Vulnerabilities / Threats
2/28/2013
10:16 AM

Anonymous: 10 Things We've Learned In 2013

The Anonymous hacker group continues to seek equal measures of revenge, justice and reform -- preferably through chaotic means -- for perceived wrongdoings.




Anonymous continues to evolve. After launching online attacks against the Church of Scientology in 2008, Anonymous gained renewed energy with distributed denial-of-service (DDoS) attacks in 2010 against PayPal, MasterCard and other organizations it accused of blockading financial payments to WikiLeaks.

Since then, the loosely organized and chaos-loving hacktivist collective has continued stealing and dumping -- doxing -- data from businesses, government agencies and individuals that the group's members disliked, gaining further notoriety with high-profile breaches of HBGary Federal, private intelligence firm Strategic Intelligence (better known as Stratfor), consumer electronics giant Sony and even an FBI transatlantic cybercrime coordination call. Along the way, a limelight-seeking spinoff, LulzSec, and subsequent re-merger in the form of Operation AntiSec, helped further burnish the Anonymous brand.

At least, that is, until authorities caught up with alleged key members, leading to multiple arrests and convictions. Worst of all for Anonymous supporters, court documents revealed that founding father and LulzSec leader Sabu -- real name: Hector Xavier Monsegur -- had been busted by the FBI in June 2011 and within a day of his arrest turned informant. In short order, U.S. and British authorities claimed to have collared the ringleaders of the attacks launched against not just Sony and Stratfor, but numerous police departments and businesses. Far from being a group without a leader, authorities said, the Anonymous and LulzSec attacks had been carried out by a few key people, typically by exploiting known vulnerabilities in websites.

But with the alleged ringleaders facing jail time, the Anonymous brand didn't seem to suffer. Notably, Anonymous groups in specific geographies, including Mexico, South America, France and beyond, began promoting a more local and overtly political agenda.

In the United States, meanwhile, the group appeared to gain new impetus in January 2013, after Internet activist Aaron Swartz committed suicide. The co-founder of Reddit had been facing a potential jail sentence of at least 35 years after being arrested in 2011 for illegally gaining access to the JSTOR academic database and downloading millions of articles that had been funded by the U.S. government, and which he planned to post for free. Ultimately, he never did so, and after he agreed to unspecified damages, as well as to delete all of the data he'd downloaded, officials at JSTOR considered the case to be closed. Federal prosecutors and the Massachusetts Institute of Technology, however, pressed ahead, ultimately charging Swartz -- who'd long suffered from depression -- with 13 felony violations.

In the wake of Swartz's death, Anonymous focused its efforts on reforming an issue already near and dear to many members' hearts: The 1986 Computer Fraud and Abuse Act (CFAA) law that's often used to prosecute hackers, and punishing anyone it felt was responsible for contributing to Swartz's death. Cue website defacements and takedowns.

Read on to catch up on the latest Anonymous developments.

Photo courtesy of Flickr user Edans.


Seeking justice over the handling of the case of Aaron Swartz, pictured here, Anonymous launched Operation Last Resort. As with every Anonymous operation, this one sports its own tagline, or at least raison d'être. "This tragedy is basis for reform of computer crime laws, and the overzealous prosecutors," reads the group's Twitter page.

Operation Last Resort, which has been calling for an overhaul of CFAA, has also made a number of moves to help keep its public campaign high profile. Notably, the group hacked MIT's website in a tribute to Swartz. It has also defaced or disrupted multiple websites, including that of the U.S. Sentencing Commission, which establishes sentencing policies and practices for the federal courts. The group also hid Asteroids games on targeted government websites, which if unlocked via an Easter egg, allow viewers to blast the site to pieces.

Photo courtesy of Creative Commons.

RECOMMENDED READING:

Anonymous Plays Games With U.S. Sites

Hacking, Privacy Laws: Time To Reboot

Anonymous Claims Wall Street Data Dump

Anonymous Takes On State Department, More Banks

Anonymous Says DDoS Attacks Like Free Speech

U.S. Bank Hack Attack Techniques Identified

Bank Attacker Iran Ties Questioned By Security Pros

Anonymous DDoS Attackers In Britain Sentenced


If Anonymous' exploits thrive on exploiting vulnerabilities in websites and databases, the group occasionally runs afoul of critics who apply the same techniques. Notably, the group this week saw its @Anon_Central Twitter account, which has 167,000 followers, compromised by the little known, rival hacktivist group Rustle League, the BBC reported. The hack placed the pro-Anonymous Twitter account in the dubious company of Burger King and Jeep, which had likewise had their Twitter feeds seized by unknown attackers.

"The reason Anonymous fell victim is probably human weakness," Graham Cluley, senior consultant at security firm Sophos, told the BBC. "Chances are that they followed poor password practices, like using the same password in multiple places or choosing a password that was easy to crack."

