Anonymous, LulzSec bring bragging rights back to hacking, CTO says

Hactivist groups such as Anonymous and LulzSec hearken back to earlier days when Web attacks were done for bragging rights, not profits, says the new CTO of incident-response, forensics company Mandiant.

The difference now is the scale of the attacks and the flamboyance of the groups, says Mandiant CTO Dave Merkel, whose appointment to the post was announced on Wednesday.

"We haven't seen it ourselves for a long time," he says. "It's interesting to see the alleged political motivation of groups like Anonymous."


Both Anonymous and its affiliate LulzSec attack sites of governments they deem corrupt, businesses they see as violating freedoms they define and individuals seen as threats to the groups themselves. For example, Anonymous stole emails from HBGary Federal and published them after its CEO said he would expose the individuals leading the group.

The techniques these groups employ aren't groundbreaking , Merkel says, but are nevertheless successful against their targets.

By contrast, criminal enterprises that seek to drain corporations of proprietary information over the long term have developed sophisticated new technologies and operational discipline that make them effective, he says.

For example, attackers seeking long-term infiltration may use multiple social networking schemes over time to gain control of many corporate end devices, he says. Then those are used to compromise as many network assets as possible. A small percentage of these are used to steal data with the idea that if one phase of the operation is discovered and purged, other compromised assets remain to continue thefts later.

"The goal is they want to be there for years, not days," Merkel says.

That kind of discipline laps over into financial cybertheft. These thieves don't care so much to maintain presence for years, but long enough to maximize the amount they get away with when they do strike, he says.

Patience is one factor that separates the criminal enterprises from the hactivists, he says. "Maintaining silence and not touching something is what takes control," he says.

It's difficult to evaluate whether individual companies face significant threat from groups like Anonymous and LulzSec because their targets seem so fluid. But it does make sense to operate under the assumption that at some point most corporate networks will be breached.

He says that for all the recent incidents being reported, there are many more that are equal or larger in scale that are not public. "For every published article you see there are 10 or 15 you don't hear about," he says. "There are many more things in flight than are being written about."

Companies facing a determined, well funded adversary will likely be compromised, he says. "If you're relying on prevention, you're probably deluding yourself," he says.

Read more about wide area network in Network World's Wide Area Network section.

Tags Mandiant

Show Comments