Anonymous Hackers Keep Hacking Away
The "Anonymous" hackers may have been stung by the FBI, but they have not been perceptibly slowed down. Their exploits continue, most recently aimed at the Chinese government on the one hand, and tech and telecom trade associations on the other.
Both sets of attacks continue the pattern of sophisticated and politicized "hactivism." One target, the authoritarian government of China, is widely unpopular. The other set of recent targets are obscure to most people. But the Anonymous group would like to make them unpopular--and might succeed in doing so. Political hactivism is growing in prominence, and its potential effects remain very uncertain.
The most recent exploits of the Anonymous hackers follow a setback for the group last month, when the FBI made a series of arrests, and announced that one member had been turned informant. (This action followed an embarrassing Anonymous attack on the FBI earlier in the year.)
But as two recent episodes show, the Anonymous group remains active and on the offense. Roger Cheng reports at CNET that Anonymous hacked into several hundred regional and local Chinese government websites, leaving messages warning that China's government would collapse. No central government sites were hacked, but it is difficult to imagine a message more disconcerting to the Chinese leadership.
Soon thereafter, as reported by Dara Kerr, also at CNET, Anonymous hit a different set of targets. Two trade association websites, USTelecom and TechAmerica, were hit, leaving users unable to log onto the sites. The Anonymous group said that the attacks were in response to the trade associations' support for a pending cyber-security measure in Congress. The measure, called the Rogers-Ruppersberger Cyber Security Bill, is aimed at assisting the private sector in defending against "advanced" cyber-security threats.
Because Anonymous is, well, anonymous, it is not exactly clear just how organized it really is (let alone how it is organized.) But its recent claimed attacks show sophisticated aim. China's authoritarian government has few open supporters in the West. Cyber attacks against it will tend to win public approval.
In contrast, the general public has not heard of the trade groups that Anonymous attacked, and the pending congressional bill has not (yet) garnered much attention. But as the travails of the SOPA anti-piracy bill showed, measures supported by large corporations do not get much popular support in this era of the Occupy movement. Tech firms tend to be rather popular with the public, but telecom carriers are widely disliked by their customers.
Hackers, indeed, have had an oddly positive swashbuckling public image going back at least to the movie Wargames in 1983--all of which makes politically motivated hactivism an exceptionally complex and delicate issue for IT managers concerned with security.
Hactivists are best known for attacking large institutions or enterprises. But the recently targeted trade associations were not themselves industry giants. And midsized firms cannot assume that their lower profile removes them from the target list. Hactivists' political agendas are uncertain, but seem to be complex. A midsize firm could all too easily find that something about its products or customers has aroused the ire of hactivists--and made that company the target of attack.
Companies hit by hactivist attacks cannot count on public sympathy. Indeed, the attacks may be intended specifically to embarrass. Confidential memos may be exposed, leaving firms with awkward explanations to make. And the simple fact of a security breach can expose a company to ridicule. That is part of why hactivism is such a difficult challenge. And there is no sign that the hactivists are going away.
This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us on Facebook. Follow us on Twitter.