DHS warns of planned Anonymous attacks
Bulletin from feds highlights group's Occupy Wall Street, Operation Facebook, Project Mayhem campaigns
Computerworld - The U.S. Department of Homeland Security today issued a somewhat unusual bulletin warning the security community about the planned activities of hacking collective Anonymous over the next few months.
The bulletin, issued by the DHS National Cybersecurity and Communications Integration Center (NCCIC), warns financial services companies especially to be on the lookout for attempts by Anonymous to "solicit ideologically dissatisfied, sympathetic employees" to their cause.
Anonymous has recently used Twitter to try and persuade dissatisfied employees within the financial sector to give them information and access. Though such attempts appear to have been largely unsuccessful so far, "unwilling coercion through embarrassment or blackmail may be a risk to personnel," the bulletin warned.
The unclassified DHS communique is addressed broadly to those in charge of cybersecurity and critical infrastructure protection and also warns about new tools that Anonymous has said it plans to use in launching future attacks.
One of the attack tools highlighted in the alert is dubbed #RefRef, which is said to be capable of using a server's resources and processing power to conduct a denial of service attack against itself.
"Anonymous has stated publicly that the tool will be ready for wider use by the group in September 2011," the DHS said. "But though there have been several publicly available tools that claim to be versions of #RefRef, so far it's unclear "what the true capabilities of #RefRef are."
The bulletin also cites the so-called Apache Killer tool that can be used to launch denial of service attacks. The DHS alert also warns of three cyber attacks and civil protests it says are planned by Anonymous and affiliated groups.
The first attack, dubbed Occupy Wall Street (OWS) is scheduled for Sept. 17.
The so-called 'Day of Rage' protest was first announced by a group called Adbusters in July and is being actively supported by Anonymous. The organizers of OWS hope to get about 20,000 individuals to gather on Wall Street on that day to protest various U.S. government policies.
The protest is being coordinated through Adbuster's website as well as via an Anonymous YouTube video that exhorts followers to "flood into lower Manhattan, set up tents, kitchens, peaceful barricades and occupy Wall Street for a few months," the DHS noted in its alert.
Similar rallies targeting financial districts are being planned in Madrid, Milan, London, Paris and San Francisco, it said,
Adbusters is planning another protest in October. That event, to mark the 10th anniversary of war in Afghanistan, is slated to be held at the Washington DC National Mall.
The two other planned attacks by Anonymous that are highlighted in the bulletin are, Operation Facebook a November 11 protest targeting the social media site for its alleged privacy violations, and Project Mayhem, scheduled for Dec 21, 2012.
Though there has been little dialogue or hints about the specific tactics, techniques and procedures that Anonymous plans to employ for Project Mayhem there are indications that it could involve physical disruption and targeting of information systems.
The name Project Mayhem is derived from the movie Fight Club in which "the main character is ultimately responsible for destroying buildings belonging to major financial institutions with explosives," the bulletin said.
The bulletin is testimony of sorts to the kind of attention that Anonymous has managed to attract following cyberattacks and related protests in recent years. The group has been associated with a string of high-profile attacks against organizations such as HB Gary, Booz-Allen Hamilton, and the Bay Area Rapid Transit agency
Though members of Anonymous are thought to have been associated with several "maliciously intolerant cyber and physical incidents" in the past, of late they have evolved to "what appears to be a hactivist agenda."
"Anonymous has shown through recently reported incidents that it has members who have relatively more advanced technical capabilities who can also marshal large numbers of willing, but less technical, participants for DDOS activities," the DHS said.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
- New docs show DHS was more worried about critical infrastructure flaw in '07 than it let on
- Needed: Breach detection correction
- Evan Schuman: Resurrection of Full Disclosure mailing list is great news, if you're not a cyberthief
- Cyberattacks could paralyze U.S., former defense chief warns
- Syrian Electronic Army shanghais Microsoft's Twitter account, blog
- Is French outrage against U.S. spying misplaced?
- Lawmakers seek answers on Obamacare Data Hub security
- China-based hacking group behind hundreds of attacks on U.S. companies
- How to Prepare for a Potential Syrian Counterattack on the U.S. Power Grid
- New York Times site outage caused by attack on domain registrar, company says
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Step Out of the Bull's-Eye Learn about the evolution of targeted attacks, the latest in security intelligence, and strategic steps to keep your business safe.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily... All Cybercrime and Hacking White Papers | Webcasts