Fighting back against Anonymous, LulzSec and the global cyber insurgency

Fighting back against Anonymous, LulzSec and the global cyber insurgency

Summary: If you do not talk to me I will crash your server!

SHARE:

“If you do not talk to me I will crash your server!”

One of the system administrators had come to me to show me that there was someone in one of our new servers. We had just returned from the first Linux conference in North Carolina and had installed a new distribution of Linux on one of our systems.

It was the late ‘90s. Like many small firms of the day we were excited to try something new, but did not have a sandbox. I recall pulling the network cable and then going to work to ensure that none of the other systems had been compromised. We were lucky, they only had access to the one machine.

We did a reverse look up and found the domain from which the attacking IP had originated, and crossed our fingers that they had not gone through an anonymizer. Again we got lucky and were able to track the IP address to an ISP in Croatia.

The sysadmins at the Croatian ISP did not want to give me the user’s name, understandably. But the intruder was in our system and I told them I just wanted to speak to him; though, honestly, I was not sure what I was going to say, other than, “Stay the hell out of our systems.”

I never did get a hold of the guy, maybe he had caller ID, who knows. We had been attacked through a fairly well-known exploit. It was our bad for not plugging the hole.

The book We Are Anonymous, Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency, by Parmy Olsen reminded me of this as I was reading it over the weekend, a father’s day gift from my eldest.

The way that the online community has assembled itself, organized loosely and opportunistically to hack into various systems -- most through exploitation of well-known issues, and other times through social engineering brought back the memories of that attack so long ago.

The majority of the attacks detailed in the books followed a basic pattern of research, identification of the vulnerability, gaining access, discovery, data download, covering tracks, then announcing the exploit on Twitter and making the data available to all through pastebin.com or some other channel.

The book was full of interesting personalities who you rooted for but knew would be caught. It was interesting to read about mob psychology amplified by the anonymity that could be found online.

The best approach to securing systems is the same today as it was back in the day, when Kevin Mitnick, at the age of 12 socially engineered his way on to the LA bus system by dumpster diving for transfers and punching his own tickets.

Social engineering is the art of manipulation to gain access to things you ought not have access to. In the book it seemed that many had the art of social manipulation and intimidation down to a science while being technical newbies.

Another basic ploy employed by the hackers was to uncover a password (some which were quite strong) either through social engineering or hacking but once discovered could be used to gain access to many accounts.

So, the hackers would end up ‘owning’ the person: having access to their bank, gaming and social media accounts. Often they would trash the person’s reputation through any number of ways that I’ll let you read about yourself.

The lesson here is that a strong password is not enough: you also need to have different passwords for all of your online accounts. The recent LinkedIn breach is a good case for this, many experienced a breach of several accounts as a result of the LinkedIn hack.

Lastly, I was amazed in reading the book that there were so many high profile sites that were so easily breached through well-known vulnerabilities. A preferred method was SQL Injection, where a hacker passes SQL statements directly to the server instead of a search string, for example, and gains access to the server and everything on it.

The lesson here is this: patch your servers and be diligent in the monitoring of your systems! It is not enough to install the tools. Make certain that they are configured properly and employed correctly.

Be diligent, and remember: they are Anonymous. They are Legion. They do not forgive. Expect them!

See also:

Topics: Social Enterprise, Hardware, Linux, Open Source, Operating Systems, Security, Servers, Software

Gery Menegaz

About Gery Menegaz

Gery Menegaz is a Chief Architect for IBM with more than 20 years supporting technologies in the financial, medical, pharmaceutical, insurance, legal and education sectors. My Full-Time Employer is IBM. I write as a freelancer for ZDNet.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

17 comments
Log in or register to join the discussion
  • Sorry,

    But what does someone that hacked a box back in the 90's have to do with anon or lulzsec now ??

    From the statement "If you talk to me, i'll crash your server" %95 of the time they go through a rooted or carded shell account.. they could care less if you take that server away they use it as a end point, They'll usually have many more.. You can get them for approx 0.5 BTC..

    Sorry if this post seems negative but really ? ?
    Anthony E
    • really~

      How do you fight back when they are right here? Look around you, see that person over there that you don't really know?....duhhhhh.
      Jester2012
      • By your statement..

        Fight back when they are already in your system/network.. Thats great if it was a sandboxed machine.. But if its a unpatched workstation or More worst a server you don't know what tampering was going on while they was there.. Thats not fighting back thats dealing with a problem..

        Please tell me your not one of those admins that use the company name as the admin password...
        Anthony E
    • Sorry...

      The connection is that in the reading of We Are Anonymous, Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency, by Parmy Olsen, last weekend, it got me to thinking about the incident back in the day.
      gery.menegaz
    • R U For real

      Techniques used to hack are basically the same as it was then, whats different? They optimized how they approach it. So with that respect, it has everything to do with now.

