attacks were originating from elsewhere. Then they unleashed what’s called a Layer 7 denial-of-service attack, which essentially overwhelms the applications on a site until it becomes unusable. This level of technical skill is not common among cybercriminals, which is what made Anonymous Sudan such a threat.

Many criminal groups that offer denial-of-service attacks are merely an inconvenience. Anonymous Sudan’s actions crossed a line. Their attack on Cedars-Sinai Medical Center in Los Angeles caused the hospital’s patient portal to crash, forcing ambulances to be redirected to other facilities. Prosecutors have charged the brothers with impairing computers and knowingly causing a situation that could result in serious bodily harm or even death.

The financial damage to companies like Microsoft, PayPal, and others ran into the millions. But more than the monetary cost, the real fear lies in the impact these attacks could have had on people’s lives. In the wrong hands, these skills could have caused far worse outcomes.

Now, the brothers are in custody, awaiting what could be a life sentence if convicted. The programs and computers they used have been seized, and since their arrest, there have been no further attacks from Anonymous Sudan’s network.

This case points to the power a handful of people can wield in the digital age. We often think of cyber warfare as something fought between governments, but the hot news is that a few highly skilled individuals with the right resources can have just as much impact.

The question is, what can be done to stop the next group of cyberpunks from doing the same?

  Anonymous Sudan, Israel, naked truth, United States