An Ohio man has been arrested and charged with two counts of computer intrusion for the website attacks targeting the Utah Chiefs of Police Association and the Salt Lake City Police Department in January.
They’re going to wreak some havoc, and it makes everyone miserable; but if part of their goal is to get publicity, they leave too many trails and eventually get caught.
Pete Lindstrom, VP of Research, Spire Security
According to the Associated Press, the man is reportedly a member of CabinCr3w, an offshoot of the Anonymous hacking collective. The FBI was able to trace a Twitter account that had been used to take credit for the breaches and communicate with reporters in Salt Lake City about the events to a workplace computer used by John Anthony Borell III.
Borell was arrested and detained in a halfway house in Ohio before appearing in court in Salt Lake City on Monday, where he pleaded “not guilty.” If convicted, he could be subject to up to 10 years in prison and a $250,000 fine.
The attacks yielded the personal information of police officers and citizens who had complained about local illegal activity, including phone numbers and addresses. The Salt Lake City Police Department’s website was restored after $33,000 was spent on repairs and new security measures.
The sites were hacked at around the same time as other attacks on police websites occurred across the United States and in Greece.
Experts: Hacktivism trend to continue
Law enforcement agencies haven’t been the only recent targets, however. The 2012 Verizon Data Breach Investigations Report revealed a massive upswing in “hacktivism” in 2011. Despite the arrests made internationally of individuals connected to groups such as the Anonymous hacking group and LulzSec earlier this year, hacktivists have continued to act and experts expect that will be a continuing trend.
“It’s inevitable that at least some of the people involved with the ‘hacktivists,’ if you would, are going to get caught,” said Andrew Storms, director of security operations at nCircle Network Security. However, he added, that won’t likely stop the groups. “There are enough people out there interested in helping out that there will always be a line of people willing to step up,” he said.
Storms also believes this migration to hacktivism is part of a natural evolution of activism. “There have always been activists,” he said, and there’s no reason to believe they wouldn’t start using available technology to benefit them just like any other group. Major companies, governments and criminals alike have updated their systems and processes, so it makes sense that the financially, politically and socially active have, too.
Businesses and governments have been attempting to keep up with cybercriminals intent on making money through breaches for years. The difference now is that businesses and governments have to learn how to prepare for attacks by groups who aren’t looking to profit.
While cybercriminals commonly use automated attacks to collect information such as payment card or bank account numbers, hacktivists focus more on personal information about employees, customers, partners or system architectures, and publish it with no monetary benefit. Storms said that if a company wasn’t posed to protect financial information, they’re already behind when it comes to defending against hacktivists.
“What’s different here is that the actions have garnished so much news, everyone knows about it. … Really what it’s done is it heightened the awareness,” said Storms, which is good, because that facilitates communication between IT/security professionals and business executives on how important it is to keep security updated and progressing as often as possible.
One specific way companies can prepare is through situational awareness, said Pete Lindstrom, vice president of research at Spire Security. Victims of breaches need to learn as much about their attackers as possible, from the IP address used to the physical location of the attacker, and share it with other organizations so their systems can be monitored for similar activity.
Research from compiled data like the Verizon DBIR and IP reputation information is becoming more crucial in a new wave of security efforts.
“Stuff we’ve done piecemeal in the past is now becoming more mature for folks to try to identify this threat,” Lindstrom said.
He’s confident that police action against those involved is good news. Although hacktivists will continue to function, they’ll also continue to be caught as a result of the nature of their goals.
“They’re going to wreak some havoc, and it makes everyone miserable; but if part of their goal is to get publicity, they leave too many trails and eventually get caught,” he said.