Technics: Hacktivists 2012: Matthew Schwartz analyzes 9 shock tactics that got our attention last year

Mathew J. Schwartz makes my head spin as he chronicles the main activities known to have been conducted by major hacktivists as they threatened and often damaged organizations functioning legitmately (I presume) in the cyberworld.  I wonder just how these cybercrims can out do themselves in the year just ahead.  The world is dreadfully precarious already, without their added-on shenanigans, but they too are a reality in the world we live in.

-- Technowlb, refWrite Backpage technics newspotter, analyst, columnist


InformationWeek Security (Jan7,2k13)

9 ways hacktivists shocked 

the world in 2012

Despite the arrests of alleged LulzSec and Anonymous ringleaders, ongoing attacks -- 
including Muslim hackers disrupting U.S. banks -- 
prove hacktivism remains alive and well.

by Mathew J. Schwartz  InformationWeek
December 21, 2012 09:06 AM

Hacking websites, cracking databases, leaving behind defacements and releasing untold amounts of purloined information has been happening for years. The exploits of hackers appeared to reach new heights last year, in the wake of 2011's high-profile attacks against HBGary Federal, Sony and numerous government websites, together with the debut -- and self-imposed demise -- of the sharp-tongued hacktivist group LulzSec.

Yet, throughout 2012, hacking exploits continued unabated, with still more attacks targeting and obtaining sensitive information from governments, law enforcement agencies, businesses and more. Furthermore, the exploits continued despite the surprising news that the leader of LulzSec had not only been busted in 2011, but worked with the FBI to help snare his Anonymous associates.

More Security Insights

Webcasts

• Is Your Network Ready for BYOD?
• Storage Encryption Options for Better Security

More >>

White Papers

• BYOD Risk and Rewards
• The State of DDoS Protection: Organizations Remain Unprepared for DDoS Attacks

More >>

Reports

• Will IPv6 Make Us Unsafe?
• Database Defenses

More >>

Here are nine notable ways that hackers and hacktivism have remained in the headlines in 2012:

1. Anonymous Hacks FBI Cybercrime Conference Call

The LulzSec gang announced its retirement in June 2011, and while some alleged members, such as Jake Davis -- accused of being the group's spokesman, "Topiary" -- were arrested, at the beginning of 2012, many participants appeared to be still at large.

[ Rules and regulations may be friends or  foes. See S.C. Security Blunders Show Why States Get Hacked. ]

Come February 2012, elements of Anonymous even took down the CIA's public-facing website, and leaked an FBI conference call in which investigators coordinated Anonymous and LulzSec participants'' arrests. Curiously, however, key details -- such as the alleged hacktivists' names -- had been blanked out of the audio file that was ultimately released.

2. Stratfor Hack Upends Private Sector Intelligence Provider

Also in February, Anonymous announced the release of a trove of emails and personal data stored by Strategic Forecasting, better known as Stratfor, which is an intelligence contractor. A member of Anonymous -- who turned out to be LulzSec leader Sabu -- reported that the plaintext emails and customer information had been obtained by exploiting known vulnerabilities in the Stratfor network. Ultimately, the breach exposed personal information on 860,000 Stratfor customers, 60,000 credit card numbers and a massive trove of emails between Stratfor and its sources.

3. Hacker King Turns Informant: Feds Reveal Sabu Bust

Come March, the FBI announced the arrest of five principal members of Anonymous and LulzSec, accused of hacking into the websites of Sony, PBS and Stratfor, amongst other organizations. In retrospect, the blanked-out audio of the released FBI conference call might have been a giveaway, as court documents unsealed after the arrests revealed that LulzSec leader Sabu -- real name, Hector Xavier Monsegur -- had himself been arrested back in June 2011.

Facing the potential of serious jail time for alleged identity theft, Sabu quickly turned informer and began working around the clock to help investigators counter emerging attacks, as well as bust high-profile Anonymous participants. Since the March arrests, prosecutors have continued to expand the case, including arresting Jeremy Hammond, the alleged ringleader of the Stratfor hack.

4. Hacktivists drive Global Law Enforcement Agencies to unite

One side effect of the rise in hacktivism has been increased cooperation -- no need for cybercrime treaties -- between law enforcement agencies in various countries. "A lot of people think this is just a bunch of kids fooling around, but in reality, it's not, it can destroy your business," said Eric Strom, the unit chief for the cyber initiative and resource fusion unit in the FBI's cyber division, at the RSA conference in San Francisco in February. "You know, market share goes down and you're talking about significant damage to a company."

Asked at the conference what the FBI was doing about the problem -- months after the bureau had secretly turned Sabu, but just days before busting the alleged higher-ups in Anonymous and LulzSec -- Strom kept his cards close to his chest. "So let's put it this way, the FBI has put a lot of resources towards this problem ... it's not something that we just look at as a small issue, we have a lot of people around the country working this, as well as around the world, so companies should do the same."

But Strom said the word "hacktivism" meant little to the bureau. Instead, he said the FBI attempted to differentiate between people's online freedoms of assembly and speech versus clear evidence of law-breaking.

5. Despite Arrests, Hacktivist Operations Continue

No matter the arrest of Sabu and other alleged Anonymous, LulzSec and AntiSec luminaries delivering on the hacktivist assertion that "you can't arrest an idea," attacks launched under the mantle of those groups continued unabated. After claiming an end to LulzSec's retirement, LulzSec Reborn doxed a military-focused dating site and released details on 170,000 members.

