Attacks/Breaches
11/5/2012
11:39 AM
Connect Directly
RSS
E-Mail
50%
50%

Anonymous Threatens Zynga, Facebook Takedowns

Hacktivist collective plans Guy Fawkes Day protest over purported internal Zynga documents that reveal plans to lay off another 1,000 later this month.

Who Is Anonymous: 10 Key Facts
Who Is Anonymous: 10 Key Facts
(click image for larger view and for slideshow)
"Remember, remember the fifth of November." So goes the nursery rhyme, referring to the failed 1605 plot involving Guy Fawkes, who hoped to blow up the Houses of Parliament in England and restore a Catholic monarchy. Britain now annually burns Fawkes in effigy.

But the day also holds special meaning for the hacktivist collective Anonymous. Last week, notably, members of the group threatened to continue an online attack against the website of the beleaguered mobile game developer Zynga, as well as to release all of its games for free, as well as to take down Facebook, come Nov. 5, as part of what it dubbed Operation MaZynga.

"During the last few days anonymous has been targeting Zynga for the outrageous treatment of their employees and their actions against many developers," read a YouTube video uploaded by the group last week, which was quickly taken down for violating the site's "depiction of harmful activities" policies, reported Wired.

[ Read GoDaddy Outage: Anonymous Attack Or IT Failure?. ]

Zynga recently buried the news of its earnings results, as well as its layoff of 100 employees, by announcing it on the day that Apple announced its iPad Mini tablet.

According to the Anonymous statement, however, the group has obtained internal Zynga documents that show the firm is still planning to lay off 1,000 employees. "With a billion dollars cash sitting in a bank we do believe that such actions are an insult to the population and the behaviour of corporations like Zynga must change," said the statement, sporting the collective's de rigueur poor grammar. "Anonymous could not allow this to happen so it's starting to release confidential documents we have leaked on this plan. As we speak we are planning to release also all the games we've taken from their servers for free. That being said we will stop the idea of the distribution of such games if Zynga will cease immediately the plan."

Zynga didn't immediately respond to an emailed request for comment about whether the Anonymous allegations are true, or whether its site has recently been hit by distributed denial-of-service attacks.

Is the alleged plot against Zynga -- or for that matter, Facebook -- real? Last year, a supposed Anonymous operation to take down Facebook, also set for Nov. 5, was dismissed by other Anonymous channels as a hoax, as was a supposed virus campaign. Both purported operations came to nothing. Then again, the de facto leader of Anonymous, Sabu -- real name: Hector Xavier Monsegur -- had by then turned government informant, and might have been actively sabotaging any such efforts.

Verifying the authenticity of a post from an anonymous collective is inherently difficult. Compounding the challenge is the apparent move by other Anonymous factions to lay claim to this year's Nov. 5 agenda. For example, a Monday tweet from Anonymous Press read: "Preparing #OpVendetta Remember, remember 5th of November."

What's OpVendetta? According to a video statement posted to the Anonymous World Wide News blog, it's a planned march -- at 8 p.m. local time -- "on The Houses of Parliament peacefully and unarmed" that's meant to serve as "a warning to all governments worldwide that if they keep trying to censor, cut, imprison, or silence the free world or the free internet they will not be our governments for much longer. Change is coming."

The statement, attributed to the Anonymous "UK collective," demands a halt to a number of British-government-initiated "education, health and welfare cuts," and calls for the release of "activists held as political prisoners," including TVShack.net creator Richard O'Dwyer, WikiLeaks leader Julian Assange, the "PayPal 14," as well as alleged LulzSec participants Jeremy Hammond (a.k.a. Anarchaos) and Jake Davis (a.k.a. Topiary).

In other hacktivist-related news, over the weekend a number of NBC websites were defaced, including sites for Saturday Night Live and 30 Rock, with messages that reprinted the Guy Fawkes nursery rhyme. The defacements -- a hacker or group named "pyknic" claimed credit -- also said that user information and passwords were exposed, although didn't name the site from which they'd supposedly been obtained, or where they'd been leaked. Meanwhile, "pyknic" also claimed credit for the defacement of a Lady Gaga fan site, Gaga Daily.

Online retailers are stuck in a maze of e-business security and PCI compliance requirements. The new, all-digital special issue of Dark Reading gives you 10 Ways To Secure Web Data. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
markbyrn
50%
50%
markbyrn,
User Rank: Apprentice
11/30/2012 | 5:13:22 PM
re: Anonymous Threatens Zynga, Facebook Takedowns
This is another example of media ignorance as it pertains to Anonymous. Considering Anonymous was formed as a loose and decentralized collective to promote to Internet freedom as they defined it (anti-censorship, anti-surveillence, anti-digital piracy), not every hacktivist event should be attributed to Anonymous. In fact, many of these events are motivated purely by nationalist, ideological, and religious interests, and have nothing to do with Internet freedom - quite the opposite in fact. In the case of Anonymous going after Syria for pulling the Internet plug, that certainly falls under the banner of Anonymous. On the other hand, taking down Zynga over labor matters, taking down porn sites, or taking down Israeli websites to support Palestine are examples where attribution to Anonymous should be put in quotes. Those events are undertaken to promote nationalist or partisan causes, and actually undermine Internet freedom as opposed to promoting Internet freedom.
anon0x774
50%
50%
anon0x774,
User Rank: Apprentice
11/30/2012 | 1:37:01 PM
re: Anonymous Threatens Zynga, Facebook Takedowns
Your thinking is sound friend.

Here http://www.informationweek.com... you will be happy to read "...Anonymous expanded its focus, and backed by what appear to be numerous international chapters, has tackled everything from cartels in Mexico and child pornography file-sharing sites..."
Pashman
50%
50%
Pashman,
User Rank: Apprentice
11/6/2012 | 8:35:21 AM
re: Anonymous Threatens Zynga, Facebook Takedowns
You would think that these idiots could find better targets.
How about bringing down a drug cartel or two or can't they manage anything besides script kiddie stuff ?
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-4594
Published: 2014-10-25
The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does not restrict access by anonymous users, which allows remote anonymous users to use the payment of other anonymous users when submitting a form that requires payment.

CVE-2014-0476
Published: 2014-10-25
The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.

CVE-2014-1927
Published: 2014-10-25
The shell_quote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "$(" command-substitution sequences, a different vulnerability than CVE-2014-1928....

CVE-2014-1928
Published: 2014-10-25
The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "\" (backslash) characters to form multi-command sequences, a different vulner...

CVE-2014-1929
Published: 2014-10-25
python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to "option injection through positional arguments." NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.