IDG News Service - Has the Anonymous movement reached a midlife crisis?
There's no question that the loosely confederated collective has gained members and attention over the past year, for computer attacks on PayPal, Sony, and government contractor HB Gary Federal, and for the erratic cyber-rampage carried out by its sister group, LulzSec. But maybe the group needs to grow up a bit in order to get its message across.
At the Defcon hacking conference in Las Vegas Saturday, cyber experts had some tips for building a better Anonymous.
1. Look out for your new members.
Following a December, 2010, denial of service attack on the PayPal website, the company handed the U.S. Federal Bureau of Investigation about 1,000 IP addresses linked to the attack. Those people may have thought they were downloading software -- Anonymous uses a program called the LOIC, (Low Orbit Ion Cannon) in its attacks -- and joining a movement, not committing a federal crime.
"Anonymous has this idea moving forward that anyone can join us and take up arms, but they're not educating the people who are using these tools," said Jericho, the pseudonymous security expert who founded Attrition.org, a Web site that compiles information on the computer security industry. "Anonymous needs to educate their people as much as the public on their goals."
According to Gregg Housh, an Anonymous spokesman, he was overwhelmed with emails during the December attacks from neophytes looking to join in. "The emails were all, 'I don't know what you guys are doing, but I'd like to help'," he said Saturday. "I was getting anywhere from 100 to 150 of those an hour for a week-and-a-half period." He couldn't respond to the emails, he said, because that would have meant participating in criminal activity.
Housh noted that there is an IRC (Internet relay chat) room channel called "New Blood" where Anonymous members will help.
2. Vet what you release.
Anonymous exposed HB Gary Federal's proposed disinformation campaigns against organizations such as Wikileaks, but the disgraced security firm is far from the only company involved in such operations, according to Krypt3ia, anonther pseudonymous security blogger. "It's been going on for a very long time in the private sector," he said. "It's nothing new. It's just somebody got... caught."
That means that there's a pretty good chance that Anonymous could be the target of such a campaign. There's nothing to stop any hacker from leaving a file with Anonymous's tagline, "We are legion" on a hacked computer to direct blame toward the group.
"How do you know that you're getting the real dirt? How do you know you're not getting disinformation?" Krypt3ia said.
- Nine charged with distributing Zeus malware
- The new security perimeter: Human Sensors
- Cyberattacks could paralyze U.S., former defense chief warns
- Security Manager's Journal: Thousands of dollars in phone calls? Management hates that.
- Everything You Know About Enterprise Security Is Wrong
- UK man charged with hacking Federal Reserve
- McAfee Offers Global Response to Nationalized Malware
- Tech Industry Praises Cybersecurity Framework From White House
- Ransomware like Cryptolocker uses Bitcoin, other virtual currencies for payment
- Trial for alleged Silk Road creator Ross Ulbricht set for November
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts