The Cost of Cyber Crime
Cyber attacks continue to occur frequently and result in serious financial consequences for businesses and government institutions.
"Anonymous is out for blood." That was the text message I got from my son last night after word came out that the hacking group had attacked government websites after the file-sharing site Megaupload was shut down. (In full disclosure, my son works as a network security admin, which is why we text each other about security news.)
After the attacks on the Department of Justice and the FBI, as well as entertainment sites, Anonymous bragged on its Twitter account. According to CNN:
We Anonymous are launching our largest attack ever on government and music industry sites. Lulz. The FBI didn't think they would get away with this did they? They should have expected us.
With the growing outrage over bills in Congress, like SOPA, that are aimed to stop illegal downloading of intellectual and creative properties, and the recent "blackout" of sites like Wikipedia in protest, it's no surprise that Anonymous was lurking around the corner, ready to strike. And it is no surprise that the strike comes the day after the other online protests - that way, Anonymous gets its attention.
I got this email message from Rob Rachwald, director of security strategy at Imperva Labs, telling me that Imperva is tracking chatter about the Anonymous DDoS attacks to see if there is any kind of sustained retaliation in light of the takedown of Megaupload. Rachwald said:
DDoS is the internet what the Billy club is to gang warfare: simple, cheap, unsophisticated and effective. But DDoS lends itself well to the Anonymous model which relies on crowd sourcing. During Operation Payback, Anonymous inspired an army of thousands in an attempt to bring numerous commercial sites. In this case, they're boasting "5,600 DDoS zealots blasting at once."
According to a story being reported on Gawker.com, Anonymous is resorting to phishing attack style trickery to dupe people into unwittingly joining the cause. A link being shared across Twitter and in Anonymous chat rooms is allegedly loading the Anonymous DDoS tool LOIC (Low Orbit Ion Cannon), and commandeering PCs to flood the target sites with traffic.
My son may be right in his quick assessment, but the question is, why now? Why this particular cause? And is this change in tactics a permanent new twist for Anonymous or a one-time thing? Unfortunately, only time - and Anonymous' next course of action - will provide any definitive answers.