More Security Insights

Webcasts

• Is Your Network Ready for BYOD?
• Storage Encryption Options for Better Security

More >>

White Papers

• BYOD Risk and Rewards
• The State of DDoS Protection: Organizations Remain Unprepared for DDoS Attacks

More >>

Reports

• Will IPv6 Make Us Unsafe?
• Database Defenses

More >>

Other hacktivist groups, claiming no LulzSec or Anonymous affiliation, also continued their efforts. Team GhostShell, notably, leaked usernames, passwords and resumes from a Wall Street jobs board in July, followed later in the year by a massive data dump involving 1.6 million records related to a variety of organizations, including NASA, Interpol, the Department of Defense and trade organizations.

6. Symantec sees pcAnywhere extortion shakedown

Another notable hack came to light in February, whenAnonymous released 2 GB of source code pertaining to the 2006 version of Symantec's pcAnywhere remote access software. Seeing the source code made public was cause for concern since enterprising coders might find new vulnerabilities that could be quietly exploited, as, by many accounts, the code remains relatively unchanged in more recent versions of the software.

But this wasn't a straight-up data release (a.k.a. doxing) operation. After first denying that the source was legitimate, Symantec confirmed that the source code had apparently been stolen -- unbeknownst to the security firm -- in a 2006 security breach. Symantec also said that it, and then a U.S. law enforcement agent disguised as a Symantec employee, had been communicating in advance of the source code release with one or more hackers, who threatened blackmail if the security vendor didn't pay up.

Meanwhile, hacker Yama Tough -- leader of "LoD," short for Lords of Dharmaraja, which describes itself as the "Anonymous Avengers of Indian Independence Frontier" -- uploaded to Pastebin a series of emails he'd sent to Symantec to tell his side of the story, and demanded that Symantec wire $50,000 into an offshore account if it wanted to prevent the code from being released. When the security firm failed to pay up, he shared the stolen source code with Anonymous. How Yama Tough obtained the source code, however, and who else may have had access to it in the five years after it was stolen, remains a mystery.

7. Hackers target U.S. banks over anti-Muslim film

This year also saw the launch of a number of high-profile distributed denial of service (DDoS) attacks by a Muslim hacktivist group calling itself the Cyber fighters of Izz ad-din Al qassam, who began targeting U.S. banks in retaliation for the YouTube posting of a clip of the Innocence of the Muslims film that mocks the founder of Islam.

The attacks against U.S. bank websites weren't without precedent. In Feb., for example, Anonymous-backed attacks reportedly disrupted the NASDAQ and BATS stock exchanges, as well as the Chicago Board Options Exchange. But what differed was the sheer scale of the new attacks, which overwhelmed the websites of leading Wall Street firms, including Bank of America, BB&T, JPMorgan Chase, Capital One, HSBC, New York Stock Exchange, Regions Financial, SunTrust, U.S. Bank and Wells Fargo. [Whew!] That was despite the attackers previewing the sites they'd target, as well as the days and times that the attacks would commence.

U.S. officials blamed the Iranian government for sponsoring the DDoS attacks against U.S. banks, but in numerous Pastebin pronouncements, the Cyber fighters of Izz ad-din Al qassam said that their members hailed from multiple countries.

8. Anonymous continues pressing political agenda

Efforts conducted under the Anonymous banner continued throughout 2012, despite the arrest of Sabu and other alleged group leaders. In May, for example, as part of anti-NATO protests, the group's members obtained and released -- together with Anonymous affiliate AntiS3curityOPS -- a 1.7 GB Justice Department database. In July, in support of Syrian rebels, Anonymous worked with WikiLeaks to release 2.4 million Syrian government emails.

Other campaigns included the Nov. launch of Operation Israel (OpIsrael) after violence between Israel and Hamas flared into an eight-day conflict. In Dec., meanwhile, the hacktivist collective vowed to dismantle Westboro Baptist Church, an independent group that self-identifies as a church, after the group said it would picket the funerals of people killed at the Sandy Hook Elementary School in Newtown, Conn.  [One whackjob going against another whackjob.]

9. Anonymous' Achilles heel: anonymity

One recurring problem for hacktivists, however, has been the apparent difficulty of remaining anonymous online. Numerous alleged Anonymous and LulzSec participants were busted in 2011 after VPN services such as HideMyAss.com complied with law enforcement requests to share subscriber data. Investigators then cross-referenced subscribers' access times with data related to attacks to help pinpoint attackers' real identities.

Likewise, the FBI earlier this year arrested Galveston, Texas-based Higinio O. Ochoa III and accused him of being part of the hacking group CabinCr3w, which launched attacks against the websites of the West Virginia Chiefs of Police, the Alabama Department of Public Safety, the Texas Department of Safety and the police department in Mobile, Ala. According to law enforcement officials, the Mobile police website defacers left behind a taunting image of a woman in a bikini top, holding a sign reading "PwNd by wOrmer & CabinCr3w <3 b="b" bitch="bitch" contained="contained" data="data" exif="exif" file="file" however="however" image="image" in="in" revealed="revealed" s="s" the="the" u="u">GPS coordinates where the iPhone photo had been taken

, which led investigators directly to the house of Ochoa's girlfriend in Australia.

Other anonymity-busting 2012 incidents involved former CIA director David H. Petraeus and antivirus founder John McAfee. They further highlight just how difficult it is to remain anonymous online, which will no doubt be a cause for concern for any hacktivists who remain active come 2013.