Anonymous, Congressional Cyber-Law Action Dominate Week's Security News
Anonymous dominated headlines this past week, as law enforcement officials arrested suspected members and the collective continued its online mayhem.
British authorities arrested an 18-year old male from a residential address in the Shetland Islands, a remote archipelago off the north shore of the Scottish mainland, and issued a press release claiming they'd arrested "Topiary." Scotland Yard believes the suspect was the spokesperson of LulzSec and one of the six members who took part in several of LulzSec campaigns between May and June.
Hours after the arrest, there was speculation that LulzSec had somehow tricked the police into arresting someone else. However, LulzSec and Topiary's Twitter accounts were silent all week. Topiary's Twitter feed has only one post, written six days before his arrest, which stated, "You cannot arrest an idea."
Topiary, whom Scotland Yard identified as Jake Davis, is expected to appear in court on Aug. 1 and be charged with five offenses, including unauthorized computer access and conspiracy to carry out a distributed denial of service against the U.K.'s Serious Organized Crime Agency in June.
The arrest occurred on the same day Anonymous launched a boycott against PayPal and encouraged current users to cancel their accounts for its continued freeze on WikiLeaks funds. The group claimed that more than 35,000 PayPal users closed their accounts. While the group didn't address the news of the arrest on its Twitter feed, it promised to embarrass the FBI in retaliation for recent arrests of Anonymous members in the United States.
Shortly after midnight on Friday, Anonymous announced it had breached the networks of federal contractor ManTech International. ManTech offers cyber-security services for several government agencies, including the FBI.
Anonymous wasn't the only one busy trying to break into Websites, hardware and servers. With security professionals descending on Las Vegas for the upcoming Black Hat security conference July 30-Aug. 4, several researchers have started teasing some details from their research. Charlie Miller, a security researcher at Accuvant, discussed how he disabled the batteries in Apple's MacBook laptops by hacking into the micro-controller chip on the unit.
Apple continued rolling out software updates, fixing the last Snow Leopard update from June, which would prepare the Mac for upgrading to the new Mac OS X 10.7 "Lion," as well as fixing a serious SSL vulnerability in the iOS.
The House Judiciary committee approved a bill with a data retention clause that would require Internet service providers to retain customer data, including IP addresses and the sites the customer accessed, for up to 12 months. The bill, if passed, would allow law enforcement to access the data without a court order. The bill now moves to the full House of Representatives for debate.
While congressional lawmakers continued their debate on the PROTECT IP Act, Hollywood movie studios gained a victory against online piracy in the U.K. A British High Court judge approved a court order against British Telecom requiring the U.K.'s largest ISP to block all its users from accessing Newzbin2, a site where members can find links to clips of TV shows and movies.
Shortly after Randy Vickers, the director of the United States Computer Emergency Response Team, a division of the Department of Homeland Security, resigned without warning, there was a lot of speculation that the resignation was related to the pressure caused by recent high-profile data breaches. A few days after his resignation, Roberta Stempfley, acting assistant secretary at the Department of Homeland Security's Office of Cyber-security and Communications, told congressional lawmakers that Vickers had resigned for "personal reasons."
At the same Energy and Commerce Subcommittee on Oversight hearing, government officials testified that the country has been slow to beef up IT security. The hearings examined the government's efforts to safeguard private-sector networks that are considered part of the country's critical infrastructure, such as the electric grid and nuclear power plants, against cyber-threats.