The U.S. Department of Homeland Security today issued a somewhat unusual bulletin warning the security community about the planned activities of hacking collective Anonymous over the next few months.
The bulletin, issued by the DHS National Cybersecurity and Communications Integration Center (NCCIC), warns financial services companies especially to be on the lookout for attempts by Anonymous to "solicit ideologically dissatisfied, sympathetic employees" to their cause.
Anonymous has recently used Twitter to try and persuade dissatisfied employees within the financial sector to give them information and access. Though such attempts appear to have been largely unsuccessful so far, "unwilling coercion through embarrassment or blackmail may be a risk to personnel," the bulletin warned.
The unclassified DHS communique is addressed broadly to those in charge of cybersecurity and critical infrastructure protection and also warns about new tools that Anonymous has said it plans to use in launching future attacks.
One of the attack tools highlighted in the alert is dubbed #RefRef, which is said to be capable of using a server's resources and processing power to conduct a denial of service attack against itself.
"Anonymous has stated publicly that the tool will be ready for wider use by the group in September 2011," the DHS said. "But though there have been several publicly available tools that claim to be versions of #RefRef, so far it's unclear "what the true capabilities of #RefRef are."
The bulletin also cites the so-called Apache Killer tool that can be used to launch denial of service attacks. The DHS alert also warns of three cyber attacks and civil protests it says are planned by Anonymous and affiliated groups.
The first attack, dubbed Occupy Wall Street (OWS) is scheduled for Sept. 17.
The so-called 'Day of Rage' protest was first announced by a group called Adbusters in July and is being actively supported by Anonymous. The organizers of OWS hope to get about 20,000 individuals to gather on Wall Street on that day to protest various U.S. government policies.
The protest is being coordinated through Adbuster's website as well as via an Anonymous YouTube video that exhorts followers to "flood into lower Manhattan, set up tents, kitchens, peaceful barricades and occupy Wall Street for a few months," the DHS noted in its alert.
Similar rallies targeting financial districts are being planned in Madrid, Milan, London, Paris and San Francisco, it said,
Adbusters is planning another protest in October. That event, to mark the 10th anniversary of war in Afghanistan, is slated to be held at the Washington DC National Mall.
The two other planned attacks by Anonymous that are highlighted in the bulletin are, Operation Facebook a November 11 protest targeting the social media site for its alleged privacy violations, and Project Mayhem, scheduled for Dec 21, 2012.
Though there has been little dialogue or hints about the specific tactics, techniques and procedures that Anonymous plans to employ for Project Mayhem there are indications that it could involve physical disruption and targeting of information systems.
The name Project Mayhem is derived from the movie Fight Club in which "the main character is ultimately responsible for destroying buildings belonging to major financial institutions with explosives," the bulletin said.
The bulletin is testimony of sorts to the kind of attention that Anonymous has managed to attract following cyberattacks and related protests in recent years. The group has been associated with a string of high-profile attacks against organizations such as HB Gary, Booz-Allen Hamilton, and the Bay Area Rapid Transit agency
Though members of Anonymous are thought to have been associated with several "maliciously intolerant cyber and physical incidents" in the past, of late they have evolved to "what appears to be a hactivist agenda."
"Anonymous has shown through recently reported incidents that it has members who have relatively more advanced technical capabilities who can also marshal large numbers of willing, but less technical, participants for DDOS activities," the DHS said.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.