Despite the arrests of alleged LulzSec and Anonymous ringleaders, ongoing attacks -- including Muslim hackers disrupting U.S. banks -- prove hacktivism remains alive and well.

Mathew J. Schwartz, Contributor

December 20, 2012

9 Min Read

Hacking websites, cracking databases, leaving behind defacements and releasing untold amounts of purloined information has been happening for years. The exploits of hackers appeared to reach new heights last year, in the wake of 2011's high-profile attacks against HBGary Federal, Sony and numerous government websites, together with the debut -- and self-imposed demise -- of the sharp-tongued hacktivist group LulzSec.

Yet, throughout 2012, hacking exploits continued unabated, with still more attacks targeting and obtaining sensitive information from governments, law enforcement agencies, businesses and more. Furthermore, the exploits continued despite the surprising news that the leader of LulzSec had not only been busted in 2011, but worked with the FBI to help snare his Anonymous associates.

Here are nine notable ways that hackers and hacktivism have remained in the headlines in 2012:

1. Anonymous Hacks FBI Cybercrime Conference Call

The LulzSec gang announced its retirement in June 2011, and while some alleged members, such as Jake Davis -- accused of being the group's spokesman, "Topiary" -- were arrested, at the beginning of 2012, many participants appeared to be still at large.

[ Rules and regulations may be friends or a foes. See S.C. Security Blunders Show Why States Get Hacked. ]

Come February 2012, elements of Anonymous even took down the CIA's public-facing website, and leaked an FBI conference call in which investigators coordinated Anonymous and LulzSec participants'' arrests. Curiously, however, key details -- such as the alleged hacktivists' names -- had been blanked out of the audio file that was ultimately released.

2. Stratfor Hack Upends Private Sector Intelligence Provider

Also in February, Anonymous announced the release of a trove of emails and personal data stored by Strategic Forecasting, better known as Stratfor, which is an intelligence contractor. A member of Anonymous -- who turned out to be LulzSec leader Sabu -- reported that the plaintext emails and customer information had been obtained by exploiting known vulnerabilities in the Stratfor network. Ultimately, the breach exposed personal information on 860,000 Stratfor customers, 60,000 credit card numbers and a massive trove of emails between Stratfor and its sources.

3. Hacker King Turns Informant: Feds Reveal Sabu Bust

Come March, the FBI announced the arrest of five principal members of Anonymous and LulzSec, accused of hacking into the websites of Sony, PBS and Stratfor, amongst other organizations. In retrospect, the blanked-out audio of the released FBI conference call might have been a giveaway, as court documents unsealed after the arrests revealed that LulzSec leader Sabu -- real name, Hector Xavier Monsegur -- had himself been arrested back in June 2011.

Facing the potential of serious jail time for alleged identity theft, Sabu quickly turned informer and began working around the clock to help investigators counter emerging attacks, as well as bust high-profile Anonymous participants. Since the March arrests, prosecutors have continued to expand the case, including arresting Jeremy Hammond, the alleged ringleader of the Stratfor hack.

4. Hacktivists Drive Global Law Enforcement Agencies To Unite

One side effect of the rise in hacktivism has been increased cooperation -- no need for cybercrime treaties -- between law enforcement agencies in various countries. "A lot of people think this is just a bunch of kids fooling around, but in reality, it's not, it can destroy your business," said Eric Strom, the unit chief for the cyber initiative and resource fusion unit in the FBI's cyber division, at the RSA conference in San Francisco in February. "You know, market share goes down and you're talking about significant damage to a company."

Asked at the conference what the FBI was doing about the problem -- months after the bureau had secretly turned Sabu, but just days before busting the alleged higher-ups in Anonymous and LulzSec -- Strom kept his cards close to his chest. "So let's put it this way, the FBI has put a lot of resources towards this problem ... it's not something that we just look at as a small issue, we have a lot of people around the country working this, as well as around the world, so companies should do the same."

But Strom said the word "hacktivism" meant little to the bureau. Instead, he said the FBI attempted to differentiate between people's online freedoms of assembly and speech versus clear evidence of law-breaking. 5. Despite Arrests, Hacktivist Operations Continue

No matter the arrest of Sabu and other alleged Anonymous, LulzSec and AntiSec luminaries delivering on the hacktivist assertion that "you can't arrest an idea," attacks launched under the mantle of those groups continued unabated. After claiming an end to LulzSec's retirement, LulzSec Reborn doxed a military-focused dating site and released details on 170,000 members.

Other hacktivist groups, claiming no LulzSec or Anonymous affiliation, also continued their efforts. Team GhostShell, notably, leaked usernames, passwords and resumes from a Wall Street jobs board in July, followed later in the year by a massive data dump involving 1.6 million records related to a variety of organizations, including NASA, Interpol, the Department of Defense and trade organizations.

