Attacks/Breaches
12/20/2012
10:54 AM
Connect Directly
RSS
E-Mail
50%
50%

9 Ways Hacktivists Shocked The World In 2012

Despite the arrests of alleged LulzSec and Anonymous ringleaders, ongoing attacks -- including Muslim hackers disrupting U.S. banks -- prove hacktivism remains alive and well.

5. Despite Arrests, Hacktivist Operations Continue

No matter the arrest of Sabu and other alleged Anonymous, LulzSec and AntiSec luminaries delivering on the hacktivist assertion that "you can't arrest an idea," attacks launched under the mantle of those groups continued unabated. After claiming an end to LulzSec's retirement, LulzSec Reborn doxed a military-focused dating site and released details on 170,000 members.

Other hacktivist groups, claiming no LulzSec or Anonymous affiliation, also continued their efforts. Team GhostShell, notably, leaked usernames, passwords and resumes from a Wall Street jobs board in July, followed later in the year by a massive data dump involving 1.6 million records related to a variety of organizations, including NASA, Interpol, the Department of Defense and trade organizations.

6. Symantec Sees pcAnywhere Extortion Shakedown

Another notable hack came to light in February, when Anonymous released 2 GB of source code pertaining to the 2006 version of Symantec's pcAnywhere remote access software. Seeing the source code made public was cause for concern since enterprising coders might find new vulnerabilities that could be quietly exploited, as, by many accounts, the code remains relatively unchanged in more recent versions of the software.

But this wasn't a straight-up data release (a.k.a. doxing) operation. After first denying that the source was legitimate, Symantec confirmed that the source code had apparently been stolen -- unbeknownst to the security firm -- in a 2006 security breach. Symantec also said that it, and then a U.S. law enforcement agent disguised as a Symantec employee, had been communicating in advance of the source code release with one or more hackers, who threatened blackmail if the security vendor didn't pay up.

Meanwhile, hacker Yama Tough -- leader of "LoD," short for Lords of Dharmaraja, which describes itself as the "Anonymous Avengers of Indian Independence Frontier" -- uploaded to Pastebin a series of emails he'd sent to Symantec to tell his side of the story, and demanded that Symantec wire $50,000 into an offshore account if it wanted to prevent the code from being released. When the security firm failed to pay up, he shared the stolen source code with Anonymous. How Yama Tough obtained the source code, however, and who else may have had access to it in the five years after it was stolen, remains a mystery.

7. Hackers Target U.S. Banks Over Anti-Muslim Film

This year also saw the launch of a number of high-profile distributed denial of service (DDoS) attacks by a Muslim hacktivist group calling itself the Cyber fighters of Izz ad-din Al qassam, who began targeting U.S. banks in retaliation for the YouTube posting of a clip of the Innocence of the Muslims film that mocks the founder of Islam.

The attacks against U.S. bank websites weren't without precedent. In Feb., for example, Anonymous-backed attacks reportedly disrupted the NASDAQ and BATS stock exchanges, as well as the Chicago Board Options Exchange. But what differed was the sheer scale of the new attacks, which overwhelmed the websites of leading Wall Street firms, including Bank of America, BB&T, JPMorgan Chase, Capital One, HSBC, New York Stock Exchange, Regions Financial, SunTrust, U.S. Bank and Wells Fargo. That was despite the attackers previewing the sites they'd target, as well as the days and times that the attacks would commence.

U.S. officials blamed the Iranian government for sponsoring the DDoS attacks again U.S. banks, but in numerous Pastebin pronouncements, the Cyber fighters of Izz ad-din Al qassam said that their members hailed from multiple countries.

8. Anonymous Continues Pressing Political Agenda

Efforts conducted under the Anonymous banner continued throughout 2012, despite the arrest of Sabu and other alleged group leaders. In May, for example, as part of anti-NATO protests, the group's members obtained and released -- together with Anonymous affiliate AntiS3curityOPS -- a 1.7 GB Justice Department database. In July, in support of Syrian rebels, Anonymous worked with WikiLeaks to release 2.4 million Syrian government emails.

Other campaigns included the Nov. launch of Operation Israel (OpIsrael) after violence between Israel and Hamas flared into an eight-day conflict. In Dec., meanwhile, the hacktivist collective vowed to dismantle Westboro Baptist Church, an independent group that self-identifies as a church, after the group said it would picket the funerals of people killed at the Sandy Hook Elementary School in Newtown, Conn.

9. Anonymous' Achilles Heel: Anonymity

One recurring problem for hacktivists, however, has been the apparent difficulty of remaining anonymous online. Numerous alleged Anonymous and LulzSec participants were busted in 2011 after VPN services such as HideMyAss.com complied with law enforcement requests to share subscriber data. Investigators then cross-referenced subscribers' access times with data related to attacks to help pinpoint attackers' real identities.

Likewise, the FBI earlier this year arrested Galveston, Texas-based Higinio O. Ochoa III and accused him of being part of the hacking group CabinCr3w, which launched attacks against the websites of the West Virginia Chiefs of Police, the Alabama Department of Public Safety, the Texas Department of Safety and the police department in Mobile, Ala. According to law enforcement officials, the Mobile police website defacers left behind a taunting image of a woman in a bikini top, holding a sign reading "PwNd by wOrmer & CabinCr3w <3 u BiTch's!" The EXIF data contained in the image file, however, revealed the GPS coordinates where the iPhone photo had been taken, which led investigators directly to the house of Ochoa's girlfriend in Australia.

Other anonymity-busting 2012 incidents involved former CIA director David H. Petraeus and antivirus founder John McAfee. They further highlight just how difficult it is to remain anonymous online, which will no double be a cause for concern for any hacktivists who remain active come 2013.

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jaysimmons
50%
50%
jaysimmons,
User Rank: Apprentice
12/25/2012 | 6:45:47 PM
re: 9 Ways Hacktivists Shocked The World In 2012
There are mixed feelings behind GÇ£hacktivismGÇ¥. On one hand it does release information that can shed light on issues important to the public, while on the other it can also be used to push certain groups own agendas. I find it particularly amusing how in the #1 case from this article the names of hackers in the audio file were blanked out; a group that claims to be about leaking raw information to the public, yet edit the file that was released to the public loses whatever little integrity they had.

Jay Simmons
Information Week Contributor
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7407
Published: 2014-10-22
Cross-site request forgery (CSRF) vulnerability in the MRBS module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVE-2014-3675
Published: 2014-10-22
Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet.

CVE-2014-3676
Published: 2014-10-22
Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option."

CVE-2014-3677
Published: 2014-10-22
Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption.

CVE-2014-3828
Published: 2014-10-22
Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter to views/graphs/GetXmlTree.php, (3) the session_id...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.