RECOMMENDED READING:

Anonymous Plays Games With U.S. Sites

Hacking, Privacy Laws: Time To Reboot

Anonymous Claims Wall Street Data Dump

Anonymous Takes On State Department, More Banks

Anonymous Says DDoS Attacks Like Free Speech

U.S. Bank Hack Attack Techniques Identified

Bank Attacker Iran Ties Questioned By Security Pros

Anonymous DDoS Attackers In Britain Sentenced


Largely, however, Anonymous stays on the offensive. Indeed, this week, Anonymous also announced that it had discovered a hacker-profiling operation being run by Bank of America (BoA).

"Has mummy ever said dont play with Anonymous???" read a subsequent release from Anonymous of what the group said was 320 MB of data amassed by Allegio Group subsidiary TEKsystems. In short order, Anonymous then released, via the Par:anoia website, what it said was "a total of 14 GB [of] data, code and software that is related to Bank of America, Bloomberg, Thomson Reuters, TEKSystems and ClearForest."

"It shows that Bank of America and others are contracting other companies to spy and collect information on private citizens," according to an overview published on that site.

"Looking at the data it becomes clear that Bank of America, TEKSystems and others ... gathered information on Anonymous and other activists' movement on various social media platforms and public Internet Relay Chat (IRC) channels," it said.

Despite the data dox, an Anonymous channel on Twitter promised that the attack was centered on revenge, rather than compromising customer data or committing identity theft. "No Bank of America customer information was viewed or published at any time," it said.

Photo courtesy of Flickr user Todd Blaisdell.

RECOMMENDED READING:

Anonymous Plays Games With U.S. Sites

Hacking, Privacy Laws: Time To Reboot

Anonymous Claims Wall Street Data Dump

Anonymous Takes On State Department, More Banks

Anonymous Says DDoS Attacks Like Free Speech

U.S. Bank Hack Attack Techniques Identified

Bank Attacker Iran Ties Questioned By Security Pros

Anonymous DDoS Attackers In Britain Sentenced


Of course, Anonymous isn't the only hacktivist collective with designs on U.S. banks. Notably, the Al Qassam Cyber Fighters this week issued an ultimatum, promising to restart their attacks against U.S. financial institutions unless all online copies of a film that mocks the founder of Islam get excised from the Internet.

"We, the Cyber Fighters of Izz ad-Din al-Qassam, had previously warned multiple times that, if the insulting movies not be removed from the Internet we will resume the Operation Ababil. But, in spite of all of the warnings this suitable opportunity was not used and the insulting films to the great prophet of Islam(pbuh) weren't removed from YouTube," it said. "On this basis and to warn and to show our seriousness for this, an attack string was carried out against some U.S. banks on Monday February 25, 2013 such as Bank of America, PNC, CapitalOne, Zions bank, 5/3, Unionbank, Comerica, Citizenbank, Peoples, UFCU, Patelco, and others."

Unless its demands were met, the group promised to resume full-scale attacks on March 5, 2013.

RECOMMENDED READING:

Anonymous Plays Games With U.S. Sites

Hacking, Privacy Laws: Time To Reboot

Anonymous Claims Wall Street Data Dump

Anonymous Takes On State Department, More Banks

Anonymous Says DDoS Attacks Like Free Speech

U.S. Bank Hack Attack Techniques Identified

Bank Attacker Iran Ties Questioned By Security Pros

Anonymous DDoS Attackers In Britain Sentenced


Under the flag of "Operation Last Resort," Anonymous announced in February 2013 that it had leaked credentials for 4,000 U.S. banking executives that had been obtained after hacking into a Federal Reserve System designed for contacting banks in the event of national emergencies or disasters.

For Presidents' Day, meanwhile, it had hacked into a U.S. State Department system, and doxed the agency by leaking what appeared to be work email addresses for more than 170 U.S. State Department employees. In a separate attack, Anonymous also said it had doxed the investment banking firm George K. Baum & Company, and released what appeared to be 150 customer records via ZeroBin.

RECOMMENDED READING:

Anonymous Plays Games With U.S. Sites

Hacking, Privacy Laws: Time To Reboot

Anonymous Claims Wall Street Data Dump

Anonymous Takes On State Department, More Banks

Anonymous Says DDoS Attacks Like Free Speech

U.S. Bank Hack Attack Techniques Identified

Bank Attacker Iran Ties Questioned By Security Pros

Anonymous DDoS Attackers In Britain Sentenced


In reaction to President Obama's recent executive order on cybersecurity and the reintroduction of CISPA legislation, Anonymous promised to interrupt Obama's State of the Union address.

"Anonymous has reached a verdict of no confidence in this executive order and the plans to reintroduce the CISPA bill to Congress on the same day," said a statement released by the group. "As such, President Obama and the State of the Union Address will be banished from the Internet for the duration of live delivery."

