Attacks/Breaches
3/7/2012
01:01 PM
Connect Directly
RSS
E-Mail
50%
50%

What's Next For Anonymous After Sabu Arrest?

Members of the hacktivist collective have defaced websites, and taunted LulzSec leader Sabu for turning informer. But will he have company?

Anonymous: 10 Facts About The Hacktivist Group
Anonymous: 10 Facts About The Hacktivist Group
(click image for larger view and for slideshow)
After the Department of Justice Tuesday announced the arrest of 28-year-old Hector Xavier Monsegur, better known as LulzSec leader "Sabu," hacktivists responded quickly.

One of the first targets was antivirus vendor Panda Labs--which had helped authorities arrest 25 alleged Anonymous hackers last month--which saw its website defaced with an open statement, issued by the Anonymous and Lulzsec-offshoot group AntiSec, accompanied by a previously released LulzXmas video recapping the top exploits of Anonymous in 2011.

In the missive, AntiSec claimed to have built a back door into Panda's antivirus software. "Hello friends! pandasecurity.com, better known for its ... ANTIVIRUS WE HAVE BACKDOORED, has earning money working with Law Enforcement to lurk and snitch on anonymous activists," it read. "They helped to jail 25 anonymous in different countries and they were actively participating in our IRC channels trying to dox many others."

[ For more on the arrest, see LulzSec Sabu Arrest: Don't Relax Yet, IT. ]

AntiSec also released numerous employee access credentials, and said it had "owned" 35 different Panda websites. But Panda Labs technical director Luis Corrons said via Twitter that attackers had only accessed non-critical company websites. "It was only an external server with blogs and marketing sites."

According to a statement released by Panda, "On March 6th the hacking group LulzSec, part of Anonymous, obtained access to a Panda Security webserver hosted outside of the Panda Security internal network." (Despite that statement, the website defacement text said the attack had been conducted by AntiSec, although "DeathToSnitches" and "LulzSec" were mentioned in the heading.)

Panda said that only marketing-related data and outdated user credentials--from employees who'd left the company at least five years prior--were accessed, and that "the attack did not breach Panda Security's internal network and neither source code, update servers, nor customer data was accessed."

One targeted Panda marketing site had included a blog posted Tuesday with the title "Where is the lulz now?" that discussed the "really good news ... that LulzSec members have been arrested." As of press time, the company's blog and press pages, amongst other parts of its website, remained unreachable. According to a post made to the AnonymousIRC Twitter channel, "http://pandalabs.pandasecurity.com ... they're still locked out from their own servers."

Meanwhile, AntiSec Tuesday also announced that it had hacked the Delaware Correctional Officer's Forum website. It remained offline Wednesday.

In the wake of the apparent LulzSec takedown, what's next for Anonymous and its affiliates? "Anyone who trusted Sabu is going to be in a panic right now," Jennifer Emick, a former member of Anonymous who began working against it after it switched to attacking the U.S. government, told Reuters. "Hard drives are being deleted."

But although federal authorities might have arrested the alleged core members of LulzSec, other hacktivists appear to still be operating with abandon, and security experts have said that aside from the threat of being arrested, there's little to stop them from doing so.

In its Panda-delivered missive, for example, AntiSec sounded brazen, giving a shout-out to LulzSec and "Antisec fallen friends," taunting the FBI and other law enforcement organizations--"come at us bros ... we are waiting for you"--and including a somewhat poignant reference to Sabu, who authorities said had helped to put away five other hackers after he turned informant in June 2011. "As usually happens FBI menaced him to take his sons away we understand, but we were your family too (remember what you liked to say?). It's sad and we cant imagine how it feels having to look at the mirror each morning and see there the guy who shopped their friends to police," read the website defacement.

Accordingly, despite the LulzSec arrests, "the barrier to entry for imitators and at-large members of these groups to research, surveil and carry out attacks against cyber targets remains unacceptably low," said Nick Selby managing director of TRM Partners, on his Police-Led Intelligence blog.

"While this may be the end or a serious blow to the LulzSec crowd, groups of hackers intent on causing damage pre-date and will certainly post-date these events. Don't bet that attacks will stop"--or that many website and database administrators will take the time to properly lock down their systems, which would block these types of attacks.

Until that happens, expect ongoing hacktivist attacks, as well as efforts by law enforcement agencies to corral the worst offenders. Notably, authorities have said that Sabu isn't the only member of Anonymous who's turned informer.

Security concerns give many companies pause as they consider migrating portions of their IT operations to cloud-based services. But you can stay safe in the cloud. In our Cloud Security report, we explain the risks and guide you in setting appropriate cloud security policies, processes, and controls. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Bprince
50%
50%
Bprince,
User Rank: Ninja
3/15/2012 | 1:59:02 AM
re: What's Next For Anonymous After Sabu Arrest?
@readers: Do you think this will serve as a deterrent for some of the people who are not the core people orchestrating hacks but still participate in some of the DDoS attacks?
Brian Prince, InformationWeek/Dark Reading Comment Moderator
JBUDDEMEYER000
50%
50%
JBUDDEMEYER000,
User Rank: Apprentice
3/7/2012 | 10:59:44 PM
re: What's Next For Anonymous After Sabu Arrest?
unless you acquiesce to living in a totalitarian society the actions of groups like anonymous are imperative. the government is as fallible as the systems we have created. anonymous may not be "right" but they are "necessary" for society to continue to evolve.

sabu is simply a disgrace.

http://littlebiggy.org/4631847
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1544
Published: 2014-07-23
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger cer...

CVE-2014-1547
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1548
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1549
Published: 2014-07-23
The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and applica...

CVE-2014-1550
Published: 2014-07-23
Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio control-message ordering.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.