RSS Alerts

Share

More services

Related Links

Related Stories

  • Swedish government websites attacked in support of Julian Assange
    Government websites for the Swedish Armed Forces, Sweden.se, the Swedish Institute and the Swedish Courts have been taken down by a distributed denial-of-service (DDoS) attack, by hacktivists supporting WikiLeaks founder Julian Assange.
  • Sony hacked by NullCrew; Anonymous attacks MI5 and MI6
    NullCrew, a new hacking group that has been particularly active over the last couple of months, has hacked Sony mobile websites – adding to its rapidly growing list of victims (Cambridge University, Yale University, Cambodia Army, PMT Air and many more).
  • OpFreeAssange turns into a feeding frenzy in the UK
    It was always to be expected that hacktivists would respond vigorously to the effective house arrest of Julian Assange within the Ecuador Embassy in London, and the UK’s apparent determination to extradite him to Sweden.
  • Hackers target Cambridge in the name of Julian Assange
    A hacking ring pledging to defend WikiLeaks founder Julian Assange’s honor has claimed to have attacked computer systems at the University of Cambridge, saying it has broken into multiple databases.
  • Group claims credit for hack into Yale's network
    The group NullCrew has claimed that it hacked into Yale University’s network and stole user names, passwords, social security numbers, addresses, and phone numbers of 1,200 students and staff.

Top 5 Stories

News

What the Anonymous attacks on MI5 and MI6 tell us

05 September 2012

As Infosecurity reported yesterday, both the MI5 and MI6 websites were attacked by Anonymous in the name of OpFreeAssange. Both sites were down for about an hour, demonstrating that few sites can withstand a concerted DDoS attack.

They join a growing list of government sites in both the UK and Sweden that have been attacked in protest against the treatment of Julian Assange, founder of WikiLeaks and currently blockaded by the UK police in the Ecuador embassy in London. The action against MI5 and MI6 was a mainstream Anonymous action. While Anonymous tends to use DDoS as its form of online protest, a separate hacking group known as NullCrew engages in actual hacking – breaking into computers and frequently dumping its spoils on sites such as Pastebin. One member of NullCrew, known as ‘0x00x00’ has been breaking into sites (such as the Northern Ireland Home Office) and pasting an Assange poster. NullCrew supports several Anonymous operations – including OpFreeAssange – but is not a part of Anonymous.

An Anonymous spokesperson yesterday told TechWeek Europe that the online protests were there to support the ongoing physical protest outside the Ecuador embassy: people on the ground and hackers and DDoS crews online. He added, “We have found [a] way to circumvent the government’s new security and we are testing different methods.”

Paul Lawrence, VP International Operations at Corero Network Security, finds this last statement particularly worrying. “Although these comments may be sensationalizing the attack that brought down both sites for just over an hour,” he said, “it should serve as fair warning to any government agency or business that operates online. A motivated hacker who has targeted your organization will find even the smallest of flaws in your security and exploit it.”

There are indeed indications that political activism is changing the nature of the online threat, with activist hackers becoming more and more targeted and focused in their actions. The dump of Apple UDIDs supposedly stolen from the FBI by AntiSec is a good example. Although the FBI has denied that it ever happened, many security commentators suspect that it could be true. Imperva’s Rob Rachwald is one. “This breach resembles a new innovation by hacktivists. Specifically, they targeted an individual in the same way government-sponsored hackers (a.k.a., APT hackers) would attack.”

It suggests that Anonymous is no longer content with mere DDoS as an online protest. And with skilled hacking teams like NullCrew and AntiSec replacing the defunct LulzSec, they have the ability to take their protest into, rather than merely against, high profile targets. “Any and every site can be a target,” said Lawrence, “and the sooner businesses and government agencies come to understand this, the sooner they can start putting in place measures to protect themselves, and limit the damage that an attack may cause.”

This article is featured in:
Data Loss  •  Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions | Privacy | Website Design| Reed Exhibitions. All rights reserved. Copyright © 2013
We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×