March 2011 - the hardest hit month on record for hacktivist attacks

March is being hailed the most active Hacktivist month on record. So far this month we have seen:

• March 3rd, DDoS attack on Korean e-Commerce and government institutions
• March 4th, DDoS attack on Wordpress.com
• March 6th, attack on the French government’s interest in the G20
• March 9th, DDoS attack on Codero managed hosting provider – disrupting Twitter
• March 9th, group Anonymous declares “Operation Payback” against BMI.com and calls for sustained and disabling attacks from its members

These attacks have prompted the Financial Services – Information Security Advisory Council (FS-ISAC) to issue an advisory (2011-03-24) warning all financial service member companies of a possible Denial-of-Service attack. In preparation it has republished the national CERT guidance.
Those identified as being at high risk include: large financial institutions—banks, service providers, government financial regulatory entities, non-affiliated technology infrastructures and critical infrastructure (e.g. electric, gas, internet Service Providers and National Power grid providers.
Radware has devised a checklist to help these institutions secure their networks more effectively.

1) Architecting the perimeter for attack mitigation

• Use a security-in-depth approach to fully prepare for attacks. Employ an anti-DDoS security strategy to alert to, and mitigate, all attack traffic and “clean the pipe” – at the very edge of the organisational network.
• Ensure the solution has perimeter-specific capabilities to detect anomalous reconnaissance and intrusion activities as they happen; repelling all application-level attacks; discriminating between legitimate and illegitimate traffic, and a logging/correlation system to collect detailed attack data and quickly report

2) The need for complementary security technologies

• In addition to basic IPS and firewall protection, deploy a multi-faceted security solution to ensure the mitigation of known and unknown attacks successfully. These should include:
  • Anti-DoS and DDoS attack tools (at the network and application layers) to prevent network flood attacks
  • Network behavioural analysis tools with real-time signature writing capabilities to defend against application misuse attacks and zero-day attacks
  • Intrusion prevention systems to guard against known application vulnerabilities
  • Application-level active defence mechanisms – such as challenge & response
  • Active emergency counter-attack strategies (Smart Hands / Man-in-the-Loop Capability)

3) Be prepared for a counter-attack

• Devise a plan to include skilled technicians in the event of attack to ensure the tools, alerts, correlation and mitigation are being handled properly.
• Ensure the teams are ready to provide immediate assistance and active mitigation or counter-attacking defence actions as soon as the system is under attack.
• Active defence is the concept of a proportional counter-attack to smoulder last vestiges of the DDoS attack and to provide for some necessary closure to a painful incident.

http://www.it-director.com/business/content.php?cid=12677

DDoS Wars ...and now Mastercard!

Online hacktivist collective Anonymous, operating under the banners Operation:Payback and "Operation Avenge Assange" have launched a series of DDoS attacks against organisations and people seen as being opposed to Wikileaks and its spokesman Julian Assange.
Meanwhile, Operation:Payback itself has been subjected to counter-DDoS attacks thought to originate with US "patriotic" contra-hacktivistas.
Sites attacked by the Anonymous group have included PostFinance.ch, belonging to the Swiss bank which recently froze an account controlled by Assange, and also ThePayPalblog.com - the main blog operated by PayPal, targeted for refusing to process Wikileaks contributions. DNS outfit EveryDNS has also come into the Operation:Payback gunsights for cutting off Wikileaks' DNS service, saying that online attacks targeted at the leak site were crippling its other customers.

Over the last couple of days, other sites have been DDoS'd for various reasons by the Anonymous group, including the Swedish lawyers representing the women Assange is alleged to have committed sexual offences against. Charges made by Swedish prosecutors have since resulted in the issue of a European arrest warrant and Assange was yesterday cuffed in London: British judges have elected to refuse bail and the colourful Wikileaks impresario is now in jail pending an extradition hearing.
This process has angered the members of Operation:Payback sufficiently that they have also elected to mount strikes against the website of the Swedish prosecutors' office and briefly, according to anonymous* claims received by the Reg, against Interpol. (Interpol did issue a "Red Notice" calling for Assange's arrest at the behest of Swedish authorities, but in fact this has no relevance for British police dealing with a request from another EU nation: in such cases a European warrant is required for the UK cops to act.)
Yesterday, the Anonymous hacktivists decided to attack the site of US Senator Joe Lieberman as well, presumably as a result of remarks he has made describing Wikileaks operations as crimes violating the US Espionage Act - and hinting that Wikileaks' mainstream-media partners, collaborating on trawling and redacting files prior to public release, have violated the law also.
Some Operation:Payback members also elected to attack the site of former Alaska governor and vice-presidential candidate Sarah Palin for suggesting that Assange should be hunted down like a terrorist.
The Anonymous attacks have been run on through a chatroom, with users attaching their computers to a voluntary botnet for use in the DDoS strikes. Panda Security reported that as the Lieberman attacks began there were almost 1,000 users in the chatroom and nearly 600 machines in the botnet.
Naturally enough Operation:Payback itself has been subject to counter-DDoS efforts of varying strength almost since it began, but following the decision to attack Lieberman's official US government site the Anonymous operation began to be hit much harder and suffered dozens of outages itself, one lasting almost two hours. Panda Security analysts assessed that the intensified counter-DDoS attacks were coming from self-described American "patriot" hackers - playing contra to the Anonymous hacktivistas, perhaps.
Meanwhile US Army private soldier Bradley Manning, believed to have supplied not only the vast stash of diplomatic cables now being drip-fed by Wikileaks but most of its previous significant material as well (the Baghdad gunship videos, Iraq and Afghanistan "war logs" etc) remains in military prison charged with an array of security violations. His name is seldom mentioned any more in the ongoing saga of Wikileaks, Assange and the online scufflers aligned with and against them.
Operation:Payback uses a banner quote from John Perry Barlow, a founder of the Electronic Frontier Foundation:

http://www.theregister.co.uk/2010/12/08/wikileaks_assange_ddos_dustup/

Who is Annonymous?

Operation Payback

A voice of the people for the people!

We’ve been following Operation Payback closely since it surfaced back in early September and even after two months of strikes against antipiracy advocates, little is known about the group behind the DDoS attacks. Known simply as Anonymous, the DDoS participants remain shrouded in mystery and undoubtedly prefer to remain that way.
This week, TorrentFreak was able to speak with some of the members of Anonymous and gain some insight as to who they are and why they choose to participate in Operation Payback missions. According to one spokesperson who talked with the website, there are two main groups that make up Anonymous.
A core group, made up of about a dozen members, plans and manages the organization’s activities. Another, much larger group actually assists in carrying out the DDoS strikes. Most are geeks, file-sharers, and programmers.
“The core group is the #command channel on IRC. This core group does nothing more than being some sort of intermediary between the people in that IRC channel and the actual attack,” the spokesperson claims. “Another group of people on IRC (the main channel called #operationpayback) are just there to fire on targets.”
While it’s clear from the name Operation Payback why Anonymous is carrying out their attacks, it hasn’t been well explained what the group actually wanted to accomplish by causing disruptions to organizations like the RIAA and MPAA. It would seem that they are rallying for an end to copyright laws, but that isn’t exactly the case.
“Some of us have the vision of actually getting rid of copyright/patents entirely, but we are at least trying to stay slightly realistic,” explains the group’s spokesperson.
And Anonymous does believe that they’ve made some mistakes along the way and hope to improve in the future. While some members of the group believe that anarchy is the answer, the core group seems to harbor some regret in having executed the attacks on the UK Intellectual Property Office and the US Copyright Office.
So where does Operation Payback go from here?
“What we are now trying to do, is to straighten out ideals, and trying to make them both heard and accepted,” the spokesperson told TorrentFreak. “Nobody would listen to us if we said piracy should be legal, but when we ask for copyright lifespan to be reduced to ‘fair’ lengths, that would sound a lot more reasonable.”
From the sounds of the statements made by Anonymous members, there seems to be much less animosity and more rational consideration going on in this stage of the group’s mission. Time will tell if this change of attitude helps the group gain more traction in accomplishing revisions to copyright law.
 
http://www.myce.com/news/who-are-these-anonymous-people-behind-operation-payback-36698/