Vulnerabilities / Threats
2/28/2013
10:16 AM
50%
50%

Anonymous: 10 Things We've Learned In 2013

The Anonymous hacker group continues to seek equal measures of revenge, justice and reform -- preferably through chaotic means -- for perceived wrongdoings.
Previous
1 of 10
Next


Anonymous continues to evolve. After launching online attacks against the Church of Scientology in 2008, Anonymous gained renewed energy with distributed denial-of-service (DDoS) attacks in 2010 against PayPal, MasterCard and other organizations it accused of blockading financial payments to WikiLeaks.

Since then, the loosely organized and chaos-loving hacktivist collective has continued stealing and dumping -- doxing -- data from businesses, government agencies and individuals that the group's members disliked, gaining further notoriety with high-profile breaches of HBGary Federal, private intelligence firm Strategic Intelligence (better known as Stratfor), consumer electronics giant Sony and even an FBI transatlantic cybercrime coordination call. Along the way, a limelight-seeking spinoff, LulzSec, and subsequent re-merger in the form of Operation AntiSec, helped further burnish the Anonymous brand.

At least, that is, until authorities caught up with alleged key members, leading to multiple arrests and convictions. Worst of all for Anonymous supporters, court documents revealed that founding father and LulzSec leader Sabu -- real name: Hector Xavier Monsegur -- had been busted by the FBI in June 2011 and within a day of his arrest turned informant. In short order, U.S. and British authorities claimed to have collared the ringleaders of the attacks launched against not just Sony and Stratfor, but numerous police departments and businesses. Far from being a group without a leader, authorities said, the Anonymous and LulzSec attacks had been carried out by a few key people, typically by exploiting known vulnerabilities in websites.

But with the alleged ringleaders facing jail time, the Anonymous brand didn't seem to suffer. Notably, Anonymous groups in specific geographies, including Mexico, South America, France and beyond, began promoting a more local and overtly political agenda.

In the United States, meanwhile, the group appeared to gain new impetus in January 2013, after Internet activist Aaron Swartz committed suicide. The co-founder of Reddit had been facing a potential jail sentence of at least 35 years after being arrested in 2011 for illegally gaining access to the JSTOR academic database and downloading millions of articles that had been funded by the U.S. government, and which he planned to post for free. Ultimately, he never did so, and after he agreed to unspecified damages, as well as to delete all of the data he'd downloaded, officials at JSTOR considered the case to be closed. Federal prosecutors and the Massachusetts Institute of Technology, however, pressed ahead, ultimately charging Swartz -- who'd long suffered from depression -- with 13 felony violations.

In the wake of Swartz's death, Anonymous focused its efforts on reforming an issue already near and dear to many members' hearts: The 1986 Computer Fraud and Abuse Act (CFAA) law that's often used to prosecute hackers, and punishing anyone it felt was responsible for contributing to Swartz's death. Cue website defacements and takedowns.

Read on to catch up on the latest Anonymous developments.

Photo courtesy of Flickr user Edans.

Previous
1 of 10
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
Michael Endler
50%
50%
Michael Endler,
User Rank: Apprentice
3/1/2013 | 12:20:31 AM
re: Anonymous: 10 Things We've Learned In 2013
Great slideshow. I'd actually missed the Rustle League story. I've always been interested by the shift from lulz to hacktivism. Far from just being DDOS attacks and data dumps, Anonymous has spilled over into real world politics in the Bay Area on several occasions-- the Oscar Grant BART protests, clear presence during the Occupy protests, etc. I've even found index card-sized flyers with their "Expect us" motto attached to street signs-- in the suburb-ish Outer Sunset of all places. With Anonymous ops, it's hard to know half the time if it's a single kid sending angry tweets in his room or a coordinate group of powerful hackers. But that's part of the reason it can be so fascinating-- such a uniquely Internet-borne concept.
- Michael Endler, IW Associate Editor
<<   <   Page 2 / 2
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: just wondering...Thanx
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.