Vulnerabilities / Threats
3/15/2016
03:35 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Anonymous To Launch Cyberattacks Against Trump Campaign Starting April 1

Planned attacks a response to candidate's controversial campaign rhetoric, hacking collective says.

In a reprise of numerous similar campaigns from the past, the Anonymous hacktivist collective has announced plans to disrupt Donald Trump’s presidential campaign by launching cyberattacks on websites associated with the controversial candidate, starting April 1.

In a message on Anonymous’ YouTube channel, an individual purporting to a be spokesman for the collective urged those aligned with its cause to shut down Trump campaign websites and to “expose what he doesn’t want the public to know.”

The spokesman, wearing the group’s signature Guy Fawkes mask, described the planned attacks as a response to Trump’s “appalling actions and ideas” in running his presidential campaign. “We need to dismantle his campaign and sabotage his brand,” the masked spokesman exhorted viewers.

The Trump attack announcement, with its usual colorful rhetoric, has raised some predictable questions about whether Anonymous is really capable any longer of mustering the support needed to launch a disruptive cyber campaign against the leading Republican presidential candidate.

Rene Paap, security evangelist at A10 Networks says the Trump campaign appears to have foreseen the threat and protected its domain by using a Content Delivery Network (CDN) service.

“A CDN provides an extra caching layer in-between the content of a website and the client browser. It is a large network with many points of presence around the world, aimed to redirect a browser to the nearest location where cached content is served,” says Paap. “For Anonymous to break through this is going to be difficult, as the CDN anticipates DDoS attacks,” he says.

Anonymous and its collection of loosely affiliated followers around the world have pulled off several high-profile hacktivist campaigns in the past. Among the examples that Anonymous itself touts are a 2008 campaign against the Church of Scientology, in which it crashed the church’s website; Operation Darknet, in which it exposed IP addresses of nearly 200 alleged pedophiles; and its release of an incriminating video in a 2012 case involving a sexual assault on a high school girl in Steubenville, Ohio.

Following last year’s terrorist attacks on France’s satirical newspaper Charlie Hebdo, Anonymous launched a campaign to expose and disrupt websites spreading jihadist propaganda and, more recently, it has committed to doing the same to ISIS-affiliated websites. Soon after launching the campaign last February, Anonymous claimed it had succeeded in taking down over 1,000 sites and over 9,000 Twitter accounts affiliated with the terror group.

Whether or not Anonymous can replicate such campaigns in its planned attacks against Trump websites and online presence remains to be seen.

Regardless of how successful or not the planned attack is going to be, Anonymous’ call to attack the Trump campaign is another example of how the world of politics and cybersecurity are becoming increasingly intertwined.

The Internet -- social media, in particular -- has become a primary vehicle for candidates to communicate with voters, raise campaign awareness, target specific demographic, gauge voter sentiment, and solicit donations. But the growing use of these channels has given threat actors new ways to attack Internet users, security vendor Forcepoint had noted last year in its 2016 predictions report (registration required).

One of the dangers is that attackers will use email lures related to 2016 campaign issues to try and distribute malicious payloads to unsuspecting users. “Attackers frequently see large events as an opportunity to launch cyber-attacks on a curious population,” Forcepoint pointed out in its report. “Political campaigns, platforms and candidates present a huge opportunity to tailor highly effective lures.”

Another issue is the use of social media to misrepresent or to misdirect public perception of candidates and events related to the presidential campaign. As one example, the Forcepoint report pointed to a campaign by the Syrian Electronic Army (SEA) where hackers supporting the government of President Bashar al-Assad targeted and defaced sites belonging to rival groups.

Hackers affiliated with the same group also targeted the Facebook pages of former French President Nicolas Sarkozy and President Obama with spam messages supporting al-Assad, Forcepoint noted in its report. “The SEA also took over the Twitter accounts of legitimate news organizations, tweeting false news updates, creating uncertainty and alarm as the messages spread online before these accounts were again secured.”

Bob Hansmann, Forcepoint’s director of security analysis and strategy says that campaigns that want to mitigate such threats need to make cybersecurity a core part of their planning.  “A qualified CISO, as a ranking member of the campaign team, would be a game changer,” for the presidential candidates, Hansmann says in comments to Dark Reading.

“If a campaign team has one and, more importantly, if they listen to them, then the odds are in their favor,” he says. “They are likely less susceptible to an attack as well as more likely to maintain key operations in the face of a full or partially successful attack.” 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Daveer
50%
50%
Daveer,
User Rank: Apprentice
3/22/2016 | 9:45:17 AM
Re: victim victim who is the victim
How can you comment on the ultra liberal press and not also comment on the ultra conservative press and people do?  We need agencies that provide actual reporting, not picking and choosing the facts to give and hide.  I believe in the Bible, but when you pull out selected quotes, that book can look scary too. The device nature of "news' this days is terrible for the country.  But hey, it gets ratings and that gets money.

I am not sure people would vote for Berni or Trump if they took the time to learn all that they represent, but people are so fed up with what is going on they are willing to take a chance.  At least is might be different.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
3/20/2016 | 3:35:07 PM
Re: lol
Oh, right.  April 1 is April Fools' Day!  I get it now.  Duh!
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
3/18/2016 | 9:37:14 AM
"Google" lol
To be fair, admirable as the goal may be, I'm not especially sure I should be very impressed (from a technical perspective) by the group's work to bring down IS-related websites when IS seems like it clearly has little idea what it's doing on the cyber front.

