Anonymous Sudan hacks X to put pressure on Elon Musk over Starlink

A hacking group called Anonymous Sudan took X, formerly known as Twitter, offline in more than a dozen countries on Tuesday morning in an attempt to pressurise Elon Musk into launching his Starlink service in their country.

X was down for more than two hours, with thousands of users affected.

"Make our message reach to Elon Musk: 'Open Starlink in Sudan'," the hackers posted on Telegram.

X is the latest victim of the gang hacking to "benefit Sudan and Islam".

Over several weeks of private conversations with the group on the chat app Telegram, the BBC spoke to the hackers about their methods and motives.

One member of the group, who calls himself Crush, told the BBC that Tuesday's attack flooded X's servers with huge amounts of traffic to take it offline - the same blunt and relatively unsophisticated hacking techniques for which the gang is known.

The outage-tracking site Downdetector said nearly 20,000 outage reports were logged by users in the US and the UK, with a far higher number of people likely to have been affected.

Another hacking group member - Hofa - said the so-called DDoS (Distributed Denial of Service) attack was aimed at raising awareness about the civil war in Sudan which is "making the internet very bad and it goes down quite often for us".

X has not publicly acknowledged the disruption caused, and Mr Musk has not responded to questions to launch his satellite internet service in Sudan.

Located in Sudan

Anonymous Sudan has been accused by many in the cyber-security world of being a Russian cyber-military unit in disguise and causing cyber-chaos for the Kremlin under the cover of a foreign hacktivist outfit.

The theory stems from its online support for Russian President Vladimir Putin and an apparent alignment of motives with other hacking gangs in the country.

But the criminal group has repeatedly denied it is Russian, and for the first time shared evidence with the BBC that it is located in Sudan.

Crush, the group's main spokesperson and key member, shared his live location on the Telegram app as proof.

Crush and Hofa also sent pictures of their Sudanese passports and other screenshots suggesting they are in Sudan.

These things can be faked with varying degrees of difficulty, but after weeks of conversation with the BBC and cyber-security researcher Intel Cocktail, there is nothing to suggest the hackers are lying.

"Our long-term goal is to show the world that Sudanese people, although with limited capabilities, have very good skills in many different fields," said Crush.

In June, the gang posted a message of support for the Russian government to end an ongoing rebellion by the Wagner forces.

However, Crush explained that "a similar thing happened to our country and Russians stood with us so we wanted to pay them back", referring to Russia's support for the Sudanese government as it fights the ongoing civil war.

He insists that their group is made up of a "small number" of Sudanese hackers who are launching the attacks from the country in spite of regular internet outages.\

Since it emerged in January, Anonymous Sudan has successfully disrupted dozens of organisations and government web services in France, Nigeria, Israel and the US.

For the past month the gang has attacked Kenya, claiming the country's government is "meddling in Sudanese affairs".

One attack heavily disrupted the country's eCitizen portal used by the public to access more than 5,000 government services.

When challenged about the impacts on citizens, Crush defended the actions and said: "The reason we hit infrastructure is to teach the country and its rulers a lesson, and yes we have red lines, that is if our attacks harm a lot of innocents."

However, the group has also unsuccessfully attacked hospitals.

The gang claims to be carrying out the criminal attacks to "defend the Truth, Islam and Sudan", but on at least two occasions it has also tried to extort victims for Bitcoin.

It has also targeted websites like OnlyFans, Tumblr and Reddit, saying that they promote what it calls "disgusting smuts and other LGBTQ+ things".

In June, the hackers celebrated when the US cyber-authority issued an official warning about a wave of attacks against American organisations which it warned "can cost an organisation time and money and may impose reputational costs while resources and services are inaccessible".

Its most high-profile attack in June disrupted Microsoft services including Outlook and OneDrive, forcing the tech giant to issue a report with advice to customers on how to prevent being affected by the group.