Tag Archives: Anonymous

US Federal Reserve Bank hacked by Anonymous

The US Federal Reserve Bank (FRB) has released a statement detailing that personal information has been stolen from their servers during a hack attack. The hacktivist group Anonymous are thought to be behind the attack, although this has not been confirmed by the FRB. During the attack, the details of 4,000 bank executives, thought to be part of a contact database used in the event of natural disasters, were released.

In an official statement, the FRB put the attack down to the exploitation of “a temporary vulnerability in a website vendor product”. The statement went on to say “exposure was fixed shortly after discovery and is no longer an issue” and that although personal information was stolen, no “critical operations of the Federal Reserve system” were affected. The contact database that was stolen contained such details as work addresses, mobile numbers as well as computer log in details. However the FRB, in an internal statement, had advised that “passwords were not compromised”.

The hacking group Anonymous used this latest attack as  a protest against the prosecution and recent death of Aaron Swartz. It is widely thought that pressure put on Swartz by his impending prosecution caused the 26 year-old to take his own life. Swartz, a co-founder of such internet landmarks as RSS news feeds and the social news website Reddit, was to be prosecuted on allegations of infiltrating the Massachusetts Institute of Technology (MIT) and stealing data, which could have resulted in a 35 year prison sentence.

Anonymous have been behind many infamous cyber-attacks in recent years, such as an attack on UK Government websites, as well as the Pentagon and News Corporation. The inspiration behind many of Anonymous’s attacks are internet censorship and surveillance, although this particular attack was linked strongly to the death of Aaron Swartz.

This latest attack raises questions for the banking sector, who will want to know more about how the hack was achieved and if it’s something they should be worried about. What was the “temporary vulnerability”, and why did it exist in the first place? Despite the fact that this attack did not affect “critical operations”, US banks, who have to share information with the FRB, this attack potentially puts their sensitive data at risk. Aside from that, banks will be worried that if the FRB can be hacked into, what’s to stop their own IT security from being breached?

In all of this is the message that despite a recent prosecution of an Anonymous member, the group is still able to wreak havoc in a variety of  ways and affect a range of organisations.

Legal Concerns over Cloud Computing

A recent Backup Technology blog briefly touched upon the legal concerns that many businesses have when considering a move to the cloud. This post looks to explore those concerns further. Many of the concerns relate to the lack of regulation in cloud computing, which often makes some larger corporations fearful in case something goes wrong with the service.

Although cloud computing is picking up momentum, it is yet to be taken up on a large scale by big corporations, who still prefer to use hardware. Two of the reasons that many big corporations give for not moving more of their IT to the cloud is the concerns over responsibility for the service provided and data security. Understandably, lawyers of big corporations are concerned that when things do go belly up, they will not be able to hold the cloud provider responsible, and even more worryingly they may in fact be liable themselves. This is a major stumbling block for many large corporations who would otherwise be quite keen to make a push to the cloud.

There are many calling for tighter regulation of the cloud computing industry, as well as a change to legislation that is better suited to the cloud. As things stand, US law does not empower prosecutors to hold cloud providers accountable for criminal activity facilitated by the cloud. This is not to say that the cloud provider itself did anything illegal, but simply allowed crime to occur by hosting a service for the criminal organisation.

A prime example is that of CloudFlare and LulzSec. LulzSec, a hacking group with ties to other high profile groups such as Anonymous, used CloudFlare to host their operations during June 2011, in which they targeted websites such as that of the CIA, gaming website The Escapist and sandbox game, Minecraft. CloudFlare, a website optimisation and security company, managed to escape liability for the attacks even though they had been hosting LulzSec’s website for several weeks. In theory, CloudFlare could have helped with any attempt to prevent the attacks from happening but chief executive Matthew Prince chose not to take the website offline. In fact, his company did quite the opposite, and continued to provide their service designed to protect LulzSec’s website from attack.

A recent article in Cloud Times has suggested that legislation needs to change to allow it to police the cloud computing industry properly. This is emphasised by the CloudFlare story, where a company was knowingly defending and hiding the website of a criminal organisation, but was not held accountable by any authority, because current legislation does not allow it. For cloud computing to be adopted by big business on a large scale, this is something that needs to change.

Anonymous Attack China

During the past few days, the hacktivist group Anonymous have concentrated a series of attacks on Chinese websites. The group is claiming that they have successfully defaced 480 websites which include regional government sites. The hacktivist group has also left messages on the defaced sites encouraging Chinese hackers to follow suit and continue with what they have started.

The Chinese authorities have responded quickly, taking the affected sites offline. However, the Wall Street Journal (WSJ) was successful in finding an affected site before it had been taken offline. A screen shot that was taken revealed a message written in English saying:

‘Dear Chinese government, you are not infallible, today websites are hacked, tomorrow it will be your vile regime that will fall. So expect us because we do not forgive, never. What you are doing today to your Great People, tomorrow will be inflicted to you. With no mercy.’

The WSJ also commented that on that same site that has now been taken offline, there was link that would divert the user to an Anonymous site which detailed how hackers could bypass the Great Firewall that the Chinese Government have put in place to help censor and monitor the web activities of the Chinese people.

To further enhance their message, a member of the Anonymous group left a post on the popular website PasteBin.com. The message was an attempt to encourage Chinese people start a revolt against the existing Chinese Government.

The message read, “So, we are writing this message to tell you that you should protest, you should revolt yourself protesting and who has the skills for hacking and programming and design and other ‘computer things’ come to our IRC.”

Surprisingly, this is the first time that the group Anonymous group have targeted the Chinese Government. The main reason for the group to target this government is the web censorship regulations and their stance towards human rights. The Chinese Government currently blocks website content and monitor internet access for the Chinese people.

