IDG News Service - Has the Anonymous movement reached a midlife crisis?
There's no question that the loosely confederated collective has gained members and attention over the past year, for computer attacks on PayPal, Sony, and government contractor HB Gary Federal, and for the erratic cyber-rampage carried out by its sister group, LulzSec. But maybe the group needs to grow up a bit in order to get its message across.
At the Defcon hacking conference in Las Vegas Saturday, cyber experts had some tips for building a better Anonymous.
1. Look out for your new members.
Following a December, 2010, denial of service attack on the PayPal website, the company handed the U.S. Federal Bureau of Investigation about 1,000 IP addresses linked to the attack. Those people may have thought they were downloading software -- Anonymous uses a program called the LOIC, (Low Orbit Ion Cannon) in its attacks -- and joining a movement, not committing a federal crime.
"Anonymous has this idea moving forward that anyone can join us and take up arms, but they're not educating the people who are using these tools," said Jericho, the pseudonymous security expert who founded Attrition.org, a Web site that compiles information on the computer security industry. "Anonymous needs to educate their people as much as the public on their goals."
According to Gregg Housh, an Anonymous spokesman, he was overwhelmed with emails during the December attacks from neophytes looking to join in. "The emails were all, 'I don't know what you guys are doing, but I'd like to help'," he said Saturday. "I was getting anywhere from 100 to 150 of those an hour for a week-and-a-half period." He couldn't respond to the emails, he said, because that would have meant participating in criminal activity.
Housh noted that there is an IRC (Internet relay chat) room channel called "New Blood" where Anonymous members will help.
2. Vet what you release.
Anonymous exposed HB Gary Federal's proposed disinformation campaigns against organizations such as Wikileaks, but the disgraced security firm is far from the only company involved in such operations, according to Krypt3ia, anonther pseudonymous security blogger. "It's been going on for a very long time in the private sector," he said. "It's nothing new. It's just somebody got... caught."
That means that there's a pretty good chance that Anonymous could be the target of such a campaign. There's nothing to stop any hacker from leaving a file with Anonymous's tagline, "We are legion" on a hacked computer to direct blame toward the group.
"How do you know that you're getting the real dirt? How do you know you're not getting disinformation?" Krypt3ia said.
- Kicking the stool out from under the cybercrime economy
- Chinese man indicted over theft of Boeing C-17 secrets
- The making of a cybercrime market
- Arrests made after international cyber-ring targets StubHub
- International police operation disrupts Shylock banking Trojan
- Spamhaus pushes for arrests of alleged DDoS participants
- Accused Russian point-of-sale hacker arrested, will face U.S. charges
- No-IP regains control of some domains wrested by Microsoft
- Microsoft legal action cramping other hacking campaigns, Kaspersky says
- Microsoft admits technical error in IP takeover, but No-IP still down
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!