Attacks/Breaches
3/1/2012
08:56 AM
Connect Directly
RSS
E-Mail
50%
50%

Anonymous Retaliates For Interpol Arrests

Hacktivists use DDoS attacks to knock Interpol website offline following arrests of 25 alleged Anonymous associates. FBI official at RSA credits Anonymous for accelerating international law enforcement cooperation.

Anonymous: 10 Facts About The Hacktivist Group
Anonymous: 10 Facts About The Hacktivist Group
(click image for larger view and for slideshow)
Anonymous launched a sustained distributed denial-of-service (DDoS) attack that knocked Interpol's public-facing website offline for several hours Tuesday.

Members of the hacktivist group Anonymous apparently took credit for the attacks via the AnonOps Twitter channel, which has served as a reliable source of Anonymous information. "Tango Down >> Free International Anons!" read one tweet, while another said, "Tango Down II 404 Interpol, #Anonymous is not a criminal organization."

The DDoS attacks were in retaliation for Interpol Tuesday announcing that it had coordinated the arrests of 25 people in four European and Latin American countries for alleged illegal activities conducted under the Anonymous banner. The alleged hackers were all between the ages of 17 and 40, and as part of the investigation, Interpol also seized 250 pieces of IT equipment and mobile phones, as well as credit and debit cards, and cash.

[ See our complete RSA 2012 Security Conference coverage, live from San Francisco. ]

Interpol had launched its so-called Operation Unmask--a not-so-subtle nod to Anonymous' own naming conventions--in February, in response to a series of cyber attacks that originated from Argentina, Chile, Colombia, and Spain. The attacks were directed at numerous organizations, including Columbia's Ministry of Defense and presidential website, as well as utility companies.

"This operation shows that crime in the virtual world does have real consequences for those involved, and that the Internet cannot be seen as a safe haven for criminal activity, no matter where it originates or where it is targeted," said Bernd Rossbach, acting Interpol executive director of police services, in a statement.

Interpol said it's continuing to investigate how the attacks were funded, and noted that the arrests were facilitated by Interpol's working parties on IT crime, which "were created to facilitate the development of strategies, technologies, and information on the latest IT crime methods." Interpol said there are five such working parties, covering Africa, the Americas, Asia and the South Pacific, Europe, and the Middle East, and North Africa.

But the Interpol working groups are far from the only examples of governmental organizations that have banded together to fight cybercrime. Indeed, as various hacktivist groups continue to hack into websites and "dox"--release sensitive documents--businesses, government agencies, and law enforcement agencies in various countries have begun working much more closely together to share information on pending attacks, as well as to help with ongoing investigations. "A year or so ago, there was a movement to attack a number of Turkish websites. We called our counterparts in Turkey, and within 24 hours, they'd arrested 32 people," said Eric Strom, the unit chief for the cyber initiative and resource fusion unit in the FBI's cyber division, speaking at this week's RSA conference in San Francisco. "This is an international problem."

In other words, just as Anonymous has united a number of people in different countries in the pursuit of common aims, it's also resulted in unprecedented levels of cross-border cooperation. "It's made the world a lot smaller for law enforcement," said Strom.

The right forensic tools in the right hands are just a start. The new Digital Detectives issue of Dark Reading shows you how to better apply the lessons they teach. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6117
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

CVE-2014-0174
Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVE-2014-3485
Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

CVE-2014-3499
Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

CVE-2014-3503
Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.