      Let me give you a better term, they look for stupid people who forget one little thing, and all they need is one simple IP and a port scanner. After that well you can think back to in the day and say By Shucks of Lulzsec, Ez's right. Give them a door, if they want in, they will be in no matter what!! You can't really stop it
      Ez_Customs
      • For Real

        Right...that is exactly their approach. If there is a door they will come through it and you had better have a good recovery plan in place.
        gery.menegaz
    • Being hacked.

      "But what does someone that hacked a box back in the 90's have to do with anon or lulzsec now ??"

      Erm: "... reminded me of this as I was reading it ... "

      Read the article !
      mikewhittaker@...
  • Executive IT Arcitect?!?

    ...and you crank out this drivel? who's joking who?
    Jester2012
  • LazyPay10.com

    like Marjorie replied I'm shocked that some people can get paid $6753 in four weeks on the computer. did you see this website LazyPay10.com
    carriew6347
  • Seems hackers are back in full force

    It is tough to keep the hackers away, the recent biggest blow is in Israel when websites of several ministries and government agencies, including the Prime Minister's Office, the Ministry of Finance, the Ministry of Interior, the IDF, the Mossad, the Israel Security Agency, and the Israel Police have crashed, possibly due to a wide-scale hacking attack. After a relatively calm down period.

    - Sara
    http://www.hireamobileappdeveloper.com/
    Sara_Parker23
    • Seems hackers are back in full force

      Perhaps it was retaliation for the relationship with US agencies hacking another Sovereign state's systems or because it's the US and Israel doing the hacking that's OK?
      Do unto to others what they do to you!
      bobmattfran
  • TL/DR

    kidding.
    Kublakhanonomous
  • Going back in time.

    Your story reminded me of a book I'd read, called the Cuckoo's Egg, by Clifford Stoll. It is his first-person account of the hunt for a computer cracker who broke into a computer at the Lawrence Berkeley National Laboratory.

    I read a book, called the Cuckoo's egg, it was published in 1989, nd dealing with a hacker, a $00.75 charge against a bogus computer account, and the fund the administrator had in tracing the hacker back to Germany, where he was selling military secrets to Russian Intelligence.

    Nobody in the US wanted to be bothered with an investigation that centered on a .75 cent theft of computer time. IT was a fascinating read, and by the looks of the regular releases by hackers, not enough people read it, and those that did, never took it seriously.
    inkwell
  • Cuckoo's egg

    I read that a very long time ago. Good book. Thanks for reminding me of it, I may re-read.
    gery.menegaz
  • Hackers are a nuisance but so are illiterate IT professionals

    In the UK RBS a bank bailed out by the taxpayer managed through both negligence and gross incompetence to screw up their customers accounts for nearly a week.
    During the period that the system was down, customers could not be credited with salaries, pensions or credit transfers. Outgoing debits were immediately processed, (well its a bank so what do you expect).
    The system crashed because a software update was loaded on to a live machine!
    No testing on the development machine, no risk management, no running and loading dummy accounts to ensure compatibility, in fact no management of operations, no following procedure, obviously no brains engaged.
    The bank are now trying to blame the most Junior IT assistant for a complete cockup by the IT management team including the IT Director. As a result the banks stock fell, they are facing serious legal suits and massive claims for compensation and their customer base is disappearing into the sunset. No hacker involved and almost a complete meltdown due to corporate greed (cutting experienced staff and replacing them with cheaper and not very experienced contractors) The few $K saved has cost this bunch of idiots a fortune. Hacking would have probably been cheaper to fix depending on the access point.
    bobmattfran
  • lesson learned?

    1) when information has value of any kind, make sure it's protected, and don't just 'walk away', monitor the protection, rotate authentication keys, do whatever you have to so that the effort of getting to the data is more hassle than the data is worth. keep your certificates up to date, so that "this cert is expired or may not be valid" doesn't become an everyday thing, and lull people into a sense of complacency.
    2) never assume that something is 'worthless' just because it's outdated, obsolete, or otherwise superseded by something 'newer'. Shred printouts, run G-Disk on drives, and smash outdated RSA tokens. Delete old code libraries so that no one's tempted to use them, and do regular audits of your utilities folders for changed dates or file sizes.
    3) unless you've ensured that mobile devices (phones, tablets, blackberry devices etc) are as or more secure than the platform, do not let them attach to the platform. Minor inconvenience to an exec is a lot easier to bear than having to write the "we got hacked" press release.
    4) limit contractor access to your systems - when you know that someone's only going to be working a 3-month project, don't give them domain admin rights, just give them enough perms to do their job, and put their account on a timer so that they have to ASK your IT staff for access during off hours. If they need an RSA token to access your network, make them call you when they need it. Otherwise you could be opening the door to someone who might be 'moonlighting' for a competitor, or seeking to enrich themselves with more than just a contract paycheck.
    5) limit employee access. So what if they can't install Minecraft? they also can't install that 'computer tune-up' that contains a rootkit.
    dcnblues
  • why?

    why the anonymous so pro on hacking and who the leader and how long this happen
    and how they create computer be broken why they so famous what did they open they mask
    ()
    NoSoulNoLife101