Attacks/Breaches
12/20/2012
10:54 AM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

9 Ways Hacktivists Shocked The World In 2012

Despite the arrests of alleged LulzSec and Anonymous ringleaders, ongoing attacks -- including Muslim hackers disrupting U.S. banks -- prove hacktivism remains alive and well.

5. Despite Arrests, Hacktivist Operations Continue

No matter the arrest of Sabu and other alleged Anonymous, LulzSec and AntiSec luminaries delivering on the hacktivist assertion that "you can't arrest an idea," attacks launched under the mantle of those groups continued unabated. After claiming an end to LulzSec's retirement, LulzSec Reborn doxed a military-focused dating site and released details on 170,000 members.

Other hacktivist groups, claiming no LulzSec or Anonymous affiliation, also continued their efforts. Team GhostShell, notably, leaked usernames, passwords and resumes from a Wall Street jobs board in July, followed later in the year by a massive data dump involving 1.6 million records related to a variety of organizations, including NASA, Interpol, the Department of Defense and trade organizations.

6. Symantec Sees pcAnywhere Extortion Shakedown

Another notable hack came to light in February, when Anonymous released 2 GB of source code pertaining to the 2006 version of Symantec's pcAnywhere remote access software. Seeing the source code made public was cause for concern since enterprising coders might find new vulnerabilities that could be quietly exploited, as, by many accounts, the code remains relatively unchanged in more recent versions of the software.

But this wasn't a straight-up data release (a.k.a. doxing) operation. After first denying that the source was legitimate, Symantec confirmed that the source code had apparently been stolen -- unbeknownst to the security firm -- in a 2006 security breach. Symantec also said that it, and then a U.S. law enforcement agent disguised as a Symantec employee, had been communicating in advance of the source code release with one or more hackers, who threatened blackmail if the security vendor didn't pay up.

Meanwhile, hacker Yama Tough -- leader of "LoD," short for Lords of Dharmaraja, which describes itself as the "Anonymous Avengers of Indian Independence Frontier" -- uploaded to Pastebin a series of emails he'd sent to Symantec to tell his side of the story, and demanded that Symantec wire $50,000 into an offshore account if it wanted to prevent the code from being released. When the security firm failed to pay up, he shared the stolen source code with Anonymous. How Yama Tough obtained the source code, however, and who else may have had access to it in the five years after it was stolen, remains a mystery.

7. Hackers Target U.S. Banks Over Anti-Muslim Film

This year also saw the launch of a number of high-profile distributed denial of service (DDoS) attacks by a Muslim hacktivist group calling itself the Cyber fighters of Izz ad-din Al qassam, who began targeting U.S. banks in retaliation for the YouTube posting of a clip of the Innocence of the Muslims film that mocks the founder of Islam.

The attacks against U.S. bank websites weren't without precedent. In Feb., for example, Anonymous-backed attacks reportedly disrupted the NASDAQ and BATS stock exchanges, as well as the Chicago Board Options Exchange. But what differed was the sheer scale of the new attacks, which overwhelmed the websites of leading Wall Street firms, including Bank of America, BB&T, JPMorgan Chase, Capital One, HSBC, New York Stock Exchange, Regions Financial, SunTrust, U.S. Bank and Wells Fargo. That was despite the attackers previewing the sites they'd target, as well as the days and times that the attacks would commence.

U.S. officials blamed the Iranian government for sponsoring the DDoS attacks again U.S. banks, but in numerous Pastebin pronouncements, the Cyber fighters of Izz ad-din Al qassam said that their members hailed from multiple countries.

8. Anonymous Continues Pressing Political Agenda

Efforts conducted under the Anonymous banner continued throughout 2012, despite the arrest of Sabu and other alleged group leaders. In May, for example, as part of anti-NATO protests, the group's members obtained and released -- together with Anonymous affiliate AntiS3curityOPS -- a 1.7 GB Justice Department database. In July, in support of Syrian rebels, Anonymous worked with WikiLeaks to release 2.4 million Syrian government emails.

Other campaigns included the Nov. launch of Operation Israel (OpIsrael) after violence between Israel and Hamas flared into an eight-day conflict. In Dec., meanwhile, the hacktivist collective vowed to dismantle Westboro Baptist Church, an independent group that self-identifies as a church, after the group said it would picket the funerals of people killed at the Sandy Hook Elementary School in Newtown, Conn.

9. Anonymous' Achilles Heel: Anonymity

One recurring problem for hacktivists, however, has been the apparent difficulty of remaining anonymous online. Numerous alleged Anonymous and LulzSec participants were busted in 2011 after VPN services such as HideMyAss.com complied with law enforcement requests to share subscriber data. Investigators then cross-referenced subscribers' access times with data related to attacks to help pinpoint attackers' real identities.

Likewise, the FBI earlier this year arrested Galveston, Texas-based Higinio O. Ochoa III and accused him of being part of the hacking group CabinCr3w, which launched attacks against the websites of the West Virginia Chiefs of Police, the Alabama Department of Public Safety, the Texas Department of Safety and the police department in Mobile, Ala. According to law enforcement officials, the Mobile police website defacers left behind a taunting image of a woman in a bikini top, holding a sign reading "PwNd by wOrmer & CabinCr3w <3 u BiTch's!" The EXIF data contained in the image file, however, revealed the GPS coordinates where the iPhone photo had been taken, which led investigators directly to the house of Ochoa's girlfriend in Australia.

Other anonymity-busting 2012 incidents involved former CIA director David H. Petraeus and antivirus founder John McAfee. They further highlight just how difficult it is to remain anonymous online, which will no double be a cause for concern for any hacktivists who remain active come 2013.

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jaysimmons
50%
50%
jaysimmons,
User Rank: Apprentice
12/25/2012 | 6:45:47 PM
re: 9 Ways Hacktivists Shocked The World In 2012
There are mixed feelings behind G«£hacktivismG«•. On one hand it does release information that can shed light on issues important to the public, while on the other it can also be used to push certain groups own agendas. I find it particularly amusing how in the #1 case from this article the names of hackers in the audio file were blanked out; a group that claims to be about leaking raw information to the public, yet edit the file that was released to the public loses whatever little integrity they had.

Jay Simmons
Information Week Contributor
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web