Two-Headed Hacker Monster Declares Open Season on Governments
Jun 20, 2011 3:02 PM PT
Two ad hoc hacker communities often in the headlines of late -- LulzSec and Anonymous -- announced on Monday they intend to team up to attack government websites worldwide.
In its "Operation Anti-Security" manifesto, LulzSec said the top priority of this operation is "to steal and leak any classified government information, including email spools and documentation."
Anonymous had on Friday tweeted its solidarity with LulzSec.
"They're going to go after U.S. critical systems without fear of retaliation," warned Charles Dodd, a cybersecurity consultant who says he often briefs Congressional groups and the intelligence community.
"The level of sophistication and determination these guys have hasn't been taken seriously," Dodd told TechNewsWorld.
However, these groups may be more interested in causing general disarray than pursuing a specific political aim.
"These are what people call chaotic actors, and that means their intention is to cause chaos among their targets," Scott Crawford, managing research director at Enterprise Management Associates (EMA), told TechNewsWorld.
Children of the Lizard God
"Our Lulz Lizard battle fleet is now declaring immediate and unremitting war on the freedom-snatching moderators of 2011," the Operation Anti-Security manifesto reads.
Encouraging attacks on "any government or agency," the manifesto calls for defacement of government websites and urges attackers to flaunt the word "AntiSec" in their endeavors.
Although the top priority is to leak government information, the manifesto states that banks and "other high-ranking establishments" are the prime targets.
"If they try to censor our progress, we will obliterate the censor with cannonfire (sic) anointed with lizard blood," the manifesto reads.
Axis of Cyber-Evil?
The teaming up of Anonymous and LulzSec is highly dangerous, Dodd said.
In addition to publicly stating on YouTube that it opposes United States policy, Anonymous has "hit MasterCard, Visa, almost everyone you can think of, and did that with uncontested success," Dodd stated.
"Then you get another group [LulzSec] that goes through CIA websites with no fear of retaliation," Dodd added. "What happens if they go through our deeper, darker national security sites?"
The skill sets members of LulzSec and Anonymous possess "constitute a serious national security risk" if the group's members decide to go for a darker motivation, Dodd warned.
"Their motivation's changing, and they're now going to go after U.S. critical systems without fear of retaliation," Dodd said.
Activists Will Be Activists
However, there's another way to view the situation, EMA's Crawford contended.
"When people don't recognize the ad hoc nature of this kind of threat, they're missing the point," Crawford pointed out.
Because Anonymous and LulzSec lack a formal structure, they "don't necessarily have specific objectives like capturing sensitive information, though they may do that," Crawford remarked. Often, their motivation is to call attention to activities they think should be brought to light.
These groups are following the lead of WikiLeaks in "trying to discourage the tendency of governments to gather too much information and keep too much of it secret," Crawford said.
The Threat of Collateral Damage
Probably the greatest danger these groups pose directly is the collateral damage they could cause.
For example, they might end up placing the lives of our troops at risk, Crawford said. Or, as Dodd pointed out, they might cause a breakdown of our emergency systems, costing lives.
The emergence of these ad hoc groups also gives rise to an indirect form of collateral damage -- the rise of cyber-vigilantism.
A group calling itself "Web Ninjas" has set up a blog on which it has exposed, or claims to have exposed, LulzSec members.
"Web Ninjas decided to give them a taste of their own medicine, and we have shown them that they are not the Internet Gods they think they are," the blog reads. "Web Ninjas does and will stop LulzSec."
The emergence of cyber-vigilantes worries Dodd.
"Part of me says, yes, they have a value, but the other part says, if we say they're a good thing we'll kick off cybervigilantism," Dodd fretted. "You don't want to start cyberwars over critical infrastructure because people will begin testing their testosterone online. That could be deadly."