Attacks/Breaches
7/12/2011
01:33 PM
Fritz Nelson
Fritz Nelson
Commentary
Connect Directly
Facebook
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Antisec Attacks An Urgent Wake-Up: InformationWeek Now

It's difficult to gauge the ethos of these next generation hackers. If I could summarize, it's this: Punish.

Almost a month ago I was talking with Jerry Johnson, the CIO of Pacific Northwest National Laboratory (PNNL), which provides cyber security research for a variety of government agencies and many in the intelligence community. A friend and advisor to InformationWeek, he had reached out to talk about recent attacks on everyone from RSA to Lockheed-Martin--and specifically about some of his concerns regarding advanced persistent threats (APTs).

Our chat seems almost ominous now, given last week's attack on PNNL, and another wave of breaches culminating, for now at least, with yesterday's Monday Military Meltdown, so dubbed by the brash Antisec, whose mottos include "disclose nothing," "destroy everything," and "hide your mother" (OK, that last one was my own).

Johnson said that his biggest concern had become remote and home workers, accessing systems on the network, logging in over a variety of wireless connections, sometimes with malware running, and watching everything those users do. He didn't mention new attack vectors, like tablets, but the inherent insecurity of mobile devices, combined with recent vulnerabilities are causing security practitioners and IT pros some big headaches. Johnson said that recent NSA advisories urged that the threats have been understated. He seemed on high alert, and said that PNNL had some interesting new tools on hand.

Perhaps those tools helped PNNL shut down most of its network and servers; for now, the company isn't saying who it suspects, nor the nature of the attack, other than that is was not--as some reported--a spearphishing attack, but an APT, and that it exploited a zero-day vulnerability in a vendor's product, which has now been patched. Johnson said that PNNL is gradually turning some of its services back on, but it is being extremely cautious, given the sophistication of hackers, and the massive amounts of communications PNNL conducts ("we are capable of streaming tens of billions of bits of information per second," the organization said in a Q&A).

PNNL is operated under contract with the US Energy Department, and it works on some fairly critical issues, like reducing our dependence on imported oil and coming up with new energy solutions; in other words, its work and its data are vital to national security. And that is what is most concerning.

Last week attackers breached servers at FBI contractor IRC Federal, unveiling all sorts of damaging loot. That attack used SQL injection. Yesterday, the same group claimed to have obtained the email addresses and passwords of 90,000 military personnel after compromising systems of defense contractor, Booz Allen Hamilton.

Years ago, a well-respected security research who is now with a CIA outfit told me that it wouldn't be long before attackers shorted a stock and then took down a site. This might be a stretch, but in its report on the Booz Allen compromise yesterday, The Wall Street Journal said that the company's shares fell 2.3%. I raise this because it is difficult sometimes to gauge the ethos of this new era of hacker. If I could summarize it in one word, it would be: Punish.

In the so-called 50 days of LulzSec existence, the company claimed to target corruption, but sometimes just to target companies because they could, or, in some cases, just because someone asked, like the five-year-old who asks his big brother to come down to the playground and knock around the bully. They reveled (indeed, revel still) in the thrill of anarchy (their words) and entertainment. If their actions weren't so damaging, it might be tempting to find them entertaining. Their posts and tweets were creative writing, including the liberties they took with grammar.

I can't remember where LulzSec started and Anonymous ended, or LulzSec began again with Anonymous, or what the relationship between those two is now, or might be with Antisec. Nor can I discern any differentiation in mottos or actions. Reading the prelude to Antisec's data dump on The Pirate Bay gives no further clues, but once again, it makes for good reading. In hailing their capture, Antisec says of Booz Allen: ". . . in this line of work you'd expect them to sail the seven proxseas with a state-of-the-art battleship, right? Well you may be as surprised as we were when we found their vessel being a puny wooden barge." The post goes onto blast the defense contractor, shining a light on potential conflicts of interest and secret work Antisec alleges the company has done in an effort to spy on U.S. citizens.

It's fruitless to engage in a debate about whether the casualties of Antisec's war (the exposure of private information of innocent, everyday folks) are worth revealing the dirty details of the usual suspects of hypocrisy and duplicity--which exist in all walks of life and in nearly every industry. But the real debate that should be taking place inside organizations everywhere is what steps can be taken to ensure that these thrill seekers can't easily target your organization. That's what Johnson was telling me before PNNL was so rudely interrupted.

There's plenty of information about how to prevent vulnerabilities like SQL Injection attacks, and what some of the likely vulnerabilities are, including government databases. My colleague Kelly Jackson Higgins recently published a multi-faceted list of tips that could help thwart attackers.

Fritz Nelson is the editorial director for InformationWeek and the Executive Producer of TechWebTV. Fritz writes about startups and established companies alike, but likes to exploit multiple forms of media into his writing.

Follow Fritz Nelson and InformationWeek on Twitter, Facebook, YouTube and LinkedIn:

Twitter @fnelson @InformationWeek @IWpremium

Facebook Fritz Nelson Facebook Page InformationWeek Facebook Page

YouTube TechWebTV

LinkedIn Fritz Nelson on LinkedIn InformationWeek

A service catalog is pivotal in moving IT from an unresponsive mass of corporate overhead to an agile business partner. In this report, we chart the new service-oriented IT landscape and provide a guide to the key components: service catalogs, cost and pricing models, and financial systems integration. Read our report now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: " I think Google Doodle is getting a little out of control"
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] Assessing Cybersecurity Risk
[Strategic Security Report] Assessing Cybersecurity Risk
As cyber attackers become more sophisticated and enterprise defenses become more complex, many enterprises are faced with a complicated question: what is the risk of an IT security breach? This report delivers insight on how today's enterprises evaluate the risks they face. This report also offers a look at security professionals' concerns about a wide variety of threats, including cloud security, mobile security, and the Internet of Things.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.