Vulnerabilities / Threats
2/28/2013
10:16 AM
Connect Directly
RSS
E-Mail
50%
50%

Anonymous: 10 Things We've Learned In 2013

The Anonymous hacker group continues to seek equal measures of revenge, justice and reform -- preferably through chaotic means -- for perceived wrongdoings.
Previous
1 of 10
Next


Anonymous continues to evolve. After launching online attacks against the Church of Scientology in 2008, Anonymous gained renewed energy with distributed denial-of-service (DDoS) attacks in 2010 against PayPal, MasterCard and other organizations it accused of blockading financial payments to WikiLeaks.

Since then, the loosely organized and chaos-loving hacktivist collective has continued stealing and dumping -- doxing -- data from businesses, government agencies and individuals that the group's members disliked, gaining further notoriety with high-profile breaches of HBGary Federal, private intelligence firm Strategic Intelligence (better known as Stratfor), consumer electronics giant Sony and even an FBI transatlantic cybercrime coordination call. Along the way, a limelight-seeking spinoff, LulzSec, and subsequent re-merger in the form of Operation AntiSec, helped further burnish the Anonymous brand.

At least, that is, until authorities caught up with alleged key members, leading to multiple arrests and convictions. Worst of all for Anonymous supporters, court documents revealed that founding father and LulzSec leader Sabu -- real name: Hector Xavier Monsegur -- had been busted by the FBI in June 2011 and within a day of his arrest turned informant. In short order, U.S. and British authorities claimed to have collared the ringleaders of the attacks launched against not just Sony and Stratfor, but numerous police departments and businesses. Far from being a group without a leader, authorities said, the Anonymous and LulzSec attacks had been carried out by a few key people, typically by exploiting known vulnerabilities in websites.

But with the alleged ringleaders facing jail time, the Anonymous brand didn't seem to suffer. Notably, Anonymous groups in specific geographies, including Mexico, South America, France and beyond, began promoting a more local and overtly political agenda.

In the United States, meanwhile, the group appeared to gain new impetus in January 2013, after Internet activist Aaron Swartz committed suicide. The co-founder of Reddit had been facing a potential jail sentence of at least 35 years after being arrested in 2011 for illegally gaining access to the JSTOR academic database and downloading millions of articles that had been funded by the U.S. government, and which he planned to post for free. Ultimately, he never did so, and after he agreed to unspecified damages, as well as to delete all of the data he'd downloaded, officials at JSTOR considered the case to be closed. Federal prosecutors and the Massachusetts Institute of Technology, however, pressed ahead, ultimately charging Swartz -- who'd long suffered from depression -- with 13 felony violations.

In the wake of Swartz's death, Anonymous focused its efforts on reforming an issue already near and dear to many members' hearts: The 1986 Computer Fraud and Abuse Act (CFAA) law that's often used to prosecute hackers, and punishing anyone it felt was responsible for contributing to Swartz's death. Cue website defacements and takedowns.

Read on to catch up on the latest Anonymous developments.

Photo courtesy of Flickr user Edans.

