01:33 PM
Fritz Nelson
Fritz Nelson
Connect Directly

Antisec Attacks An Urgent Wake-Up: InformationWeek Now

It's difficult to gauge the ethos of these next generation hackers. If I could summarize, it's this: Punish.

Almost a month ago I was talking with Jerry Johnson, the CIO of Pacific Northwest National Laboratory (PNNL), which provides cyber security research for a variety of government agencies and many in the intelligence community. A friend and advisor to InformationWeek, he had reached out to talk about recent attacks on everyone from RSA to Lockheed-Martin--and specifically about some of his concerns regarding advanced persistent threats (APTs).

Our chat seems almost ominous now, given last week's attack on PNNL, and another wave of breaches culminating, for now at least, with yesterday's Monday Military Meltdown, so dubbed by the brash Antisec, whose mottos include "disclose nothing," "destroy everything," and "hide your mother" (OK, that last one was my own).

Johnson said that his biggest concern had become remote and home workers, accessing systems on the network, logging in over a variety of wireless connections, sometimes with malware running, and watching everything those users do. He didn't mention new attack vectors, like tablets, but the inherent insecurity of mobile devices, combined with recent vulnerabilities are causing security practitioners and IT pros some big headaches. Johnson said that recent NSA advisories urged that the threats have been understated. He seemed on high alert, and said that PNNL had some interesting new tools on hand.

Perhaps those tools helped PNNL shut down most of its network and servers; for now, the company isn't saying who it suspects, nor the nature of the attack, other than that is was not--as some reported--a spearphishing attack, but an APT, and that it exploited a zero-day vulnerability in a vendor's product, which has now been patched. Johnson said that PNNL is gradually turning some of its services back on, but it is being extremely cautious, given the sophistication of hackers, and the massive amounts of communications PNNL conducts ("we are capable of streaming tens of billions of bits of information per second," the organization said in a Q&A).

PNNL is operated under contract with the US Energy Department, and it works on some fairly critical issues, like reducing our dependence on imported oil and coming up with new energy solutions; in other words, its work and its data are vital to national security. And that is what is most concerning.

Last week attackers breached servers at FBI contractor IRC Federal, unveiling all sorts of damaging loot. That attack used SQL injection. Yesterday, the same group claimed to have obtained the email addresses and passwords of 90,000 military personnel after compromising systems of defense contractor, Booz Allen Hamilton.

Years ago, a well-respected security research who is now with a CIA outfit told me that it wouldn't be long before attackers shorted a stock and then took down a site. This might be a stretch, but in its report on the Booz Allen compromise yesterday, The Wall Street Journal said that the company's shares fell 2.3%. I raise this because it is difficult sometimes to gauge the ethos of this new era of hacker. If I could summarize it in one word, it would be: Punish.

In the so-called 50 days of LulzSec existence, the company claimed to target corruption, but sometimes just to target companies because they could, or, in some cases, just because someone asked, like the five-year-old who asks his big brother to come down to the playground and knock around the bully. They reveled (indeed, revel still) in the thrill of anarchy (their words) and entertainment. If their actions weren't so damaging, it might be tempting to find them entertaining. Their posts and tweets were creative writing, including the liberties they took with grammar.

I can't remember where LulzSec started and Anonymous ended, or LulzSec began again with Anonymous, or what the relationship between those two is now, or might be with Antisec. Nor can I discern any differentiation in mottos or actions. Reading the prelude to Antisec's data dump on The Pirate Bay gives no further clues, but once again, it makes for good reading. In hailing their capture, Antisec says of Booz Allen: ". . . in this line of work you'd expect them to sail the seven proxseas with a state-of-the-art battleship, right? Well you may be as surprised as we were when we found their vessel being a puny wooden barge." The post goes onto blast the defense contractor, shining a light on potential conflicts of interest and secret work Antisec alleges the company has done in an effort to spy on U.S. citizens.

It's fruitless to engage in a debate about whether the casualties of Antisec's war (the exposure of private information of innocent, everyday folks) are worth revealing the dirty details of the usual suspects of hypocrisy and duplicity--which exist in all walks of life and in nearly every industry. But the real debate that should be taking place inside organizations everywhere is what steps can be taken to ensure that these thrill seekers can't easily target your organization. That's what Johnson was telling me before PNNL was so rudely interrupted.

There's plenty of information about how to prevent vulnerabilities like SQL Injection attacks, and what some of the likely vulnerabilities are, including government databases. My colleague Kelly Jackson Higgins recently published a multi-faceted list of tips that could help thwart attackers.

Fritz Nelson is the editorial director for InformationWeek and the Executive Producer of TechWebTV. Fritz writes about startups and established companies alike, but likes to exploit multiple forms of media into his writing.

Follow Fritz Nelson and InformationWeek on Twitter, Facebook, YouTube and LinkedIn:

Twitter @fnelson @InformationWeek @IWpremium

Facebook Fritz Nelson Facebook Page InformationWeek Facebook Page

YouTube TechWebTV

LinkedIn Fritz Nelson on LinkedIn InformationWeek

A service catalog is pivotal in moving IT from an unresponsive mass of corporate overhead to an agile business partner. In this report, we chart the new service-oriented IT landscape and provide a guide to the key components: service catalogs, cost and pricing models, and financial systems integration. Read our report now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Current Issue
5 Security Technologies to Watch in 2017
Emerging tools and services promise to make a difference this year. Are they on your company's list?
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.