It's Business as Usual for Anonymous as Panda Takes a Hit
The hactivist community suffered a betrayal by one of its own when LulzSec leader Sabu helped the FBI arrest several of his cohorts, but the larger Anonymous collective wants the world to know it's undeterred. To that end, it struck Panda Security, but the firm insisted nothing of importance was breached. Still, "the state of Anonymous is not much different than it was three days ago," said Steve Fox, CEO of Security Pursuit.
03/07/12 2:59 PM PT
Overnight, Anonymous hackers took down more than 25 websites belonging to Panda Security. They also posted email addresses, usernames and passwords of more than a hundred of the firm's employees and defaced a number of marketing-related sites.
Members claiming to be part of Anonymous posted numerous messages aimed at both Panda Security and at Monsegur, also known as "Sabu." In one post, the group noted "Yeah, yeah, we know... Sabu snitched on us," referring to the fact that Monsegur aided the FBI, resulting in the arrests of other LulzSec members.
The attack did not breach its internal network, and neither source code nor customer data was accessed, Panda Security said in a statement. Anonymous was only able to access information related to marketing campaigns and some obsolete credentials.
Panda Security did not respond to our request for further details.
Anonymous and Decentralized
This brazen attack shows that the group is neither down for the count nor as weakened as reports on Tuesday might have suggested.
"This is the Anonymous agenda," Steve Fox, CEO of Security Pursuit, told TechNewsWorld. "They have set out to make a mockery of law enforcement or those that were helping law enforcement."
Panda Security had long condemned the actions of Anonymous and helped play a role in recent arrests in Spain, noted Fox.
The arrests of Monsegur and the other LulzSec members were part of an international effort by law enforcement, but it remains unclear whether they will have any lasting impact on the group's structure.
"The one thing to keep in mind, is Anonymous isn't so much of an 'it' as much as a 'they,'" said Fred H. Cate, director of the Center for Applied Cybersecurity Research at Indiana University.
The group is a group really in name only, he told TechNewsWorld. "This is a loose federation of lots of independent hackers doing things and without a lot of coordination."
This lack of coordination and the decentralized nature of Anonymous also means that law enforcement officials -- and even security firms -- need to think of them differently.
"It's not useful to think about Anonymous and other hacktivists like they are as organized as Amway," nCircle CTO Tim Keanini told TechNewsWorld. "Frankly, trying to characterize Anonymous is like trying to characterize all rock and roll artists. About the only thing all participants have in common is their medium."
Hacktivism is all about diversity and common cause, said Keanini -- not about centralized leadership.
"There's no way of knowing how hacktivists will respond to recent events, but enterprise security teams should not let their guard down," he cautioned. "Sun Tzu's The Art of War is a great instruction manual for IT security. It teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position as unassailable as possible."
Despite the arrests Anonymous appears as determined as ever, and there is little evidence to suggest any rifts in the group -- but this is due to its decentralized nature.
"The state of Anonymous is not much different than it was three days ago," added Fox. "The arrests seem to have had little negative impact."
What is notable, he added, is that even with the information that Monsegur turned informant, the group has maintained a fair amount of solidarity.
"In their posts online, they didn't throw the arrested members under the proverbial bus," Fox said. "And internal rifts -- we don't see that either."
At present, the group is showing resolve, and that's not likely to change.
"This is because the group doesn't coordinate, and these groups are typically only a loose federation," said Cate. "This is their de facto way of operating, and one benefit is that they become more resilient to being shut down."