Anonymous has struck again, this time going after the Federal Reserve. That attack followed another attack that targeted thousands of bank executives. The Department of Energy was hacked.
The list of hacked companies and organizations keeps getting longer. At what point does someone say enough is enough? It seems like every new hack announcement is a surprise – first to the organization that was targeted and second to the news media.
I actually first heard about the Federal Reserve attack on the evening news. The feature didn’t discuss the hack itself as much as it introduced America to Anonymous – who they are and why the individuals in the group are so hard to catch. Diane Sawyer seemed in awe that a group of hackers like this exist. All the while, I thought that by now America should be well familiar with hacktivism – it’s not like this is the first time Anonymous has struck – and the story should be more on why government agencies and large corporations seem to be sitting ducks for hacks.
I’m not the only one who has had this thought, apparently. Stuart McClure, CEO/president and founder of Cylance, Inc., told me in an email:
The world expects organizations like the Federal Reserve to be among the most secure in the world – but even the biggest organizations can be hacked using the simplest methods. While it seems the exposure has been fixed, this attack, in addition to the latest string of attacks on American banks and media organizations should be a sign that the approach to security is inadequate. Rather than simply cleaning up the aftermath of an attack, today’s dangerous cyber-landscape calls for a much more proactive strategy. Organizations need to stay one step ahead of the hackers by evaluating all IT assets and discovering any vulnerabilities before the hackers even stand a chance – especially organizations and government institutions where highly sensitive information is at risk.
However, according to a ZDNet blog post, these agencies and companies may be doing themselves more harm than good in this battle against the hackers:
[T]he information security industry sees the attacks and exposures as very serious, and have loudly called on The Fed to reduce mounting harm by sharing key information about the attacks. A Federal Reserve spokesperson told reporters that Anonymous' claim to the hack's importance was "overstated," yet information security professionals that serve financial institutions said the exact opposite—and were angry with the Federal Reserve for downplaying the incident.