03:45 PM

Anonymous Hacks Wal-Mart, CapitalOne, Finland, El Salvador

Releases troves of stolen data, some of unknown origin, and issues call for mass disruptions of the Iowa caucuses.

10 Massive Security Breaches
(click image for larger view)
Slideshow: 10 Massive Security Breaches
It's been a busy few days for the hacktivist collective known as Anonymous.

On Saturday, Anonymous released data it had stolen after hacking the websites of CapitalOne and Wal-Mart. According to Anonymous, its data dump includes information on everyone from Warren Buffet and Michael Bloomberg to Monsanto CEO Hugh Grant and embattled ex-Harvard president and former Obama financial advisor Lawrence Summers.

Also on Saturday, the group released a YouTube video calling for people to occupy "campaign offices of presidential headquarters in Des Moines, Iowa," come December, in a bid to disrupt the Iowa caucuses in January. The Anonymous communication accused both the Democratic and Republican parties of "committing crimes against humanity on behalf of American people" and destroying "the American democracy." As a result, the group said that it was extending "Operation Empire State Rebellion"--a nod to the Occupy Wall Street movement, which it has been supporting with hack attacks--to Iowa.

Meanwhile, on Monday, officials in El Salvador disclosed that Anonymous had launched a cyber attack against government websites there, two weeks ago. All told, the distributed denial of service (DDoS) attack flooded government websites with a total of 30 million hits, reported AFP. The government said it took the websites offline until the attack had subsided.

[A former Anonymous hacker offers security tips. See 14 Enterprise Security Tips From Anonymous Hacker.]

On Saturday in Finland, officials discovered that Anonymous had released a data dump involving information on 16,000 Finns, but from an unknown website or websites. "We still do not know if the data has been collected by breaking into the services, or if some other method of obtaining information has been used. In the related Internet conversations there is a rumor circulating, according to which this would be a list for adult education marketing purposes," Mikko Hypponen, chief research officer at Finland's F-Secure, told the Finnish newspaper Helsingin Sanomat on Tuesday.

The newspaper said that the released data includes "the names, full social security numbers, addresses, telephone numbers, street addresses, and email addresses of the victims." Government officials said the list seems to combine information from multiple higher-education institutions, including the country's police college.

Again in Finland, Anonymous claimed on Monday to have hacked a database that stores requests for joining the mailing list for the website of a far-right political party in Finland. The Suomen Kansallinen Vastarinta (SKV) party, according to one Finland commentator, Enrique Tessieri, espouses the position of "many neo-Nazi organizations in Europe, who live in a delusionary views about racial purity that date back to Germany and Europe of the 1930s."

The Anonymous exploits in El Salvador, Finland, and the United States follow recent, claimed attacks against numerous Israeli government websites, as well as a campaign--later called off--against Mexico's Zetas drug cartel.

In other words, various parts of Anonymous have been busy lately, quite possibly due to it having been Guy Fawkes Day on November 5. The day holds special significance for the collective, which has incorporated graphic novelist Alan Moore's V For Vendetta take on the day, which transformed Fawkes, a religious zealot bent on exploding the British Parliament, into a modern crusader against a corrupt, totalitarian government, sporting what's now become the trademark Anonymous mask. (As also featured in the film version.) However, as noted in a recent Guardian story, there's no small irony in the fact that a portion of the sale of every mask goes to Warner Brothers, which is part of TimeWarner, which is part of the Motion Picture Association of America, which promotes an anti-online-piracy ethos that's decidedly not part of the Anonymous philosophy.

[Update: Capital One has contacted InformationWeek with a correction to this story: "Capital One's site was under a scheduled routine maintenance on Saturday evening. This was something we controlled and our customers were still able to access online account servicing and complete their transactions. The news that our website was hacked is inaccurate and at no time were our customers unable to transact," the spokesman said.]

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.