Attacks/Breaches
2/19/2013
11:37 AM
Connect Directly
RSS
E-Mail
50%
50%

Anonymous Takes On State Department, More Banks

Hacktivist group says it will release work email addresses for more than 170 U.S. State Department employees in fifth round of Operation Last Resort attacks.

Who Is Hacking U.S. Banks? 8 Facts
Who Is Hacking U.S. Banks? 8 Facts
(click image for larger view and for slideshow)
The Anonymous hacktivist collective announced that for Presidents' Day, it hacked the U.S. State Department.

Under the flag of "Operation Last Resort," the group Monday claimed "we still have our warheads armed" and announced that for "round five" in its attack campaign, it was releasing information gleaned from a State Department database. The data dump -- or dox -- appeared to include work email addresses for over 170 U.S. State Department employees, as well as some biographical details, and to have been pulled from a database entitled "test_hrwg_careers_usa_ctc_com."

"Our reasons for this attack are very simple. You've imprisoned or either censored our people. We will not tolerate things as such," according to a message included in the Anonymous data dump. "Aaron Swartz this is for you, this is for Operation Last Resort," it said.

[ Want more on Anonynous? Read Anonymous Says DDoS Attacks Like Free Speech. ]

A spokesman for the State Department didn't immediately return a call seeking a request for comment about the assertion by Anonymous that it had hacked into and released data from one of the agency's databases.

The Anonymous Operation Last Resort campaign was launched in the wake of the suicide of Internet activist Aaron Swartz, who had long suffered from depression, and who was facing a 35-year jail sentence after being arrested in 2011 on hacking charges. Those charges stemmed from Swartz allegedly downloading millions of articles from the JSTOR academic database, in part via a Massachusetts Institute of Technology server closet. In the wake of Swartz's death, many legal experts -- as well as Anonymous -- have called for a reform of the country's computer hacking laws.

As noted by Operation Last Resort, the State Department dox was the fifth round of its attacks made in Swartz's memory. For those keeping score, the group executed three rounds of hacks against U.S. government websites and databases, as well as other entities involved in Swartz's case. That included leaking credentials for 4,000 U.S. banking executives that had been obtained from the Federal Reserve System, hacking and defacing the U.S. Sentencing Commission website, and hacking MIT. The group appeared to fail in its fourth bid, however, which was to interrupt the live stream of President Obama's State of the Union address last week.

Are the Anonymous attacks just publicity for the reform of computer crime laws that the group has been demanding? In fact, the attacks appear to have been more damaging than simple defacements or database dumps. Indeed, more than a month after Anonymous launched its attack against the U.S. Sentencing Commission's website, the site appears to remain hobbled, and features only a single "under construction" page, which displays key agency phone numbers, a "save the date" note for a national training seminar, and a link to an external U.S. government website for comment on "Federal Register Notice of Proposed 2013 Amendments to Federal Sentencing Guidelines and Request for Public Comment."

Furthermore, when the agency needed to distribute a major new report on federal sentencing practices that stretched to thousands of pages, it had to find someone else to distribute the report online, reported The Wall Street Journal. The agency reached out to Ohio State University law professor Douglas A. Berman, who posted it on his website.

"I would like to believe our government is functional enough to find some other way to get this out officially," Berman told the Journal. "I don't want to be the only reporter of record for all this material." Currently, however, the commission's single website page currently says that anyone inquiring into the report should contact the agency's office of public affairs, by telephone.

Anonymous, in a separate effort, also claimed Monday to have doxed the investment banking firm George K. Baum & Company by releasing copies of some customer records via ZeroBin. That information appears to include email addresses and account numbers for over 150 customers. Why hack that firm? Via Twitter, Anonymous claimed that the investment bank had ties to private intelligence firm Strategic Forecasting Inc., better known as Stratfor, which was reportedly hacked in 2011 by members of LulzSec and Anonymous. Authorities have accused alleged LulzSec participant Jeremy Hammond of masterminding the Stratfor hack, among other crimes. If convicted of all charges, Hammond faces life in prison. Anonymous also defaced the George K. Burn website, uploading a page that read: "We also know about your finances here Government of the United States ... Are u sure you want to continue this game?" The page was removed from the website by Tuesday.

