OhMyGov!

Yet the truth about Anonymous rarely lives up to the hype.

By Jack B. Winn



IT administrators and systems analysts are becoming concerned about an increase in cyber attacks targeting websites, and according to websiteNetwork Computing, the federal government is taking no chances.

With 75 percent of companies anticipating a second or third cyber attack against their IT infrastructure, the situation is so grave that Congress has been inspired to act. The Republican-sponsored Cyber Intelligence Sharing and Protection Act, or CISPA, breezed through the House of Representatives April 27 along party lines, with 42 Democrats voting in favor and 28 against.

If it becomes law, H.R. 3523 would allow private companies and agencies like the National Security Agency (NSA) to share threat information with each other for the first time since the Internet became commercially available in the mid-1990s. The bill is a reaction to several widely publicized incidents--including the attack on the CIA's main webpage, LulzSec's hacking of Sony three times in 2011--and many others.

"From a threat standpoint, folks are pretty concerned about foreign governments, but they're also concerned about the hacktivism thing," Ed Moyles, founding partner of Second Curve, a New Hampshire based cybersecurity company, told Network Computing's Liam Lahey. "We've heard about hacktivism as it relates to a lot of core services...but in my mind I thought it would play second fiddle by a wide margin to the foreign actors like China and Iran that might be actively targeting our federal systems."

Just recently Anonymous attacked the websites of technology trade associations USTelecom and TechAmerica. According to the San Francisco Chronicle, the hacktivist group issued a statement April 9th, taking credit for the digital denial of service effort against both associations.

A recent survey by security vendor Bit9 found that sixty-four percent of IT professionals expected a major attack in the next six months, and sixty four percent of the 2,000 member sample fingered hacktivist groups like Anonymous and LulzSec.

"The one area where, generally, a lot of organizations are ill-prepared is in coordinated, well-funded, sophisticated, low-noise targeted attacks" Moyles said.

Yet the truth about Anonymousrarely lives up to the hype. According to an unclassified Department of Homeland Security bulletin, far from being the mysterious supervillains they are often portrayed as in the media, Anonymousand Lulz Sec owe their success to more rudimentary means of penetration. So called "script kiddie" tactics such as denial of service attacks and defacement of public websites account for the bulk of Anonymous attacks, which are easier to pull off than the sophisticated hacking portrayed in 1995 cyber thriller, Hackers.

They are also easier to identify. For example, the Low Orbit Ion Cannon, an open source stress-testing network that allows Anonymous participants to link up with each other, turning their laptops into one giant DDoS system, is vulnerable to filtering by firewalls. LOICs are also recorded in system logs, meaning individuals IP addresses can be traced by law enforcement agencies, leading to their arrest--that's how many Anonymousparticipants, including the alleged mastermind of Anonymous, Christopher Doyon, were eventually found.

No wonder IT professionals are confident about their defenses against such attacks. An Information Week survey of 106 IT professionals found that many of them were optimistic about their chances of repelling such low key cyber attacks.

Yet to hear from D.C., Anonymousisn't a group of highly intelligent (if misguided) techies--they are nothing less than terrorists. The U.S. government officially declared cyber attacks such as Anonymous's #OperationPayback as acts of war in 2011, putting them on par with the sinking of the Lusitania, Pearl Harbor, and the September 11 attacks.

Furthermore, according to Network Computing, more than half of all federal agencies are planning on increasing cyber security funding in 2013, but with budgets strained already, the question arises of how to pay for all those new Toshibas, Macs, iPads and other devices.

"If you look at cybersecurity both on the offensive and defensive side," Moyles said. "we're seeing additional requests for funding...but the money has to come from somewhere."

Prioritizing is one solution. According to Symantec, a majority of threats--62 percent--were domestic, followed by China at 10.1 percent, and Thailand with 2.1 percent (At 1.5 percent, Russia is ranked sixth on Symantec's list). The United States is also one of the top originating countries for global online threats, with 16.9 percent of global attacks originating in the United States--not Russia, and certainly not China.

Yet prominent stories--like the Koobface virus Russian hackers used to target the personal information of Facebook users, or the ongoing series of hacks by Chinese cyber spies against US institutes and dissident websites like Boxun, NASA's Jet Propulsion Lab, and others--continue to focus attention on vague (often foreign) threats that account for a fraction of the 5.5 billion overall threats blocked last year.

With the Wild West of hacking moving to social media and mobile devices, IT administrators are wary. Over 28 percent of respondents surveyed by research firm Enterprise Strategies Group said they were unprepared for attacks using social media or smart phone devices--a big glaring sign that improvements still need to be made in cyber security.

At the end of the day though, Moyle has one piece of advice to IT administrators: keep your eyes peeled.

"You need to do continuous monitoring in a way that ties it back to the risks your agency faces," He said. "that might be a little bit different than what folks are doing on the ground...but they're collecting those metrics because they can and not because they're actually meaningful for their program."

www.ohmygov.com