Case in point: Their boasts about "taking down Google."  rt.com/news/334261-isis-hackers-down-google/
mgotts
100%
0%
mgotts,
User Rank: Apprentice
3/16/2016 | 12:47:56 PM
Anonymous misunderstands the enemy
They're dealing with a paranoid, authortiarian group that reacts to pretty much everything by circling the wagons and claiming they are under attack (these are typical, general characteristics, not specific to Trump).  They make up boogey men when there aren't any, so to actually attack Trump and openly claim to be doing it will only cause an increase in his and his followers' defense response.

What they are planning to do is illegal, anyway, and since they are "Anonymous" nobody can be sure the origin of the attacks, which might be from actors outside the US -- who are then meddling in an internal governmental process of another nation.  Ex KGB man and Trump's buddy, Putin, could not have thought of a better way to back him.

"dwightmlee":  Trump is judged by what he says, writes, and does.  The whole "liberal press" canard is baseless, just a transparent diversion tactic (again, demonstrating the classic authortiarian defensive posture).  Trump says and appears to be his own man, correct?  He doesn't need apologists and toadies to interpret his statements and actions, correct?  He claims, himself, that what he says is what he says -- and hasn't sought to correct himself.  Millions, including me, have watched him and heard him make statements straight from his own mouth.  Anybody who can't see him for the characterless, maniuplative, shallow goon that he is isn't looking -- and the press has nothing to do with it at all.

Not that the alternatives on the Democrat side are better.  They're not.  What a unbelievelby bad crop of candidates all around.

Oh, and Trump and his followers need to learn that they are in a political campaign, not some closed event that CEO Trump thinks he's in.  EVERY campaign gets picketed.  EVERY campaign gets hecklers. EVERY campaign gets protests.  The protests against Obama were ugly, nasty, often openly bigioted and -- as with Anonymous here -- only solidified Obama's followers' beliefs.  Trump will gain from this, not lose.  So if you're backing him <shudder>, you should just sit back and enjoy Anonymous' flawed plan.
DarkMatter69
100%
0%
DarkMatter69,
User Rank: Apprentice
3/16/2016 | 11:35:41 AM
Making us stronger, the silent majority...
Great - this will only strengthen my choice to vote for Trump. There's a reason he continues to win...the voters are sick of same old politics. As another post stated...you are insulting ME the voter who has a choice...he may not be your choice - WELCOME TO AMERICA (those of you who did it legally or are a citizen). The silent majority sees this sort of thing as illegal, not revealing.

Please add to our support, this announcement has only helped ;-)

 
PotMeetsKettle
100%
0%
PotMeetsKettle,
User Rank: Apprentice
3/16/2016 | 9:17:07 AM
I didn't know Anonymous was supporting Trump!
The pattern is "attack Trump; Trump grows stronger".  

 

So by attacking Trump, Anonymous will make him stronger.

 

Of course, April 1 IS April Fools Day....

 

 
hewenthatway
50%
50%
hewenthatway,
User Rank: Strategist
3/15/2016 | 6:43:41 PM
lol
"an individual purporting to a be spokesman for the collective"

"an individual purporting to be a spokesman for the collective"

 

the first couple paragraphs made me snicker tho.  don't worry tho trump, happy april fools!
JoeB348
100%
0%
JoeB348,
User Rank: Apprentice
3/15/2016 | 5:08:56 PM
Trump is a distraction
I can understand others thinking otherwise, but any other election and Hillary would seem blatantly unelectable due to her strong signs of corruption. She's the only presidential candidate to be under Federal investigation during an election (and parties pulling dirty tricks isn't a new thing, despite her claims that it is a ruse. Even if it is, no other president has been put into this position) and no other candidate has left office just before an election to collect private funds for speeches which would be illegal of she were in office or OFFICIALLY running for president (that's why the transcripts are important. If she mentions her bid for presidency in the speeches, it could spell trouble for her). Trump is a distraction. Any other election and Hillary's candidacy would be an outrage. You're falling for the dupe, Anon.
dwightmlee
100%
0%
dwightmlee,
User Rank: Apprentice
3/15/2016 | 4:10:30 PM
victim victim who is the victim
Stop blaming the candidate for the ultra-liberal press' (read NBC, CNN, New York Times, etc.) liberal scare tactics and the extreme left sending thugs to disrupt and cause trouble at otherwise peaceful rallies - because they believe only they – the left - have freedom of speech – nobody else. And what of us undecided moderates? Keep in mind we are watching – and deciding – against you perhaps, for your behavior. You are not hating Trump, you are hating the voters. Hating the voters does not change their minds – at least not in your favor.
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Why else would HR ask me if I have a handicap?"
Current Issue
The Changing Face of Identity Management
Mobility and cloud services are altering the concept of user identity. Here are some ways to keep up.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio

The cybersecurity profession struggles to retain women (figures range from 10 to 20 percent). It's particularly worrisome for an industry with a rapidly growing number of vacant positions.

So why does the shortage of women continue to be worse in security than in other IT sectors? How can men in infosec be better allies for women; and how can women be better allies for one another? What is the industry doing to fix the problem -- what's working, and what isn't?

Is this really a problem at all? Are the low numbers simply an indication that women do not want to be in cybersecurity, and is it possible that more women will never want to be in cybersecurity? How many women would we need to see in the industry to declare success?

Join Dark Reading senior editor Sara Peters and guests Angela Knox of Cloudmark, Barrett Sellers of Arbor Networks, Regina Wallace-Jones of Facebook, Steve Christey Coley of MITRE, and Chris Roosenraad of M3AAWG on Wednesday, July 13 at 1 p.m. Eastern Time to discuss all this and more.