XR Money Rebellion Planning Movement Vs Banks, Financial Institutions

XR Money Rebellion Planning Movement Vs Banks, Financial Institutions

background

Extinction Rebellion (XR) is a London-based environmental group aiming at disruptive and nonviolent civil resistance. Launching their first public campaign in October 2018, XR centers their motives on resisting structures that dismiss climate change and degradation of natural resources[1]. XR has been notable in eliciting mass arrest, a Ghandian tactic that garnered them press coverage, funding, and attention from government agencies and policy bodies. (Wilson E. , 2019). Although their sphere of influence has increased over the years in the UK and Western Europe, their influence is yet to grow in US and APAC. Political commentators have associated them with the words “anarchism”, “eco-socialism” and “radical anti-capitalist environmentalism.” (Wilson & Walton, 2019).

Sources cite individuals like Roger Hallam, Gail Bradbrook, and Simon Bramwell as the pioneer founders, among other activists from these earlier movements. Cyberint has identified Andrew Medhurst as Finance Lead for the UK chapter, and Michael Staindl as one of the prominent characters of the Australia chapter.

Earlier this month, XR announced that on April 1, 2021, they will launch a “Global Money Rebellion Wave”, shortened to “XR Money Rebellion”.

XR Money Rebellion Planning Movement Vs Banks, Financial Institutions_1

Figure 1 XR Money Rebellion tweeted an announcement of their movement on March 8

They outlined the following goals:

  1. Financial civil disobedience — debt and tax strikes; or threatening to conduct these actions.
  2. Digital Rebellion — simple actions organized online, such as phoneline jamming or mass targeting campaigns of a single institution. They did not expound on the nature of such “mass targeting campaigns”.
  3. Street protest (small action groups and mass  mobilizations) — defacement actions include leafleting, branch occupations and disruptions, washable graffiti and/or fake oil(Money Rebellion, 2021). In their encrypted document, where they specify that they plan to pour fake oil around and inside buildings, as well as into cash machines. (Money Rebellion, 2021)

A shared document of their manifesto is available on CryptPad, where their demands from governments, banks, and other political, economic, and financial institutions to take the following actions:

  1. Tell the truth about our global economic system, which creates staggering inequity, distorts priorities, and causes harm. Financial institutions must fully disclose the social, climate, and ecological impacts of funding, so it is clear who is paying the true cost.
  2. Act now to stop financing death, destruction, and social collapse. Start repairing damage and make the necessary investments to prepare for the climate, ecological and health crises.
  3. Champion XR Citizens’ Assemblies at all key levels, including global, with legally-binding mandates to design a fair and just economy in service to all people and life on earth.” (Money Rebellion, 2021)

Cyberint’s take

Cyberint found no explicit chatter on the open web, deep web, and dark web regarding high-sophistication cyber-attacks related to XR Money Rebellion. However, Cyberint detected blogs comparing their narratives on debt, tax, and finance to “fsociety”, the anarchist group in the hacking TV series Mr. Robot aiming at erasing global debt.

Cyberint assesses this movement may be sentimentalized by threat actors, seeking to maximize XR’s influence to garner interest and divert public attention to parallel anarchist/hacktivist operations.

Cyberint identified and are monitoring the following digital platforms related to XR Money Rebellion:

More similar digital footprints were identified by Cyberint, including XR’s geographical sub-groups, referenced in the Appendix.

One of the earlier campaigns of XR Money Rebellion is Sharklays, a high-profile brand defacement against UK bank Barclays launched in June-July 2020, motivated by the fact that they are allegedly a top global financer of climate devastation. An independent website was setup, accessible on sharklays.co.uk, meant to take a stab at Barclays’ original website, emulating its brand colors and replacing its eagle logo with two adjacent sharks in ode to the climate narrative.

XR Money Rebellion Planning Movement Vs Banks, Financial Institutions_2

Figure 2 A screenshot of the website Sharklays, a wordplay on Barclays

Its domain registration information is obfuscated. A quick OSINT check reveals that sharklays.co.uk ranks high for malicious elements, possibly due to its A Record, 45.58.143.2, being associated with bad-reputation URLs, and communicating with malicious files, including Word documents infected with Emotet, a banking trojan. Cyberint identified potential IOCs, cited in the Appendix.

The above-mentioned IP is a direct-allocation IP, belonging to Sharktech, a small internet provider in Nevada, US with around 25 employees.

XR Money Rebellion Planning Movement Vs Banks, Financial Institutions_3

Figure 3 Third party OSINT tool ranks sharklays.co.uk with a score of 89 and a threat profile related to phishing.

The Sharklays campaign also has a Twitter account, @sharklays, with 209 followers.

XR Money Rebellion Planning Movement Vs Banks, Financial Institutions_4

RECOMMENDATIONS

Prepare for hacktivist-type attacks.

