Attacks/Breaches
3/1/2012
08:56 AM
50%
50%

Anonymous Retaliates For Interpol Arrests

Hacktivists use DDoS attacks to knock Interpol website offline following arrests of 25 alleged Anonymous associates. FBI official at RSA credits Anonymous for accelerating international law enforcement cooperation.

Anonymous: 10 Facts About The Hacktivist Group
Anonymous: 10 Facts About The Hacktivist Group
(click image for larger view and for slideshow)
Anonymous launched a sustained distributed denial-of-service (DDoS) attack that knocked Interpol's public-facing website offline for several hours Tuesday.

Members of the hacktivist group Anonymous apparently took credit for the attacks via the AnonOps Twitter channel, which has served as a reliable source of Anonymous information. "Tango Down >> Free International Anons!" read one tweet, while another said, "Tango Down II 404 Interpol, #Anonymous is not a criminal organization."

The DDoS attacks were in retaliation for Interpol Tuesday announcing that it had coordinated the arrests of 25 people in four European and Latin American countries for alleged illegal activities conducted under the Anonymous banner. The alleged hackers were all between the ages of 17 and 40, and as part of the investigation, Interpol also seized 250 pieces of IT equipment and mobile phones, as well as credit and debit cards, and cash.

[ See our complete RSA 2012 Security Conference coverage, live from San Francisco. ]

Interpol had launched its so-called Operation Unmask--a not-so-subtle nod to Anonymous' own naming conventions--in February, in response to a series of cyber attacks that originated from Argentina, Chile, Colombia, and Spain. The attacks were directed at numerous organizations, including Columbia's Ministry of Defense and presidential website, as well as utility companies.

"This operation shows that crime in the virtual world does have real consequences for those involved, and that the Internet cannot be seen as a safe haven for criminal activity, no matter where it originates or where it is targeted," said Bernd Rossbach, acting Interpol executive director of police services, in a statement.

Interpol said it's continuing to investigate how the attacks were funded, and noted that the arrests were facilitated by Interpol's working parties on IT crime, which "were created to facilitate the development of strategies, technologies, and information on the latest IT crime methods." Interpol said there are five such working parties, covering Africa, the Americas, Asia and the South Pacific, Europe, and the Middle East, and North Africa.

But the Interpol working groups are far from the only examples of governmental organizations that have banded together to fight cybercrime. Indeed, as various hacktivist groups continue to hack into websites and "dox"--release sensitive documents--businesses, government agencies, and law enforcement agencies in various countries have begun working much more closely together to share information on pending attacks, as well as to help with ongoing investigations. "A year or so ago, there was a movement to attack a number of Turkish websites. We called our counterparts in Turkey, and within 24 hours, they'd arrested 32 people," said Eric Strom, the unit chief for the cyber initiative and resource fusion unit in the FBI's cyber division, speaking at this week's RSA conference in San Francisco. "This is an international problem."

In other words, just as Anonymous has united a number of people in different countries in the pursuit of common aims, it's also resulted in unprecedented levels of cross-border cooperation. "It's made the world a lot smaller for law enforcement," said Strom.

The right forensic tools in the right hands are just a start. The new Digital Detectives issue of Dark Reading shows you how to better apply the lessons they teach. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0732
Published: 2015-07-28
Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web Security Appliance (WSA) 9.0.0-193; Email Security Appliance (ESA) 8.5.6-113, 9.1.0-032, 9.1.1-000, and 9.6.0-000; and Content Security Management Appliance (SMA) 9.1.0-033 allows remote attackers to inject arbitrary web script or ...

CVE-2015-2974
Published: 2015-07-28
LEMON-S PHP Gazou BBS plus before 2.36 allows remote attackers to upload arbitrary HTML documents via vectors involving a crafted image file.

CVE-2015-4287
Published: 2015-07-28
Cisco Firepower Extensible Operating System 1.1(1.86) on Firepower 9000 devices allows remote attackers to bypass intended access restrictions and obtain sensitive device information by visiting an unspecified web page, aka Bug ID CSCuu82230.

CVE-2015-4288
Published: 2015-07-28
The LDAP implementation on the Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Appliance (ESA) 8.5.7-042, and Content Security Management Appliance (SMA) 8.3.6-048 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain s...

CVE-2015-4692
Published: 2015-07-27
The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call.

Dark Reading Radio
Archived Dark Reading Radio
What’s the future of the venerable firewall? We’ve invited two security industry leaders to make their case: Join us and bring your questions and opinions!