Many Hacks Claimed, Few Confirmed on Anon's Day of Mayhem
Much of the online havoc claimed by Anonymous and its followers to mark Guy Fawkes Day was more of the hack-a-site-and-leave-your-message variety, but one act, if true, could be more problematic. If the personal information posted online actually was taken from Symantec's servers, further data compromises could result, said Ken Baylor, research vice president at NSS Labs.
11/06/12 5:00 AM PT
Anonymous has been celebrating Guy Fawkes Day by engaging in various acts of mayhem online and turning out in person at sites across the globe to protest. Some of the reported hacks have turned out to be unsubstantiated.
Further, the collective held a march Monday night on Trafalgar Square in London.
Also to mark the day Monday, Anonymous said it would bring TYLER, its peer-to-peer Wikileaks project for whistleblowers everywhere, out of beta.
The Anonymous Hacks
Anonymous posted data taken from Symantec, ImageShack, several self-proclaimed hackers and at least one PayPal user on Pastebin. The posting purports to list the names and email addresses of several people hosted on a Symantec domain, data from at least one PayPal user, and information about several ImageShack's servers.
Symantec's complete database, as well as data from more than 4,000 user accounts -- many of which appeared to be owned by Symantec employees or related companies -- reportedly have been put up on the Pastebin site.
"The Symantec leak is most worrying as encrypted passwords are visible with emails," Ken Baylor, research vice president at NSS Labs, told TechNewsWorld. "Once they are cracked, they will be leveraged to break into corporate accounts and likely the users' personal accounts, LinkedIn, Facebook, and Twitter accounts for social engineering and further data theft."
Anonymous has owned ImageShack's servers for years, from the ground up, the collective claims. However, it ended its hack of that company when an admin set up an intrusion detector.
The group struck at Symantec because, although it claims to own "all the other major AV corporations, yours just pissed us off the most."
Anonymous also reportedly published the VMware ESX Server kernel's source code, and hit several Australian sites as well as the Organization for Security and Cooperation in Europe.
Lack of Evidence
Symantec "is investigating the recent claims made online regarding the security of our networks," spokesperson Mike Bradshaw told TechNewsWorld. "We have found no evidence that customer information was exposed or impacted." The company "will continue to monitor the situation and aggressively investigate these and any related claims."
Whether PayPal was actually hacked remains an open question as well. Anonymous was reported to have hacked 28,000 PayPal accounts, but PayPal also denies this claim.
"It appears that the exploit was not directed at PayPal after all," spokesperson Dave Garcia told TechNewsWorld. "The original story that started this and was retweeted by some of the Anonymous Twitter handles has now been updated."
Preserving the 5th Estate
There also have been reports, which Anonymous itself denied, that had it attacking various NBC sites and targeting Facebook. It repeated that denial Monday in response to a query.
Keeping Things in ContextSymantec has been hacked before, and it could be that this is because it, like many other companies, "focuses on perimeter security and protecting key systems," NSS Labs' Baylor suggested. "What [enterprises] forget is, they have multiple development servers which are extremely vulnerable, and can be used as gateway systems, as many [of these] share accounts and passwords with their key systems."
Websites are attacked "millions of times a day," and "it takes only one lucky hit" to compromise them, Baylor continued. Businesses need to move away from passwords and toward multifactor authentication, cut down on password reuse and put in better controls against botnets.