DHS warns of planned Anonymous attacks

Bulletin from feds highlights group's Occupy Wall Street, Operation Facebook, Project Mayhem campaigns

The U.S. Department of Homeland Security today issued a somewhat unusual bulletin warning the security community about the planned activities of hacking collective Anonymous over the next few months.

The bulletin, issued by the DHS National Cybersecurity and Communications Integration Center (NCCIC), warns financial services companies especially to be on the lookout for attempts by Anonymous to "solicit ideologically dissatisfied, sympathetic employees" to their cause.

Anonymous has recently used Twitter to try and persuade dissatisfied employees within the financial sector to give them information and access. Though such attempts appear to have been largely unsuccessful so far, "unwilling coercion through embarrassment or blackmail may be a risk to personnel," the bulletin warned.

The unclassified DHS communique is addressed broadly to those in charge of cybersecurity and critical infrastructure protection and also warns about new tools that Anonymous has said it plans to use in launching future attacks.

One of the attack tools highlighted in the alert is dubbed #RefRef, which is said to be capable of using a server's resources and processing power to conduct a denial of service attack against itself.

"Anonymous has stated publicly that the tool will be ready for wider use by the group in September 2011," the DHS said. "But though there have been several publicly available tools that claim to be versions of #RefRef, so far it's unclear "what the true capabilities of #RefRef are."

The bulletin also cites the so-called Apache Killer tool that can be used to launch denial of service attacks. The DHS alert also warns of three cyber attacks and civil protests it says are planned by Anonymous and affiliated groups.

The first attack, dubbed Occupy Wall Street (OWS) is scheduled for Sept. 17.

The so-called 'Day of Rage' protest was first announced by a group called Adbusters in July and is being actively supported by Anonymous. The organizers of OWS hope to get about 20,000 individuals to gather on Wall Street on that day to protest various U.S. government policies.

The protest is being coordinated through Adbuster's website as well as via an Anonymous YouTube video that exhorts followers to "flood into lower Manhattan, set up tents, kitchens, peaceful barricades and occupy Wall Street for a few months," the DHS noted in its alert.

Similar rallies targeting financial districts are being planned in Madrid, Milan, London, Paris and San Francisco, it said,

Adbusters is planning another protest in October. That event, to mark the 10th anniversary of war in Afghanistan, is slated to be held at the Washington DC National Mall.

The two other planned attacks by Anonymous that are highlighted in the bulletin are, Operation Facebook a November 11 protest targeting the social media site for its alleged privacy violations, and Project Mayhem, scheduled for Dec 21, 2012.

Though there has been little dialogue or hints about the specific tactics, techniques and procedures that Anonymous plans to employ for Project Mayhem there are indications that it could involve physical disruption and targeting of information systems.

The name Project Mayhem is derived from the movie Fight Club in which "the main character is ultimately responsible for destroying buildings belonging to major financial institutions with explosives," the bulletin said.

The bulletin is testimony of sorts to the kind of attention that Anonymous has managed to attract following cyberattacks and related protests in recent years. The group has been associated with a string of high-profile attacks against organizations such as HB Gary, Booz-Allen Hamilton, and the Bay Area Rapid Transit agency

Though members of Anonymous are thought to have been associated with several "maliciously intolerant cyber and physical incidents" in the past, of late they have evolved to "what appears to be a hactivist agenda."

"Anonymous has shown through recently reported incidents that it has members who have relatively more advanced technical capabilities who can also marshal large numbers of willing, but less technical, participants for DDOS activities," the DHS said.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com.

Read more about security in Computerworld's Security Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags securityU.S. Department of Homeland SecuritytwittergovernmentGovernment/Industries

More about ApacheFacebookKillerManhattanRSAStrategy&TopicWall Street

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jaikumar Vijayan

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place