BOSTON -- Gaining a better understanding of an adversary typically leads to smarter defenses and ultimately more secure data, but two researchers trying to paint a picture of the faceless people that make up the Anonymous hacking group are unraveling a complicated entanglement of individuals with various intentions.
Anonymous held up a mirror to our neglect… They showed us how insecure we are and how much of a farce some of this is.
director of security intelligence,
Not only is it difficult to paint a picture of the makeup of Anonymous, but it is equally as difficult to define the movement, according to two security researchers who gave the opening keynote Tuesday at the 2012 SOURCE Boston Conference. Joshua Corman, director of security intelligence at Cambridge, Mass.-based Akamai Technologies, and Brian Martin, a researcher who goes by the name Jericho of the Attrition.org website, broadly outlined their work of various papers attempting to outline the intentions of those that describe themselves as members of Anonymous. The research is intended to help demystify the group, shed some common misconceptions, and warn the security industry of the serious consequences of ignoring the long-term threat posed by the group, Corman said.
“Anonymous held up a mirror to our neglect,” Corman said. “These were pretty simple exploits… They showed us how insecure we are and how much of a farce some of this is.”
Distributed denial-of-service (DDoS) attacks, website defacement by targeting SQL injection, cross-site scripting (XSS) and other common website vulnerabilities, have been carried out by individuals in the name of Anonymous. The techniques, while simple – using automated tools – and relatively unsophisticated, have been successful in gaining media attention and giving heft to the global hacktivist movement. The breaches also proved to be costly and embarrassing for some businesses, namely Sony Pictures Entertainment, Fox Broadcasting Company, PBS and HBGary. But, according to Corman, more serious are the attacks being carried out by cybercriminals under the guise of Anonymous movement.
“It’s more of a brand and a franchise that is borrowed and often abused by anyone,” Corman said of the “Anonymous” group name. “I’m more concerned about the false attacks and pretenders stealing intellectual property in the name of ‘Anonymous.’”
The two researchers have created a blogging series called Building a Better Anonymous, which outlines how the hacking group can overcome its organizational problems, build end-game ethics, become more efficient and achieve its objectives with less collateral damage. The series is an outgrowth of a panel discussion about Anonymous and the Anonymous hackivisits in which the two researchers participated in at Defcon 19. The goal is to build a better understanding of the movement in a non-confrontational way, Corman said.
Anonymous had its roots in the Antisec movement in the early 2000s. It gained prominence during Internet retaliation over legal action against Wikileaks and its founder Julian Assange. It’s built on the idea of retaliation, Jericho said. “Anonymous is reactionary; you do bad and we’re going to punish you,” he said. “What happens if they start using fear as a tool?”
Jericho, who also serves as director of non-profit activity at Risk Based Security, said the group has been loosely made up of people reacting to something they don’t like. “It isn’t a classic group, Jericho said. “It’s a meta group or ideology.” Jericho likens the group to historical analysis of pirates or to the wide swath of groups that make up modern-day Christianity with various beliefs, moral convictions and tolerance levels.
“With Anonymous there’s a huge grey area,” Jericho said. “Some people are involved one day and not the next.”