August 08, 2012

A recent Anonymous video admits that they’ve been fairly quiet lately.  From an American and Western European perspective, this is somewhat true.  In 2010, Anonymous built a reputation with Operation Payback.  Since then, there have been various campaigns that have been global in nature—such as the DDoS attack that followed the closure of MegaUpload. 

From a global perspective, the video isn’t completely correct.  Since then, Anonymous’ activity has become regional in nature.  Like soccer, every culture or nation brings their own twist such as the Spanish passing game, the German set piece or Brazilian flexibility.  For Anonymous, the process and objective remain pretty much the same:  distributed denial of service (DDoS) attacks and data theft.  In some special cases, there are more focused attacks designed to deface or steal targeted information such as Anonymous’ theft and exposure of Syrian government files and emails.

What does the present-day Anonymous look like?  There are two emerging groups.

Group #1:  Global
The group has a global presence which only occasionally embarks on a campaign.  Typically, these campaigns, such as the attack on the Syrian government, is reactive.  There is a simple patter:  incident, response.  The Syrian hack sticks out because of its visibility, but there are more examples:

  •  
    • Anonymous hackers aided a global search for a cyber-vandal who defaced a charity website.
    • Anonymous DDoSed a French company who tried to register the Anonymous motto.

But note that these incidents are reactive to an incident.  By contrast, there have been hardly any proactive attacks.  For example, one planned attack which was conceived in the Netherlands, Operation NewSon, never occurred.  The objective: attack the wealthiest, biggest companies worldwide.  According to the web page promoting the attack, they wished to:

attack several high corporate entities. Shortly after the start of the operation, we plan to release precious classified data on the already set out list of targets we do have. Those targets are none other then the ones who ultimately rule: the high revenue making companies of the world. While attacking the major companies of this planet may seem lulzy, we also wish that this operation make a difference.

Thought it attracted some attention, this campaign never got off the ground.

Group #2:  Regional
The local versions, by contrast, are much more proactive.  No incident required to invoke a response.  For the best examples, let’s go to Latin America.  In Brazil, Argentina and Mexico there have been numerous attacks that did not react to any specific incident.  Rather, the idea was attack for the sake of attack.  Though we can’t give precise numbers since it’s very difficult to follow activity globally, but it seems quite clear that this category of attacks is much higher by volume. In Brazil Anonymous attacked several major Brazilian government agencies, two major airlines and recently took down most government agencies in Rio.  In Argentina, where several attacks took down banks and government agencies as well.

What are the lessons?

  • Anonymous may be quieter, but only in your region.
  • Anonymous is much more active in developing countries, where presumably there is a larger pool of politically motivated hacktivists.
  • Watch out for incidents that can spark a global response.

 

 

Share:

Posted by Imperva Blogger at 12:00:00 AM


Tags:

Comments

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.