Attacks/Breaches
12/20/2012
10:54 AM
50%
50%

9 Ways Hacktivists Shocked The World In 2012

Despite the arrests of alleged LulzSec and Anonymous ringleaders, ongoing attacks -- including Muslim hackers disrupting U.S. banks -- prove hacktivism remains alive and well.

5. Despite Arrests, Hacktivist Operations Continue

No matter the arrest of Sabu and other alleged Anonymous, LulzSec and AntiSec luminaries delivering on the hacktivist assertion that "you can't arrest an idea," attacks launched under the mantle of those groups continued unabated. After claiming an end to LulzSec's retirement, LulzSec Reborn doxed a military-focused dating site and released details on 170,000 members.

Other hacktivist groups, claiming no LulzSec or Anonymous affiliation, also continued their efforts. Team GhostShell, notably, leaked usernames, passwords and resumes from a Wall Street jobs board in July, followed later in the year by a massive data dump involving 1.6 million records related to a variety of organizations, including NASA, Interpol, the Department of Defense and trade organizations.

6. Symantec Sees pcAnywhere Extortion Shakedown

Another notable hack came to light in February, when Anonymous released 2 GB of source code pertaining to the 2006 version of Symantec's pcAnywhere remote access software. Seeing the source code made public was cause for concern since enterprising coders might find new vulnerabilities that could be quietly exploited, as, by many accounts, the code remains relatively unchanged in more recent versions of the software.

But this wasn't a straight-up data release (a.k.a. doxing) operation. After first denying that the source was legitimate, Symantec confirmed that the source code had apparently been stolen -- unbeknownst to the security firm -- in a 2006 security breach. Symantec also said that it, and then a U.S. law enforcement agent disguised as a Symantec employee, had been communicating in advance of the source code release with one or more hackers, who threatened blackmail if the security vendor didn't pay up.

Meanwhile, hacker Yama Tough -- leader of "LoD," short for Lords of Dharmaraja, which describes itself as the "Anonymous Avengers of Indian Independence Frontier" -- uploaded to Pastebin a series of emails he'd sent to Symantec to tell his side of the story, and demanded that Symantec wire $50,000 into an offshore account if it wanted to prevent the code from being released. When the security firm failed to pay up, he shared the stolen source code with Anonymous. How Yama Tough obtained the source code, however, and who else may have had access to it in the five years after it was stolen, remains a mystery.

7. Hackers Target U.S. Banks Over Anti-Muslim Film

This year also saw the launch of a number of high-profile distributed denial of service (DDoS) attacks by a Muslim hacktivist group calling itself the Cyber fighters of Izz ad-din Al qassam, who began targeting U.S. banks in retaliation for the YouTube posting of a clip of the Innocence of the Muslims film that mocks the founder of Islam.

The attacks against U.S. bank websites weren't without precedent. In Feb., for example, Anonymous-backed attacks reportedly disrupted the NASDAQ and BATS stock exchanges, as well as the Chicago Board Options Exchange. But what differed was the sheer scale of the new attacks, which overwhelmed the websites of leading Wall Street firms, including Bank of America, BB&T, JPMorgan Chase, Capital One, HSBC, New York Stock Exchange, Regions Financial, SunTrust, U.S. Bank and Wells Fargo. That was despite the attackers previewing the sites they'd target, as well as the days and times that the attacks would commence.

U.S. officials blamed the Iranian government for sponsoring the DDoS attacks again U.S. banks, but in numerous Pastebin pronouncements, the Cyber fighters of Izz ad-din Al qassam said that their members hailed from multiple countries.

8. Anonymous Continues Pressing Political Agenda

Efforts conducted under the Anonymous banner continued throughout 2012, despite the arrest of Sabu and other alleged group leaders. In May, for example, as part of anti-NATO protests, the group's members obtained and released -- together with Anonymous affiliate AntiS3curityOPS -- a 1.7 GB Justice Department database. In July, in support of Syrian rebels, Anonymous worked with WikiLeaks to release 2.4 million Syrian government emails.

Other campaigns included the Nov. launch of Operation Israel (OpIsrael) after violence between Israel and Hamas flared into an eight-day conflict. In Dec., meanwhile, the hacktivist collective vowed to dismantle Westboro Baptist Church, an independent group that self-identifies as a church, after the group said it would picket the funerals of people killed at the Sandy Hook Elementary School in Newtown, Conn.

9. Anonymous' Achilles Heel: Anonymity

One recurring problem for hacktivists, however, has been the apparent difficulty of remaining anonymous online. Numerous alleged Anonymous and LulzSec participants were busted in 2011 after VPN services such as HideMyAss.com complied with law enforcement requests to share subscriber data. Investigators then cross-referenced subscribers' access times with data related to attacks to help pinpoint attackers' real identities.

Likewise, the FBI earlier this year arrested Galveston, Texas-based Higinio O. Ochoa III and accused him of being part of the hacking group CabinCr3w, which launched attacks against the websites of the West Virginia Chiefs of Police, the Alabama Department of Public Safety, the Texas Department of Safety and the police department in Mobile, Ala. According to law enforcement officials, the Mobile police website defacers left behind a taunting image of a woman in a bikini top, holding a sign reading "PwNd by wOrmer & CabinCr3w <3 u BiTch's!" The EXIF data contained in the image file, however, revealed the GPS coordinates where the iPhone photo had been taken, which led investigators directly to the house of Ochoa's girlfriend in Australia.

Other anonymity-busting 2012 incidents involved former CIA director David H. Petraeus and antivirus founder John McAfee. They further highlight just how difficult it is to remain anonymous online, which will no double be a cause for concern for any hacktivists who remain active come 2013.

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jaysimmons
50%
50%
jaysimmons,
User Rank: Apprentice
12/25/2012 | 6:45:47 PM
re: 9 Ways Hacktivists Shocked The World In 2012
There are mixed feelings behind G«£hacktivismG«•. On one hand it does release information that can shed light on issues important to the public, while on the other it can also be used to push certain groups own agendas. I find it particularly amusing how in the #1 case from this article the names of hackers in the audio file were blanked out; a group that claims to be about leaking raw information to the public, yet edit the file that was released to the public loses whatever little integrity they had.

Jay Simmons
Information Week Contributor
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5208
Published: 2014-12-22
BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbit...

CVE-2014-7286
Published: 2014-12-22
Buffer overflow in AClient in Symantec Deployment Solution 6.9 and earlier on Windows XP and Server 2003 allows local users to gain privileges via unspecified vectors.

CVE-2014-8015
Published: 2014-12-22
The Sponsor Portal in Cisco Identity Services Engine (ISE) allows remote authenticated users to obtain access to an arbitrary sponsor's guest account via a modified HTTP request, aka Bug ID CSCur64400.

CVE-2014-8017
Published: 2014-12-22
The periodic-backup feature in Cisco Identity Services Engine (ISE) allows remote attackers to discover backup-encryption passwords via a crafted request that triggers inclusion of a password in a reply, aka Bug ID CSCur41673.

CVE-2014-8018
Published: 2014-12-22
Multiple cross-site scripting (XSS) vulnerabilities in Business Voice Services Manager (BVSM) pages in the Application Software in Cisco Unified Communications Domain Manager 8 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCur19651, CSCur18555, CSCur1...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.