But as noted by IEEE's Spectrum, the group failed to disrupt the Internet stream of the President's State of the Union address.

Photograph courtesy of Flickr user Frederic Bisson.

RECOMMENDED READING:

Anonymous Plays Games With U.S. Sites

Hacking, Privacy Laws: Time To Reboot

Anonymous Claims Wall Street Data Dump

Anonymous Takes On State Department, More Banks

Anonymous Says DDoS Attacks Like Free Speech

U.S. Bank Hack Attack Techniques Identified

Bank Attacker Iran Ties Questioned By Security Pros

Anonymous DDoS Attackers In Britain Sentenced


After numerous sentencing postponements -- at the request of the FBI and Department of Justice -- Sabu, 29, was due to be sentenced at the end of February 2013. But that court date was again postponed, without apparent explanation.

But it turns out that the cause is simple: Sabu is continuing to help authorities. Indeed, according to court documents seen by Ars Tecnica, the sentencing hearing was postponed to Aug. 23, 2013 "in light of the defendant's ongoing co-operation with the government."

Sabu's continuing cooperation has led some to suggest that he might be let off with a suspended sentence, and without having to serve jail time.

RECOMMENDED READING:

Anonymous Plays Games With U.S. Sites

Hacking, Privacy Laws: Time To Reboot

Anonymous Claims Wall Street Data Dump

Anonymous Takes On State Department, More Banks

Anonymous Says DDoS Attacks Like Free Speech

U.S. Bank Hack Attack Techniques Identified

Bank Attacker Iran Ties Questioned By Security Pros

Anonymous DDoS Attackers In Britain Sentenced


The list of promised Anonymous operations that never panned out, such as a takedown of Facebook and Zynba, grew to include the threatened Valentine's Day website massacre of the Goldman Sachs website. The threat was reportedly triggered by Huw Pill, a chief economist at Goldman, suggesting that France lower its wages to increase workforce competition.

RECOMMENDED READING:

Anonymous Plays Games With U.S. Sites

Hacking, Privacy Laws: Time To Reboot

Anonymous Claims Wall Street Data Dump

Anonymous Takes On State Department, More Banks

Anonymous Says DDoS Attacks Like Free Speech

U.S. Bank Hack Attack Techniques Identified

Bank Attacker Iran Ties Questioned By Security Pros

Anonymous DDoS Attackers In Britain Sentenced


The efforts of Anonymous and other groups calling for government reforms in the wake of Swartz's death have already started to have an effect, with the White House now saying that more federally funded research must be released for free.

Notably, the White House Office of Science and Technology Policy (OSTP) announced this week that it has directed federal agencies that spend over $100 million annually "to develop plans to make the published results of federally funded research freely available to the public within one year of publication," according to a blog post by Michael Stebbins, assistant director for biotechnology at the OSTP.

"The final policy reflects substantial inputs from scientists and scientific organizations, publishers, members of Congress, and other members of the public -- over 65,000 of whom recently signed a We the People petition asking for expanded public access to the results of taxpayer-funded research," said the post.

Photo courtesy of Flickr user Poster Boy.

RECOMMENDED READING:

Anonymous Plays Games With U.S. Sites

Hacking, Privacy Laws: Time To Reboot

Anonymous Claims Wall Street Data Dump

Anonymous Takes On State Department, More Banks

Anonymous Says DDoS Attacks Like Free Speech

U.S. Bank Hack Attack Techniques Identified

Bank Attacker Iran Ties Questioned By Security Pros

Anonymous DDoS Attackers In Britain Sentenced

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
Michael Endler
50%
50%
Michael Endler,
User Rank: Apprentice
3/1/2013 | 12:20:31 AM
re: Anonymous: 10 Things We've Learned In 2013
Great slideshow. I'd actually missed the Rustle League story. I've always been interested by the shift from lulz to hacktivism. Far from just being DDOS attacks and data dumps, Anonymous has spilled over into real world politics in the Bay Area on several occasions-- the Oscar Grant BART protests, clear presence during the Occupy protests, etc. I've even found index card-sized flyers with their "Expect us" motto attached to street signs-- in the suburb-ish Outer Sunset of all places. With Anonymous ops, it's hard to know half the time if it's a single kid sending angry tweets in his room or a coordinate group of powerful hackers. But that's part of the reason it can be so fascinating-- such a uniquely Internet-borne concept.
- Michael Endler, IW Associate Editor
<<   <   Page 2 / 2
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-2849
Published: 2015-07-07
SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter.

CVE-2015-2850
Published: 2015-07-07
Cross-site scripting (XSS) vulnerability in index-login.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

CVE-2015-3216
Published: 2015-07-07
Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establi...

CVE-2014-3653
Published: 2015-07-06
Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template.

CVE-2014-5406
Published: 2015-07-06
The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings or medication data via packets on the (a) TELNET, (b) HTTP, (c) HTTPS, ...

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report