  • Harden physical security mechanisms of cash machines; monitor for vandalism and physical damage (fake oil).
  • Employ anti-DDOS best practices, such as monitoring suspicious communicating IPs, and restructuring servers in different data centers to minimize or avoid service interruption, i.e. avoid single point of failure.
  • Harden and monitor firewalls.
  • Keep software up-to-date and patch vulnerabilities, particularly against cross-site scripting attacks, SQL injections, and related operations. Conduct double validation of data.
  • Escalate threat intelligence activities to detect related chatter, brand abuse, and defacements.
  • Train personnel and be vigilant on social engineering attacks.
  • Close unnecessary open ports.
  • Practice password hygiene.
  • Improve visibility on cyber vulnerabilities of partners and vendors.

APPENDIX

Sharklays campaign identifiers:

45.58.143.2 – A record of sharklays.co.uk

sharklays.co.uk – domain of the main platform of the brand defacement campaign against Barclays bank, and platform of XR Money Rebellion’s most prominent brand attack against a bank

The following hashes are malicious files downloaded using the IP hosting sharklays.co.uk. It has a weak relation to XR Money Rebellion, however, these may indicate that the campaign may intentionally or unintentionally distribute them:

4eaea4687d04a794ed1528b206fec6a8b351cf5435a99a29bb7bf5120e789d78
074a1e9850e0b6a13967009212ab44f040a241347fab27f21dbdefa4a04aeddb
fa1481149feeb185850bbf4e1ab381b49d8263920930cc1daeada00f086889cd
4c7555bfbab8c53fde8207eea9f7f3fe43d142561fc49cef8b56a7b826d55d15
276ec58a5716b6f142f3aca2fae061b76a88fb7aaa8d3335543b76498d0b1f26
bc192795565d7e2ec3a7068710f7fb50ce1e09cef44f7778ed86b080e8c427f2
523d617aac9b26ea988b7b2411f4ebe2331154715208b974b06d7c80514f6f56
12cb32a960f0061a3afecefb478dcf002c187bdd0cc7bf3e53aa6573afe513f2
015043de58c37de9d2b1a7293f52339dd91b2b383d651d4c51baa5baf1694e3a
214e4d69e9b677c26ba71eb39f1f135bcbffa8a1a1238984f35eced097dc968f
823c6c8c884e1193078391c9863c49413e982073676fe535bb7bda5ea9610897
9bd2f21658f9ba0774018b586cc8a5a96d7abd14fc8a2aaea4e85950c47acfa2
8a19ec1ca8a95e1d3ad0f4d43e23055d6a5e78a82edf22e46a096595116d465f
6cedbae4a81606b905e4b4e90d5a70ae448162a036be6497024b7cbb60ddbd81
d8ed5651506787db6f95228d5520ef13a9b355c44377287f1af83dd4d2499261

 

XR Related Domains:

extinctionrebellion.uk

extinctionrebellion.us

extinctionrebellion.be

extinctionrebellion.it

extinctionrebellion.de

rebellion.global

rebellion.earth – mail domain

extinctionrebellionph.carrd.co

xrebellion.nyc

XR Social Media Accounts:

Twitter Accounts:  

https://twitter.com/ExtinctionR 

https://twitter.com/XRebellionUK 

https://twitter.com/pollutersout 

https://twitter.com/XR_NYC 

https://twitter.com/XRLondon 

https://twitter.com/XrYouth 

Facebook Pages: 

https://www.facebook.com/ExtinctionRebellion/ 
https://www.instagram.com/extinctionrebellion/ 

Youtube Channel:  

https://www.youtube.com/channel/UCYThdLKE6TDwBJh-qDC6ICA 

XR Telegram Channels:

@eXtinctionRebellion

@XRNLbroadcast

@youthrebellion

@xrloverebellion

@esXrebellion

@XRBarcelona

@XRItaly

@ElectionRebellionBroadcast

@XRDeutschland

XR Email Addresses:

antwerp@extinctionrebellion.be

rebelringers@rebellion.earth

sydneyredrebel@protonmail.com

xr.bristolactions@protonmail.com

xr-auderghem@protonmail.com

XRBloomingtonIndiana@protonmail.com

xrcamactionsupport@protonmail.com

XR-Global-Creative@protonmail.com

XR-International@protonmail.com

xrnyc.action@protonmail.com

xr-peoplesassembly@protonmail.com

xrpoliceliaison@protonmail.com

xrscotlandtech@protonmail.com

xrsouthwark@protonmail.com

xrwa@protonmail.com

References

  • Money Rebellion. (2021). April 1st - Global Money Rebelion Wave.
  • Money Rebellion. (2021, March 9). Money Rebellion Newsletter.
  • Wilson, E. (2019, December 19). Extinction Rebellion: People Power on a Global Scale? Non-Violent Conflict Org. Retrieved from https://www.nonviolent-conflict.org/blog_post/extinction-rebellion-people-power-on-a-global-scale/
  • Wilson, T., & Walton, R. (2019, July). Extreme Rebellion: A Review of Ideology and Tactics. London, United Kingdom. Retrieved from https://policyexchange.org.uk/wp-content/uploads/2019/07/Extremism-Rebellion.pdf

[1] Cyberint does not claim to dispute any details relating to climate change or the damage caused to the environment by current human activities.