6. Symantec Sees pcAnywhere Extortion Shakedown

Another notable hack came to light in February, when Anonymous released 2 GB of source code pertaining to the 2006 version of Symantec's pcAnywhere remote access software. Seeing the source code made public was cause for concern since enterprising coders might find new vulnerabilities that could be quietly exploited, as, by many accounts, the code remains relatively unchanged in more recent versions of the software.

But this wasn't a straight-up data release (a.k.a. doxing) operation. After first denying that the source was legitimate, Symantec confirmed that the source code had apparently been stolen -- unbeknownst to the security firm -- in a 2006 security breach. Symantec also said that it, and then a U.S. law enforcement agent disguised as a Symantec employee, had been communicating in advance of the source code release with one or more hackers, who threatened blackmail if the security vendor didn't pay up.

Meanwhile, hacker Yama Tough -- leader of "LoD," short for Lords of Dharmaraja, which describes itself as the "Anonymous Avengers of Indian Independence Frontier" -- uploaded to Pastebin a series of emails he'd sent to Symantec to tell his side of the story, and demanded that Symantec wire $50,000 into an offshore account if it wanted to prevent the code from being released. When the security firm failed to pay up, he shared the stolen source code with Anonymous. How Yama Tough obtained the source code, however, and who else may have had access to it in the five years after it was stolen, remains a mystery.

7. Hackers Target U.S. Banks Over Anti-Muslim Film

This year also saw the launch of a number of high-profile distributed denial of service (DDoS) attacks by a Muslim hacktivist group calling itself the Cyber fighters of Izz ad-din Al qassam, who began targeting U.S. banks in retaliation for the YouTube posting of a clip of the Innocence of the Muslims film that mocks the founder of Islam.

The attacks against U.S. bank websites weren't without precedent. In Feb., for example, Anonymous-backed attacks reportedly disrupted the NASDAQ and BATS stock exchanges, as well as the Chicago Board Options Exchange. But what differed was the sheer scale of the new attacks, which overwhelmed the websites of leading Wall Street firms, including Bank of America, BB&T, JPMorgan Chase, Capital One, HSBC, New York Stock Exchange, Regions Financial, SunTrust, U.S. Bank and Wells Fargo. That was despite the attackers previewing the sites they'd target, as well as the days and times that the attacks would commence.

U.S. officials blamed the Iranian government for sponsoring the DDoS attacks again U.S. banks, but in numerous Pastebin pronouncements, the Cyber fighters of Izz ad-din Al qassam said that their members hailed from multiple countries.

8. Anonymous Continues Pressing Political Agenda

Efforts conducted under the Anonymous banner continued throughout 2012, despite the arrest of Sabu and other alleged group leaders. In May, for example, as part of anti-NATO protests, the group's members obtained and released -- together with Anonymous affiliate AntiS3curityOPS -- a 1.7 GB Justice Department database. In July, in support of Syrian rebels, Anonymous worked with WikiLeaks to release 2.4 million Syrian government emails.

Other campaigns included the Nov. launch of Operation Israel (OpIsrael) after violence between Israel and Hamas flared into an eight-day conflict. In Dec., meanwhile, the hacktivist collective vowed to dismantle Westboro Baptist Church, an independent group that self-identifies as a church, after the group said it would picket the funerals of people killed at the Sandy Hook Elementary School in Newtown, Conn.

9. Anonymous' Achilles Heel: Anonymity

One recurring problem for hacktivists, however, has been the apparent difficulty of remaining anonymous online. Numerous alleged Anonymous and LulzSec participants were busted in 2011 after VPN services such as HideMyAss.com complied with law enforcement requests to share subscriber data. Investigators then cross-referenced subscribers' access times with data related to attacks to help pinpoint attackers' real identities.

Likewise, the FBI earlier this year arrested Galveston, Texas-based Higinio O. Ochoa III and accused him of being part of the hacking group CabinCr3w, which launched attacks against the websites of the West Virginia Chiefs of Police, the Alabama Department of Public Safety, the Texas Department of Safety and the police department in Mobile, Ala. According to law enforcement officials, the Mobile police website defacers left behind a taunting image of a woman in a bikini top, holding a sign reading "PwNd by wOrmer & CabinCr3w <3 u BiTch's!" The EXIF data contained in the image file, however, revealed the GPS coordinates where the iPhone photo had been taken, which led investigators directly to the house of Ochoa's girlfriend in Australia.

Other anonymity-busting 2012 incidents involved former CIA director David H. Petraeus and antivirus founder John McAfee. They further highlight just how difficult it is to remain anonymous online, which will no double be a cause for concern for any hacktivists who remain active come 2013.

About the Author(s)

Mathew J. Schwartz

Contributor

Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights