Hacktivism
July 22, 2011Hacker group Anonymous claims it has stolen a gigabyte of classified information from NATO, writing in a defiant message online that the recent arrests of alleged members would not deter them from future attacks.
A Twitter account called "AnonymousIRC" said late on Thursday that it had a gigabyte of information from NATO, "most of which we cannot publish as it would be irresponsible." The account did post links to a small number of PDF files, which it said were part of the stolen information.
One was a document apparently signed by P.J.M. Godderij, a Dutch lieutenant, with recommendations on outsourcing communication and information systems (CIS) in NATO's Balkan operations.
Anonymous did not explicitly explain why it had targeted NATO, but it said in a joint letter with the splinter group Lulz Security, that its targets were corrupt governments and corporations. It also lashed out at the US domestic intelligence agency, the FBI, saying "there is nothing - absolutely nothing - you can possibly to do (sic) make us stop."
Vulnerable network of data
Mikko Hypponen, chief research officer of the Finnish Web security firm F-Secure, said he was not surprised Anonymous was able to break into NATO servers and steal information.
"NATO is old and large," he told Deutsche Welle. "They have multiple servers in different countries in different jurisdictions... and it's more likely than not that some of those systems would have remote vulnerabilities."
Hypponen added that despite Anonymous's suggestion that most of the stolen data is too sensitive to release publically, information labeled "confidential" can range from the basic - like work schedules of personnel - to highly sensitive defense strategies.
"What kind of confidential information these guys were able to access - if they were able to access something - most likely is at the low-end scale," he said. "I don't think that they gained access to any concrete defense information or strategy. Those kinds of files in most military systems are kept on computer networks which are physically disconnected from public networks, including the Internet."
Challenges to investigation
Anonymous is a decentralized group of hackers known for its attacks on companies like Sony and Apple.
US authorities earlier this week arrested 14 people in connection with an attack on the PayPal website claimed by Anonymous. The group's members said the attack, which took down PayPal's services by inundating the site with information, was in retaliation for PayPal's cancellation of a donation account for the whistle-blowing website WikiLeaks.
Luis Corrons, technical director of the Spanish cyber security firm PandaLabs, said the arrests were meant to show Anonymous members that there would be consequences for their illegal actions.
"I'm sure that law enforcement is making a lot of progress to stop Anonymous, but it's not an easy task," he told Deutsche Welle. "The main problem here is that we are talking about people all around the world, in different countries with different legislations."
Corrons added that such hacks should be a wake-up call to private and public organizations that they need to improve their cyber security.
"Everything they did could have happened, and it is happening every day - with the difference that people don't notice, because it is not in the media and because the one who is stealing the information is not saying he has stolen the information," he said.
'Anonymous will not live forever'
Corrons and Hypponen agreed that Anonymous was made up of mostly young people who are not afraid of legal retribution. While its members claim their ideas will live forever, Hypponen said they are mistaken.
"It is a very real phenomenon right now, and it is something to be taken seriously right now," he said. "[But] people get tired, people get old, ideas die, ideologies die. So Anonymous will not live forever, that's pretty clear."
Corrons said he sees in Anonymous a youthful disregard for the consequences of their actions, exemplified by the threat that some governments may respond to the hacking by increasing Internet restrictions.
"My biggest fear here is that at the end of the day, governments say, 'You know, this is so insecure that we are going to remove some of the freedom there is now on the Internet in order to promote security,'" he said. Hacker groups like Anonymous "are giving the government reasons to act just in the opposite way that they are intending."
Author: Andrew Bowen
Editor: Rob Mudge