Previous
1 of 10
Next
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Michael Endler
50%
50%
Michael Endler,
User Rank: Apprentice
3/1/2013 | 12:20:31 AM
re: Anonymous: 10 Things We've Learned In 2013
Great slideshow. I'd actually missed the Rustle League story. I've always been interested by the shift from lulz to hacktivism. Far from just being DDOS attacks and data dumps, Anonymous has spilled over into real world politics in the Bay Area on several occasions-- the Oscar Grant BART protests, clear presence during the Occupy protests, etc. I've even found index card-sized flyers with their "Expect us" motto attached to street signs-- in the suburb-ish Outer Sunset of all places. With Anonymous ops, it's hard to know half the time if it's a single kid sending angry tweets in his room or a coordinate group of powerful hackers. But that's part of the reason it can be so fascinating-- such a uniquely Internet-borne concept.
- Michael Endler, IW Associate Editor
Leo Regulus
50%
50%
Leo Regulus,
User Rank: Apprentice
3/3/2013 | 8:54:42 PM
re: Anonymous: 10 Things We've Learned In 2013
Information Week only had one important New Year's Resolution this year. '"No Slide Show Articles with out a prominent 'View-as-one-page' link." How's that working out for you so far?
Jonathan_Camhi
50%
50%
Jonathan_Camhi,
User Rank: Apprentice
3/5/2013 | 9:47:33 PM
re: Anonymous: 10 Things We've Learned In 2013
I hadn't heard of this Rustle League incident before. Hackers hacking hackers. I wonder if all of the news surrounding hacking and cybercrime lately could put a big enough dent in people's trust in the internet to actually change people's behavior. Will people start taking their individual online security more seriously? Personally, I doubt it. I feel like we have already developed a sort of blind trust in the internet because it makes our lives so convenient that we don't even want to consider what would happen if our online credentials were compromised.
PJS880
50%
50%
PJS880,
User Rank: Ninja
3/14/2013 | 11:12:35 PM
re: Anonymous: 10 Things We've Learned In 2013
Great article but I have to agree with Leo, I dislike reading these articles for that reason alone. All though the topics are of interest, I donGÇÖt have the patience. I also have to disagree with Jonathan on his views on people and their awareness about their online security. I believe because of all the attacks and breeches and the general publicGÇÖs knowledge is constantly increasing, which was the exact opposite in the past.

Paul Sprague
InformationWeek Contributor
majenkins
50%
50%
majenkins,
User Rank: Apprentice
4/24/2013 | 5:10:14 PM
re: Anonymous: 10 Things We've Learned In 2013
Revenge yes, justice only their own eyes, and reform only to remake the world to comform their ideas.
EslamP248
50%
50%
EslamP248,
User Rank: Apprentice
8/15/2013 | 10:14:14 PM
re: Anonymous: 10 Things We've Learned In 2013
facebook
EslamP248
50%
50%
EslamP248,
User Rank: Apprentice
8/15/2013 | 10:36:30 PM
re: Anonymous: 10 Things We've Learned In 2013
eslampop
EslamP248
50%
50%
EslamP248,
User Rank: Apprentice
8/15/2013 | 10:36:39 PM
re: Anonymous: 10 Things We've Learned In 2013
eslampop785
EslamP248
50%
50%
EslamP248,
User Rank: Apprentice
8/15/2013 | 10:38:11 PM
re: Anonymous: 10 Things We've Learned In 2013
my friends
EslamP248
50%
50%
EslamP248,
User Rank: Apprentice
8/15/2013 | 10:38:29 PM
re: Anonymous: 10 Things We've Learned In 2013
top covere pix
EslamP248
50%
50%
EslamP248,
User Rank: Apprentice
8/15/2013 | 10:38:40 PM
re: Anonymous: 10 Things We've Learned In 2013
eslamp 248
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5619
Published: 2014-09-29
The Sleuth Kit (TSK) 4.0.1 does not properly handle "." (dotfile) file system entries in FAT file systems and other file systems for which . is not a reserved name, which allows local users to hide activities it more difficult to conduct forensics activities, as demonstrated by Flame.

CVE-2012-5621
Published: 2014-09-29
lib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0 allows remote attackers to cause a denial of service (crash) via an OPAL connection with a party name that contains invalid UTF-8 strings.

CVE-2012-6107
Published: 2014-09-29
Apache Axis2/C does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

CVE-2012-6110
Published: 2014-09-29
bcron-exec in bcron before 0.10 does not close file descriptors associated with temporary files when running a cron job, which allows local users to modify job files and send spam messages by accessing an open file descriptor.

CVE-2013-1874
Published: 2014-09-29
Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
In our next Dark Reading Radio broadcast, we’ll take a close look at some of the latest research and practices in application security.