The overall impact that these hacks have had is yet to be seen but many feel that the Chinese Government will not be too concerned at this moment of time. The main reason for this are that the sites that were defaced, displayed messages in English, which many Chinese people will not have been able to understand.

The attacks on the Chinese Government look set to continue as the hacktivist group are looking for someone who will be able to translate their messages into Chinese. If the attacks do continue and become more successful in sending out a message to the Chinese people, it will be interesting to see how the Chinese Government responds.

Favoured Website for Hackers to Dump Data is set to Take Action

Jeroen Vader, the owner of the website Pastebin.com has announced that he plans to hire extra staff that will monitor the content that is put on the website. The sole purpose of the new employees will be to scout around the website and reduce the amount of time that stolen data remains on the website.

During recent times, Pastebin.com has become a favoured website with hacktivist groups such as LulzSec and Anonymous who dump large amounts of stolen data and leave it there for all to see.

Vader has revealed that since he has become the owner of the website in 2010, the popularity has increased and it now attracts on average 17 million visitors a month. With the website attracting so many people, the monitoring system that is in place to flag up any inappropriate data is struggling to keep up. At the moment, Vader is relying on an abuse report system to flag up any inappropriate data but it has now reached the stage where the system isn’t responsive enough. On average, PasteBin currently receives 1,200 abuse reports a day and therefore the need for extra staff to monitor the content on the website is becoming more important.

Vader stated, “I am looking to hire some extra people soon to monitor more of the website content, not just the items reported. Hopefully this will increase the speed in which we can remove sensitive information.”

Members of the website are asked not to post personal or stolen pieces of information but this does not deter members of the hacktivist groups. The website is also used by hacktivists to test the effectiveness of distributed denial- of- service attack (DDoS) tools. The aim of these tools is to make a computer or network resource unavailable to the intended user(s).

Vader commented, “In the last three months not a single day has gone by that we didn’t get some kind of DDoS attack. I do hear from people in the hackers’ community that many hackers like to test their DDOS skills on Pastebin.”

Once the new employees are in place, it will be interesting to see whether the hacktivist groups continue to dump stolen data on this website if the length of time that it remains on the site is reduced.

Hacktivists Experience Greater Success than Cybercriminals in 2011

The Annual Report Data Breach Investigations that is compiled by Verizon has revealed that hacktivists stole more data than cybercriminals in 2011. This is a significant change in recent trends as previous findings reported that cybercriminals had stolen the most data within a year. It is reported that hacktivists stole 58% of the data that was stolen during 2011.

For those who are unsure of the difference between a hacktivists and a cybercriminal, a hacktivist conducts a hack as a form of political protest or to help advance political activities whilst a cybercriminal sole aim is to hack for financial gains.

The Verizon report categorised 855 hacks which had taken place around the world and which resulted in a total of 174 million records being stolen.  The report detailed that the hacks originated from 36 different countries. This is certainly a concern as the 2010 report detailed that the hacks that had occurred during that year originated from 22 countries. The report also revealed that countries in Eastern Europe were held accountable for 70% of the hacks while those in North America were held accountable for less than 25%.

A key finding within the report was that 79% of attacks were opportunistic and that only 4% of the total cases were seen as challenging for the hackers. This surely has alarm bells ringing for those involved as it shows that there is a desperate need for everyone to tighten up their security measures. Simple measures such as ensuring that stronger passwords are used can help as it is estimated that 97% of the hacks could have been avoided without the implementation of complex or expensive measures.

Wade Baker who is the Director of Research and Intelligence at Verizon believes that a change in hacktivists intent and reasoning is the main reason for their rise to the top. Wade stated “Hacktivism has been around for some time but it’s mainly been website defacements. In 2011 it was more about going to steal a bunch of information from a company.”

Hacktivists groups such as Anonymous and Lulzsec have been accredited with many of the attacks that were conducted in 2011. It is believed that attacks carried out by these two groups are not as common but are harder to prevent as they take their time to develop specific methods for each target which results in greater rewards.

The threat that is posed by cybercriminals is still very prominent and they continue to test the internet defences of large companies, ready to pounce on any weaknesses that they find. Wade believes that despite fewer firms now going out of business after a data loss incident, the implementation of sterner internet defences and stricter regulations is needed to challenge the hackers.

Every day, it is becoming more vital for companies to back up their data appropriately with a robust solution and the knowledge that they can restore their data. The art of hacking is spreading across the world and is set to continue as the rewards become greater and therefore the need for a strong internet defence and data backup solution increases.

Met Police Take To Twitter

The Metropolitan Police have joined hacking groups in using Twitter as a free publicity platform to get their message out there. The idea is to warn cyber criminals that they will not let up when it comes tracking them down.

They commented “the investigation into the criminal activity of so-called ‘hackivist’ groups Anonymous and LulzSec continues.”

“Under UK law it is an offence if a person acts from within the UK upon a computer anywhere else in the world. It is also an offence for someone anywhere else in the world to criminally affect a computer within the UK,” the tweet stated.

A link attached to the Tweet then elaborated on how anyone risking accessing a computer without authority would face imprisonment.

The move to Twitter has come after the arrest of Jake Davis. The 18-year-old Shetland resident who identifies himself as ‘Topiary’ online is facing a total of five charges involving a number of attacks on corporate and governmental bodies.

It seems that now Anonymous at least is turning it’s attention to the US and has already promised a number of attacks on American governmental bodies. Outside of a ‘free Topiary’ campaign the group is yet to announce another operation on British soil.

A recent Tweet read, “NSA, CIA, FBI, YOUNAMEIT: You all have our data. How about the public receives all of your data? Working on it.”

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal