11:37 AM

Anonymous Takes On State Department, More Banks

Hacktivist group says it will release work email addresses for more than 170 U.S. State Department employees in fifth round of Operation Last Resort attacks.

Who Is Hacking U.S. Banks? 8 Facts
Who Is Hacking U.S. Banks? 8 Facts
(click image for larger view and for slideshow)
The Anonymous hacktivist collective announced that for Presidents' Day, it hacked the U.S. State Department.

Under the flag of "Operation Last Resort," the group Monday claimed "we still have our warheads armed" and announced that for "round five" in its attack campaign, it was releasing information gleaned from a State Department database. The data dump -- or dox -- appeared to include work email addresses for over 170 U.S. State Department employees, as well as some biographical details, and to have been pulled from a database entitled "test_hrwg_careers_usa_ctc_com."

"Our reasons for this attack are very simple. You've imprisoned or either censored our people. We will not tolerate things as such," according to a message included in the Anonymous data dump. "Aaron Swartz this is for you, this is for Operation Last Resort," it said.

[ Want more on Anonynous? Read Anonymous Says DDoS Attacks Like Free Speech. ]

A spokesman for the State Department didn't immediately return a call seeking a request for comment about the assertion by Anonymous that it had hacked into and released data from one of the agency's databases.

The Anonymous Operation Last Resort campaign was launched in the wake of the suicide of Internet activist Aaron Swartz, who had long suffered from depression, and who was facing a 35-year jail sentence after being arrested in 2011 on hacking charges. Those charges stemmed from Swartz allegedly downloading millions of articles from the JSTOR academic database, in part via a Massachusetts Institute of Technology server closet. In the wake of Swartz's death, many legal experts -- as well as Anonymous -- have called for a reform of the country's computer hacking laws.

As noted by Operation Last Resort, the State Department dox was the fifth round of its attacks made in Swartz's memory. For those keeping score, the group executed three rounds of hacks against U.S. government websites and databases, as well as other entities involved in Swartz's case. That included leaking credentials for 4,000 U.S. banking executives that had been obtained from the Federal Reserve System, hacking and defacing the U.S. Sentencing Commission website, and hacking MIT. The group appeared to fail in its fourth bid, however, which was to interrupt the live stream of President Obama's State of the Union address last week.

Are the Anonymous attacks just publicity for the reform of computer crime laws that the group has been demanding? In fact, the attacks appear to have been more damaging than simple defacements or database dumps. Indeed, more than a month after Anonymous launched its attack against the U.S. Sentencing Commission's website, the site appears to remain hobbled, and features only a single "under construction" page, which displays key agency phone numbers, a "save the date" note for a national training seminar, and a link to an external U.S. government website for comment on "Federal Register Notice of Proposed 2013 Amendments to Federal Sentencing Guidelines and Request for Public Comment."

Furthermore, when the agency needed to distribute a major new report on federal sentencing practices that stretched to thousands of pages, it had to find someone else to distribute the report online, reported The Wall Street Journal. The agency reached out to Ohio State University law professor Douglas A. Berman, who posted it on his website.

"I would like to believe our government is functional enough to find some other way to get this out officially," Berman told the Journal. "I don't want to be the only reporter of record for all this material." Currently, however, the commission's single website page currently says that anyone inquiring into the report should contact the agency's office of public affairs, by telephone.

Anonymous, in a separate effort, also claimed Monday to have doxed the investment banking firm George K. Baum & Company by releasing copies of some customer records via ZeroBin. That information appears to include email addresses and account numbers for over 150 customers. Why hack that firm? Via Twitter, Anonymous claimed that the investment bank had ties to private intelligence firm Strategic Forecasting Inc., better known as Stratfor, which was reportedly hacked in 2011 by members of LulzSec and Anonymous. Authorities have accused alleged LulzSec participant Jeremy Hammond of masterminding the Stratfor hack, among other crimes. If convicted of all charges, Hammond faces life in prison. Anonymous also defaced the George K. Burn website, uploading a page that read: "We also know about your finances here Government of the United States ... Are u sure you want to continue this game?" The page was removed from the website by Tuesday.

Of course, Anonymous isn't the only hacktivist group with designs on American institutions. Notably, the Izz ad-Din al-Qassam Cyber Fighters have also threatened to resume their campaign of U.S. banking website disruptions. "We had warned formerly in the event that the offensive films wouldn't remove, we will be forced to resume Operation Ababil," said a Pastebin post uploaded Tuesday.

The Muslim group's distributed denial-of-service (DDoS) attacks against banks were launched last year, supposedly in retaliation for the uploading to YouTube of a copy of a film that mocks the founder of Islam. To date, various copies of the film have amassed tens of millions of hits on YouTube, although the originally uploaded film was removed from the site last month, apparently by the filmmaker. At the time, the al-Qassam Cyber Fighters claimed partial victory in their campaign to rid the Internet of the film, but said it was still holding the U.S. government responsible for excising the other copies.

The group repeated those demands in its Tuesday missive. "We now warn you seriously that remove the copies of the film and don't make much more trouble for yourselves and online users of the banks, there is not much time remaining," it said.

Offensive cybersecurity is a tempting prospect. It's also way too early to go there. Here's what to do instead. Also in the new, all-digital Nuclear Option issue of InformationWeek: Military agencies worldwide are figuring out the tactics and capabilities that will be critical in any future cyber war. (Free registration required.)

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Andrew Hornback
Andrew Hornback,
User Rank: Apprentice
2/21/2013 | 3:30:25 AM
re: Anonymous Takes On State Department, More Banks
Maybe the DoD/DHS should consult with Mossad to see what they did when Anonymous threatened the Knesset? That seemed to work pretty well.

I'm also guessing that the IT staff at the US Sentencing Commission have learned a valuable, if not very hard, lesson here - backups are quite important.

Interesting juxtaposition in the story here, Anonymous (who proport to be all about Freedom of Speech), and the al-Qassam folks who are attacking banking institutions over someone unaffiliated with them utilizing their Freedom of Speech. Why don't these two organizations go after one another, since they're evidently diametrically opposed to one another, and leave the rest of us out of it?

Andrew Hornback
InformationWeek Contributor
User Rank: Apprentice
2/20/2013 | 3:08:05 PM
re: Anonymous Takes On State Department, More Banks
An interesting way to celebrate Presidents' Day.

I bought socks, as our founding fathers intended.

Jim Donahue
Copy Chief
Deirdre Blake
Deirdre Blake,
User Rank: Apprentice
2/19/2013 | 9:24:20 PM
re: Anonymous Takes On State Department, More Banks
Anonymous is not going away.This latest hack is relatively benign, but the egg on the face of the feds is getting pretty thick.
8 Ways Hackers Monetize Stolen Data
Steve Zurier, Freelance Writer,  4/17/2018
Securing Social Media: National Safety, Privacy Concerns
Kelly Sheridan, Staff Editor, Dark Reading,  4/19/2018
Firms More Likely to Tempt Security Pros With Big Salaries than Invest in Training
Sara Peters, Senior Editor at Dark Reading,  4/19/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.