Pierluigi Paganini November 07, 2012

The world is holding its breath, the cyber threat is announced by the Anonymous group who has decided to celebrate November 5th in its own way, attacking a wide selection of targets. Anonymous celebrates Guy Fawkes Day, the British holiday commemorating a failed 17th-century plot to blow up British Parliament, with an incredible media operation, news on a series of attacks, real or alleged, are flocking to the web sites around the world.

The campaign launched by the hacktivists, named #OpVendetta, reaffirms the commitment of the group in favor of freedom of expression and information security.

The web sites of principal press agencies give rise to the great story, the world of hackers cries out for vengeance against corrupt governments and private companies. Great names between the victims such as PayPal, Symantec, Australian government, NBC and many other, the case of PayPal appears the most controversial, Anonymous in fact announced that it hacked 28000 PayPal user’s passwords.

Immediate the denial of the company, Anuj Nayar, a PayPal spokesman, declared PayPal company had been investigating the attack since Sunday night without finding evidence that its data had been breached.

“It appears that the exploit was not directed at PayPal after all, it was directed at a company called ZPanel. The original  story that started this and was retweeted by some of the Anonymous Twitter handles has now been updated.”

The Anonymous group all over the world are operating moving a coordinate attacks against announced targets, Anonymous Australia seems appears the most active at this time.

Anonymous collective also convened his supporters to take part in a public protest named “V For Vendetta” at The Houses of Parliament, at 8 p.m. in London.

Following the content of a couple of tweets announcing the operations:

“Paypal hacked by Anonymous as part of our November 5th protest”

#Anonymous is not the work of one, or a few, it is an idea, the symbol of resistance, dissent made digital. #5Nov

Under discussion also the surveillance systems TrapWire and Indect deployed by many governments that represent an unacceptable threats to privacy and a violation of human rights.

Hackers claim to have exploited a zero day vulnerability to attack ImageShack server and expose all the files online, they published the content of few most important files of the server (e.g. like /etc/passwd).

As written also antivirus company Symantec’s portal was hacked exposing a complete database of all 1000’s of researchers, subsequently dumped in a Pastebin File, but  in that case the responsible for the hack, the @Doxbin group, has declared that they aren’t affiliated with Anonymous.

NBC web site and also Lady GaGa fan page have been defaced with the following message:

“Remember, remember the fifth of November. The gunpowder treason and plot.”

The events demonstrate once again the media power of Anonymous group, the Paypal case is emblematic. The hacktivism is a serious menace and could cause the exposure of sensible data, but in many cases the success of the attacks is caused by the adoption of inadeguate security countermeasures.
Anonymous is just one of the different cyber threats, probably the most noisly and this is good for security analysts, in many cases cyber attacks exploit sensible information for long period procuring extensive damage.
These events must induce a series of reflections on the efficiency of defense systems and also on the proper response to data breach.

Personally I feel stupid and counterproductive to try to make war to an ideology such as that soul groups of hacktivists, these events must be analyzed under a technician perspective:

“instead of asking who is behind the mask we have to think about what vulnerabilities Anonymous has exploited and try to ensure the security of our IT infrastructures.”

The reality shows that the majority of attacks were successfully due distraction and neglect of IT managers, outdated software, passwords stored in plain text or easy to crack are just some of the nasty surprises that we read every day.

Let me suggest the day 11/5 as a day of meditation for information security.

Pierluigi Paganini