Feeds

2011 Reg roundup: Hacking hacks, spying apps and an end to Einstein?

Smartphones, privacy and a year of tears

  • alert
  • submit to reddit

Providing a secure and efficient Helpdesk

Anonymous, Lulzsec and the attack of the hacktivists

Hacktivism - people launching attacks and stealing data for purportedly political ends - arguably hit a high-water mark in 2011. It was accompanied the rise of street protest movement Occupy, and allowed itself to become associated with Robin Hood-types disgruntled with bankers and the excesses of the capitalist system. Hackers often justified their own actions on anti-establishment grounds or as a quest for revenge against perceived in-justice.

It was the year when Anonymous, a reasonably long-running and loosely grouped bunch, was joined by Lulzsec, a smaller but even more anarchic group.

Their preferred weapon of choice, the Distributed Denial of Service (DDoS), was allied to hacking into insecure databases and mail spools before releasing their contents onto the net, to the embarrassment of victims.

anonymousCARTOON

Lulzsec burned bright but briefly in hacktivism

By the middle of the year, it seemed every day somebody somewhere was claiming another DDoS, web site re-direct, or data theft on behalf of Anonymous, Lulzsec or both.

Targets included entertainment industry firms for their stance against file sharing, newspaper sites of Rupert Murdoch's News International and his Fox TV station, NATO, banks, websites run by government of Egypt and Tunisia during the Arab Spring protests, FBI-affiliated security organisations and different law enforcement operations across the US out of revenge for the arrest of alleged members of Anonymous and Lulzsec.

Sites were knocked offline and gigabytes of personal data - email, credit card details, and social security numbers - lifted. Their actions made headlines, not just for who they attacked but also for the accompanying claims of robbed data. Hacktivists also liked to think they were untouchable: US security firm HB Gary Federal had threatened to reveal the identities of members of Anonymous at a security conference, Security B-Sides, but instead HB Gary Federal found itself hacked, its website defaced, Twitter feed hijack and its email spool released.

But just how apocalyptic was this? Many of the claims of data breaches couldn't be substantiated while some attacks seemed rather petty, such as Lulzsec posting a fake story on PBS about rapper Tupac Shakur being alive out of revenge for a PBS's documentary on Wikileaks' Julian Assange.

And when it came to dropping the big bomb, the hacktivists kept holding off. Anonymous held back on threats to release caches of classified NATO documents while Lulzsec didn't follow through on a threat to release News International emails that it claimed to have acquired during the redirection attack on The Sun's website.

Curiously, however, arguably the biggest hack story of the year - the breach and take down of Sony's Playstation Network, a vital artery that connects millions of Playstation gamers - was a coup that Anonymous couldn't walk away from fast enough.

The Sony Playstation Network hack saw the details of 77 million gamers compromised and the network offline for 23 days. Just prior the attack in April, Anonymous had posted a self-important and sanctimonious message warning Sony it would "experience the wrath of Anonymous" for its legal action against PlayStation 3 hacker George Hotz. Yet, Anonymous denied any role in the crippling PlayStation Network hack. Was it Anonymous all along: some member of the group whose actions those in the centre didn't agree with, or was it somebody - as yet - unknown?

The incident pointed to the real problem with Anonymous: it's not a functioning, centralised operation and is instead a chaotic affiliation of splinter cells and individuals with a generalised sense of identity. It is more a group when perceived from the outside.

By summer, the hacktivists also seemed to be on the back foot with arrests in full swing: 21 people cuffed in the US and seven in the UK for their alleged role in the December 2010 DDoS on Paypal, Amazon, MasterCard, Bank of America and Visa over their decision to stop handling the account of Wikileaks.

A pivotal moment came on June 22 when alleged Lulzsec member Ryan Cleary, aged 19, was arrested and charged with five computer crime offences, including allegations of building a botnet and unleashing distributed DDoS attacks, including a cyber-attack on Britain's Serious Organized Crime Agency (Soca).

Five days later, Lulzsec told the world on Twitter it was retiring - barely a month after it had established its presence on Twitter. The group told the AP it wasn't running because it was afraid of law enforcement, just: "The press are getting bored of us, and we're getting bored of us."

Was this the end? Anonymous, was still venting as late as October, stealing data and holding it to ransom. The group published a dossier of personal information on the head of Citigroup in retaliation for the arrest of protesters at an Occupy Wall Street demo.

Like the Occupy movement, however, a sustained focus was missing; the attacks seemed opportunistic - relying on the security oversights of their victims and the rather crude hammer of a DDoS to break badly protected systems rather than using some advanced form of hacking. The ideals, such as they were, were random and there was more talk than execution. A planned, idealistic campaign to expose members and associates of the notorious Los Zetas Mexican drug cartel was dropped in November amid some confusion while a rather questionable operation to use stolen credit card details to donate to charities, supposedly defrauding banks in the process, failed to pick up momentum.

2012 will tell whether the attacks resume and become more advanced, or whether the actions of law enforcement have given hacktivists pause for thought. Already, the victims are tooling up. Stung by the attacks, Sony has picked former US Department of Homeland Security exec Philip R Reitinger as senior vice-president and chief information security officer to oversee information security, privacy and internet safety across the entire company. ®

Providing a secure and efficient Helpdesk

More from The Register

next story
Brit telcos warn Scots that voting Yes could lead to HEFTY bills
BT and Co: Independence vote likely to mean 'increased costs'
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Blockbuster book lays out the first 20 years of the Smartphone Wars
Symbian's David Wood bares all. Not for the faint hearted
Bonking with Apple has POUNDED mobe operators' wallets
... into submission. Weve squeals, ditches payment plans
'Serious flaws in the Vertigan report' says broadband boffin
Report 'fails reality test' , is 'simply wrong' and offers ''convenient' justification for FTTN says Rod Tucker
This flashlight app requires: Your contacts list, identity, access to your camera...
Who us, dodgy? Vast majority of mobile apps fail privacy test
Apple Watch will CONQUER smartwatch world – analysts
After Applelocalypse, other wristputers will get stuck in
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.