Security

Concern Rises Over the Capabilities of Anonymous Hacktivists

When a few members of the politically motivated hacking group Anonymous floated a plan recently to cripple the Internet's core address system, the idea was roundly dismissed by other members of the group.

Trying to disable the Internet by attacking servers critical to the Domain Name System -- the Internet's address look-up system -- would be counter to the group's actions, which depend on a constant online presence, they said.

In any case, experts have said an attack against the root servers that deliver address information for top-level domains would be extremely difficult because of the redundancy built into the system.

"Anonymous understands the strength of these servers and would never have any intention of touching them," said Raven, the screen name for a 23-year-old, U.S.-based member of Anonymous, who is active on its IRC channels. "Same goes for the power grid," he said in an interview via email.

But as Anonymous continues to flex its hacking muscle, it is making officials increasingly nervous. Its actions lately have included the theft of millions of emails from analyst firm Stratfor Global Intelligence, to the recording last month of a conference call between U.S. and British law enforcement agencies.

The director of the U.S. National Security Agency, Gen. Keith Alexander, has warned the White House that Anonymous might have the capability to cause a limited power outage within a year or two, according to a recent report in the Wall Street Journal.

Assessing the motives of Anonymous is difficult since it comprises several groups of hackers and activists and has no central leadership, said Joshua Corman, director of security intelligence for Akamai Technologies, who studies the group.

Cybercriminals motivated by profit are unlikely to try to take down the Internet because it would be contrary to their financial interests, Corman said. But within Anonymous are some "chaotic actors" who can have a "real nasty streak," he said.

"When you don't have centralized leadership, it doesn't matter what most will do, it matters what one of them will do," Corman said.

Only a small core of Anonymous is thought to have the technical know-how to carry out such advanced hacking operations. Like most grassroots organizations, its strength comes from the masses who join its cause, whether through electronic attacks or in physical protests wearing the Guy Fawkes masks that have become a hallmark of the group.

For example, Anonymous encouraged its supporters to download a Web-based tool in November 2010 to conduct distributed denial-of-service attacks against financial companies that turned off payment processing for the whistle-blowing site WikiLeaks.

But security analysts said the crude tool left activists' IP addresses exposed, which could provide a way for authorities to try to track them down.

"There's really only a few hackers out in the movement that really deserve the term 'hackers,'" said Barrett Brown, a writer and activist who works closely with Anonymous and the affiliated AntiSec group and is the founder of Project PM.

While Anonymous could develop the skills to damage power plants within a year or so, attacks on large-scale infrastructure "don't really serve our purposes," Brown said.

Anonymous' decentralized structure also has a big disadvantage: Other groups of hackers, for example from China or Russia, could strike critical targets and then blame Anonymous in an attempt to confuse investigators, a so-called "false flag" attack.

"I see the benefit for others who would want to sow fear and use the Anonymous name as the shield to do whatever they like, and it will be blamed on Anonymous," said Scot A. Terban, an independent information security and open-source intelligence analyst.

If something happened to a water or power plant and was attributed to Anonymous, the "group will be branded a terrorist organization quicker than you can blink an eye," Terban said.

Brown said U.S. officials are already edging close to conflating Anonymous with terrorist groups such as al-Qaida, which could push Anonymous in the direction of wanting to become more accountable in order to credibly deflect false flags.

But the rapidly changing make-up of the group makes it hard even for people within Anonymous to keep current, Brown said. It also makes it harder to coordinate a unified voice for the group.

"It's really a lot of work to keep up with what's going on, even if you're in Anonymous. I wouldn't want to be in law enforcement right now. It's a difficult job," he said.

Send news tips and comments to jeremy_kirk@idg.com

Subscribe to the Security Watch Newsletter

Comments