DHS Warns of Anonymous Cyber-Attack Tools, Planned Mass Protests

The United States Department of Homeland Security warned the security community about potential attacks from hacking collective Anonymous over the next few months.
The Sept. 2 security bulletin from the DHS National Cyber-Security and Communications Integration Center warned financial services companies to be on the lookout for attackers operating under the Anonymous umbrella to “solicit ideologically dissatisfied, sympathetic employees” to the cause.
The collective recently took to Twitter to persuade employees within the financial sector to hand over information and access to enterprise networks. Though such attempts may have been unsuccessful so far, “unwilling coercion through embarrassment or blackmail may be a risk to personnel,” the DHS bulletin warned.
DHS issued the bulletin primarily for cyber-security professionals and staff in charge of protecting critical infrastructure. The bulletin also refer to new tools that Anonymous may be using in launching future attacks. Anonymous has been primarily using the Low Orbit Ion Cannon, a fairly simple testing software that can ping a server repeatedly, to launch its distributed denial of service attacks. Some of the members have been working on a new DDoS tool, based on JavaScript, dubbed #RefRef.
The new attack tool is said to be capable of using the server’s own resources and processing power to launch a denial of service attack against itself, but “so far it’s unclear what the true capabilities of #RefRef are,” the DHS said in the bulletin. The tool is slated to be released Sept. 17.
DHS also referenced the “Apache Killer” Perl script that can be used to launch denial of service attacks against Web servers running the popular Apache software. Apache developers released a patch earlier this week to fix the vulnerability in Apache 2.2. Administrators have been urged to patch their servers immediately.
The DHS also mentioned three cyber-attacks and civil protests Anonymous has already announced. “Occupy Wall Street” is the first scheduled one, for Sept. 17. Announced by a group Adbusters in July and actively supported by Anonymous, the goal is to get 20,000 individuals to gather on Wall Street to protest various U.S. government policies. Similar rallies targeting financial districts are being planned in Madrid, Milan, London, Paris and San Francisco.
Another protest in October, also led by Adbusters, is scheduled to be held at the Washington, D.C. National Mall to mark the 10th anniversary of the war in Afghanistan. There is also the supposed Nov. 11 attack against Facebook and Project Mayhem, scheduled for Dec. 21, 2012, DHS warned. There are indications that Project Mayhem would be a combination of physical disruption and targeting of information systems.
The bulletin itself is unusual in that DHS hasn’t commented on the activities of Anonymous ever since the group stepped up its efforts over the past few months, attacking federal agencies and private corporations to protest a wide range of issues. As anyone following the security space undoubtedly knows, there have been at least one or two attacks by Anonymous, even more, each week for the past few months, so the bulletin may be just stating the obvious when warning of future potential attacks.
“Anonymous has shown through recently reported incidents that it has members who have relatively more advanced technical capabilities who can also marshal large numbers of willing, but less technical, participants for DDOS activities,” the DHS said.