Cyber-attackers were busy over the weekend, targeting Websites belonging to various governments and law-enforcement agencies around the world. Their efforts haven’t let up with the new week.
Hacktivist collective Anonymous appeared to claim responsibility for the Central Intelligence Agency’s Website being down for a few hours Feb. 10. “CIA TANGO DOWN: https://www.cia.gov/ #Anonymous,” posted @YourAnonNews. The account posted several links to media reports claiming an Anonymous-led distributed denial-of-service attack had knocked the CIA site offline.
However, @YourAnonNews posted what sounded like a disclaimer shortly after. “We’d remind media that if we report a hack of ddos attack, it doesn’t necessarily mean we did it,” according to the post on Twitter.
The CIA Website was down for about nine hours Feb. 10, and again for a short period on Feb. 11. It was unavailable again for periods of time Feb. 13.
“We are aware of the problems accessing our Website, and are working to resolve them,” a CIA spokesperson said.
Since Anonymous is not an organized group or defined hierarchy, it is difficult to figure out what actions can be attributed to the group.
“Anyone can claim to represent Anonymous if they wish, which means that even Anonymous itself can’t actually claim that they did or did not launch an attack,” Graham Cluley, senior technology consultant at Sophos, wrote on the Naked Security blog.
Many groups have been lumped in with the larger Anonymous brand because they’ve indicated some solidarity with the collective. For example, Interpol’s Website went down Feb. 11, and a group that calls itself @BlackTuesdayHG claimed responsibility. On its Twitter feed, the group claimed to not be part of Anonymous. “Yeap, we support their ideas, but we have own ideas at all!” BlackTuesdayHG wrote.
“It only actually needs one person to claim that the CIA attack was done by Anonymous and, well ¦ it’s hard to prove that it wasn’t,” said Cluley.
Along with the CIA outage for which it may or may not have been responsible, various Anonymous-related accounts on Twitter reported attacks on other high-profile sites. The U.S. Census Bureau was hit by Team Inj3ctor Feb. 11, with names of database tables obtained from the agency’s Web server posted on Pastebin. Another group, @AnonymousMexico dumped 730MB of emails and other information from Mexican Chamber of Mines on Pastebin.
Anonymous also took down a number of Greece’s government and police Websites Feb. 13 to coincide with the protests within the country. The collective has so far claimed responsibility for taking down Websites for TV stations, the Prime Minister, National Police and the Ministry of Finance.
A Chinese hacker group EvilShadow took over Microsoft’s online store in India Feb. 12 and posted an image of a person wearing the Guy Fawkes mask, popularized by Anonymous. The team may have stolen the store’s database of user names and passwords, according to a report on WP Sauce, a blog devoted to Windows Phone-related news.
Microsoft appears to have regained control of the site as of Feb. 13, as the site now reads, “The Microsoft Store India is currently unavailable. Microsoft is working to restore access as quickly as possible.”
Personal information, including dates of birth, Social Security numbers and criminal records, for 46,000 state residents may have been stolen from the state of Alabama Websites, according to the Alabama Department of Homeland Security. It is unclear what sites had been compromised. The attackers, CabinCr3w, claimed the Alabama breach was in opposition to the state’s immigration law that was passed in June.
“We mean no harm by releasing this redacted information,” the attackers said, claiming it wasn’t properly stored or encrypted in the first place.
CabinCr3w had also harvested personal information of more than 150 police officers from a Website for the West Virginia Chiefs of Police Association on Feb. 6 and may have been behind a similar attack on a Salt Lake City police Website. Phone numbers, addresses and email addresses of police officers, as well as information on drug operations, suppliers, and license plate numbers were stolen in the Salt Lake City incident.
Casi from a group Team P0ison uncovered a long list of SQL injection vulnerabilities on the United Nations’ Website Feb. 9 and posted the list on text-sharing site Pastebin. No data was leaked, but it is clear from what was posted that the team had breached the United Nations servers.
Security experts predict that hacktivists will be very active in 2012, with cyber-vigilantism, data breaches and DDoS attacks against both government and business networks.