Of course, Anonymous isn't the only hacktivist group with designs on American institutions. Notably, the Izz ad-Din al-Qassam Cyber Fighters have also threatened to resume their campaign of U.S. banking website disruptions. "We had warned formerly in the event that the offensive films wouldn't remove, we will be forced to resume Operation Ababil," said a Pastebin post uploaded Tuesday.

The Muslim group's distributed denial-of-service (DDoS) attacks against banks were launched last year, supposedly in retaliation for the uploading to YouTube of a copy of a film that mocks the founder of Islam. To date, various copies of the film have amassed tens of millions of hits on YouTube, although the originally uploaded film was removed from the site last month, apparently by the filmmaker. At the time, the al-Qassam Cyber Fighters claimed partial victory in their campaign to rid the Internet of the film, but said it was still holding the U.S. government responsible for excising the other copies.

The group repeated those demands in its Tuesday missive. "We now warn you seriously that remove the copies of the film and don't make much more trouble for yourselves and online users of the banks, there is not much time remaining," it said.

Offensive cybersecurity is a tempting prospect. It's also way too early to go there. Here's what to do instead. Also in the new, all-digital Nuclear Option issue of InformationWeek: Military agencies worldwide are figuring out the tactics and capabilities that will be critical in any future cyber war. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Andrew Hornback
50%
50%
Andrew Hornback,
User Rank: Apprentice
2/21/2013 | 3:30:25 AM
re: Anonymous Takes On State Department, More Banks
Maybe the DoD/DHS should consult with Mossad to see what they did when Anonymous threatened the Knesset? That seemed to work pretty well.

I'm also guessing that the IT staff at the US Sentencing Commission have learned a valuable, if not very hard, lesson here - backups are quite important.

Interesting juxtaposition in the story here, Anonymous (who proport to be all about Freedom of Speech), and the al-Qassam folks who are attacking banking institutions over someone unaffiliated with them utilizing their Freedom of Speech. Why don't these two organizations go after one another, since they're evidently diametrically opposed to one another, and leave the rest of us out of it?

Andrew Hornback
InformationWeek Contributor
OtherJimDonahue
50%
50%
OtherJimDonahue,
User Rank: Apprentice
2/20/2013 | 3:08:05 PM
re: Anonymous Takes On State Department, More Banks
An interesting way to celebrate Presidents' Day.

I bought socks, as our founding fathers intended.

Jim Donahue
Copy Chief
InformationWeek
Deirdre Blake
50%
50%
Deirdre Blake,
User Rank: Apprentice
2/19/2013 | 9:24:20 PM
re: Anonymous Takes On State Department, More Banks
Anonymous is not going away.This latest hack is relatively benign, but the egg on the face of the feds is getting pretty thick.
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0619
Published: 2014-10-23
Untrusted search path vulnerability in Hamster Free ZIP Archiver 2.0.1.7 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the current working directory.

CVE-2014-2230
Published: 2014-10-23
Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php.

CVE-2014-7281
Published: 2014-10-23
Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot.

CVE-2014-7292
Published: 2014-10-23
Open redirect vulnerability in the Click-Through feature in Newtelligence dasBlog 2.1 (2.1.8102.813), 2.2 (2.2.8279.16125), and 2.3 (2.3.9074.18820) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to ct.ashx.

CVE-2014-8071
Published: 2014-10-23
Multiple cross-site scripting (XSS) vulnerabilities in OpenMRS 2.1 Standalone Edition allow remote attackers to inject arbitrary web script or HTML via the (1) givenName, (2) familyName, (3) address1, or (4) address2 parameter to registrationapp/registerPatient.page; the (5) comment parameter to all...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.