Attacks/Breaches
12/20/2012
10:54 AM
Connect Directly
RSS
E-Mail
50%
50%

9 Ways Hacktivists Shocked The World In 2012

Despite the arrests of alleged LulzSec and Anonymous ringleaders, ongoing attacks -- including Muslim hackers disrupting U.S. banks -- prove hacktivism remains alive and well.

Hacking websites, cracking databases, leaving behind defacements and releasing untold amounts of purloined information has been happening for years. The exploits of hackers appeared to reach new heights last year, in the wake of 2011's high-profile attacks against HBGary Federal, Sony and numerous government websites, together with the debut -- and self-imposed demise -- of the sharp-tongued hacktivist group LulzSec.

Yet, throughout 2012, hacking exploits continued unabated, with still more attacks targeting and obtaining sensitive information from governments, law enforcement agencies, businesses and more. Furthermore, the exploits continued despite the surprising news that the leader of LulzSec had not only been busted in 2011, but worked with the FBI to help snare his Anonymous associates.

Here are nine notable ways that hackers and hacktivism have remained in the headlines in 2012:

1. Anonymous Hacks FBI Cybercrime Conference Call

The LulzSec gang announced its retirement in June 2011, and while some alleged members, such as Jake Davis -- accused of being the group's spokesman, "Topiary" -- were arrested, at the beginning of 2012, many participants appeared to be still at large.

[ Rules and regulations may be friends or a foes. See S.C. Security Blunders Show Why States Get Hacked. ]

Come February 2012, elements of Anonymous even took down the CIA's public-facing website, and leaked an FBI conference call in which investigators coordinated Anonymous and LulzSec participants'' arrests. Curiously, however, key details -- such as the alleged hacktivists' names -- had been blanked out of the audio file that was ultimately released.

2. Stratfor Hack Upends Private Sector Intelligence Provider

Also in February, Anonymous announced the release of a trove of emails and personal data stored by Strategic Forecasting, better known as Stratfor, which is an intelligence contractor. A member of Anonymous -- who turned out to be LulzSec leader Sabu -- reported that the plaintext emails and customer information had been obtained by exploiting known vulnerabilities in the Stratfor network. Ultimately, the breach exposed personal information on 860,000 Stratfor customers, 60,000 credit card numbers and a massive trove of emails between Stratfor and its sources.

3. Hacker King Turns Informant: Feds Reveal Sabu Bust

Come March, the FBI announced the arrest of five principal members of Anonymous and LulzSec, accused of hacking into the websites of Sony, PBS and Stratfor, amongst other organizations. In retrospect, the blanked-out audio of the released FBI conference call might have been a giveaway, as court documents unsealed after the arrests revealed that LulzSec leader Sabu -- real name, Hector Xavier Monsegur -- had himself been arrested back in June 2011.

Facing the potential of serious jail time for alleged identity theft, Sabu quickly turned informer and began working around the clock to help investigators counter emerging attacks, as well as bust high-profile Anonymous participants. Since the March arrests, prosecutors have continued to expand the case, including arresting Jeremy Hammond, the alleged ringleader of the Stratfor hack.

4. Hacktivists Drive Global Law Enforcement Agencies To Unite

One side effect of the rise in hacktivism has been increased cooperation -- no need for cybercrime treaties -- between law enforcement agencies in various countries. "A lot of people think this is just a bunch of kids fooling around, but in reality, it's not, it can destroy your business," said Eric Strom, the unit chief for the cyber initiative and resource fusion unit in the FBI's cyber division, at the RSA conference in San Francisco in February. "You know, market share goes down and you're talking about significant damage to a company."

Asked at the conference what the FBI was doing about the problem -- months after the bureau had secretly turned Sabu, but just days before busting the alleged higher-ups in Anonymous and LulzSec -- Strom kept his cards close to his chest. "So let's put it this way, the FBI has put a lot of resources towards this problem ... it's not something that we just look at as a small issue, we have a lot of people around the country working this, as well as around the world, so companies should do the same."

But Strom said the word "hacktivism" meant little to the bureau. Instead, he said the FBI attempted to differentiate between people's online freedoms of assembly and speech versus clear evidence of law-breaking.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jaysimmons
50%
50%
jaysimmons,
User Rank: Apprentice
12/25/2012 | 6:45:47 PM
re: 9 Ways Hacktivists Shocked The World In 2012
There are mixed feelings behind G«£hacktivismG«•. On one hand it does release information that can shed light on issues important to the public, while on the other it can also be used to push certain groups own agendas. I find it particularly amusing how in the #1 case from this article the names of hackers in the audio file were blanked out; a group that claims to be about leaking raw information to the public, yet edit the file that was released to the public loses whatever little integrity they had.

Jay Simmons
Information Week Contributor
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6335
Published: 2014-08-26
The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and ...

CVE-2014-0480
Published: 2014-08-26
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL ...

CVE-2014-0481
Published: 2014-08-26
The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a d...

CVE-2014-0482
Published: 2014-08-26
The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors relate...

CVE-2014-0483
Published: 2014-08-26
The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a to_field ...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.