In characteristic Anonymous fashion, the group announced its impending return Saturday via YouTube video. "Several days ago we decided to swiftly bring back our humble hacking group and set sail towards the Interwebz once again, much to the dismay of corrupt governments and corporations across the planet. It's ridiculous to believe that by arresting the six prime members of LulzSec that you've stopped us. You haven't stopped us, you have merely disrupted the active faction," the video said in a computer-generated British accent.
The group announced that it would officially resume attacks on April 1, 2012. The video continued, "Lulzsec will start targeting governments, corporations, agencies, and quite possibly the people watching this video. We are here for the lulz, the fame, the anarchy, and the people."
The announcement was previewed one day prior via the FawkesSecurity Twitter channel in a tweet that read, "Expect something BIG and rather Lulzworthy very soon. CIA, FBI, Interpol, you're all on teh (sic) list." Wednesday, meanwhile, tweets from the same Twitter channel promised that "Anonymous will target national infrastructure" and create a "global financial meltdown" as part of what's been dubbed "Project Mayhem."
[ Are your security practices robust enough to keep hackers out? Read more at Anonymous Hackers' Helper: IT Security Neglect. ]
Still, as with so many communications related to Anonymous or LulzSec, questions remain. For example, is the April 1 date for the group's resurgence just one big hoax, and do the people behind the previewed Anonymous attacks have anything at all to do with the core group? Furthermore, it's questionable whether anyone claiming to be part of the LulzSec reboot was directly involved in the group's prior activities. Then again, just as anyone can claim to be a member of Anonymous, so too can anyone continue with--or pick up from scratch--the LulzSec mantle.
Whoever's behind the new campaign should be careful. Notably, law enforcement agencies, especially the FBI and Britain's Serious Organized Crime Agency, began locking up alleged participants in LulzSec-led attacks not long after the group called it quits, and they’ve been making multiple waves of Anonymous-related arrests ever since the group first began targeting MasterCard and Paypal in late 2010.
Many of those arrests don't look so surprising in retrospect, given the announcement earlier this month that the bureau had managed to flip Hector Xavier Monsegur, aka LulzSec, and Anonymous leader Sabu. In fact, Monsegur apparently worked nonstop as an informer for federal authorities from his arrest in June 2011 until earlier this month, when the Department of Justice unsealed a number of indictments in federal court that revealed the role Sabu had played.
Another hurdle for would-be LulzSec and Anonymous members who participate in attacks will be keeping their identities hidden. Notably, the FBI apparently identified Monsegur because just once (or possibly twice) he failed to anonymize his Internet connection, using a VPN client or the Tor network, before connecting to an IRC channel.
In related news, another YouTube video produced by Anonymous and released Monday announced the launch of "Operation Imperva," in apparent retaliation for the security firm Imperva having released a report about a failed Anonymous attack launched against a Vatican website.
This time, it's apparently personal. As an electronic voice in the Anonymous video said, "A video posted on YouTube states that Imperva perceives a large majority of the Anonymous collective as, in their words, 'a legion of idiots.' Anonymous sees this as a direct verbal attack on the collective."
In fact, the quote referred to came not from Imperva but from Cole Stryker, an expert on the 4chan message boards from which Anonymous sprang. "Anonymous is a handful of geniuses surrounded by a legion of idiots," he told the New York Times. "You have four or five guys who really know what they're doing and are able to pull off some of the more serious hacks, and then thousands of people spreading the word, or turning their computers over to participate in a DDoS attack."
Attribution aside, Anonymous has pledged to make life difficult for Imperva. The video stated, "This is a message to the Imperva security firm: Although we do not see you as any form of threat, we have concluded that your interest in us may become a mild nuisance in the future, therefore you yourself will now become a target."
Most external hacks of databases occur because of flaws in Web applications that link to those databases. In this report, Protecting Databases From Web Applications, we'll discuss how security teams, database administrators, and application developers can work together to improve the defenses of both front-end Web applications and back-end databases to prevent these attacks from succeeding. (Free registration required.)