#OWS Flood New York City. Occupy parks all over the city.
Mobilize to Times Square. Union Square. Wall Street. The
power of People. RISE UP! —LulzSec figurehead Sabu
THE YEAR 2011 will be remembered by many cultural historians as the year of Anonymous, the year of LulzSec, or at least the year of the hacktivist. The activities of the various anonymous hacker groups orbiting around Anonymous dominated headlines, especially during the summer, and brought network security and privacy concerns into the public consciousness in a way that we’d never seen before.
The Sony hack was definitely the most damaging in terms of dollars lost to downtime and consumer distrust. Seventyseven million user accounts were compromised while Sony’s customers were left without the ability to play games online (a privilege they’d paid for) for twenty-three days. Compromised information included names, addresses, e-mail addresses, phone numbers, gender, and date of birth in addition to twenty thousand credit card numbers. No one knows for sure who was responsible for this attack. The following month, LulzSec broke intoSonyPictures.com and posted fifty thousand password/e-mail combinations as well as twenty thousand Sony music coupons, which they made freely available to the public in a downloadable .RAR file, costing Sony an estimated $24billion.
Then, in October, Sony announced that its PlayStation Network had been compromised yet again, leading some videogame business commentators to speculate that the attacks on
Sony could very well take them out of the console wars, as the great cost of these attacks would put Nintendo and Microsoft in a position to expand their market share in light of ill will toward Sony.
Another Japanese video-game company was targeted in June, Sega Corp, compromising the account information of 1.3
million customers. As in the Sony attack, Sega was forced to bring down its Sega Pass online gaming network. Though no one can say that Anonymous or its related hacktivist groups is responsible, it would seem likely, since Anons have a long history of harassing people within and around the gaming universe. Anonymous’s earliest attacks were in online game spaces like EVE Online and Habbo Hotel, universes in which they found they could wreak a lot of havoc without experiencing much real-world blowback.
Strangely enough, LulzSec not only denied responsibility but reached out to Sega, offering to track down the hackers because, as one LulzSec member tweeted, “We love the Dreamcast, these people are going down.” LulzSec later targeted Nintendo but did not steal any data.
They just wanted to teach the video-game giant a lesson: “We didn’t mean any harm. Nintendo had already fixed it anyway.”
“Tango down—cia.gov—for the lulz,” exclaimed one tweet.
While the Sony hack probably caused the most financial damage, the attacks that generated the most PR destruction were
initiated against the CIA and FBI, two organizations that one would expect to be invulnerable to the attacks from what many assumed at the time (in some cases correctly) to be a bunch of teenage nerds.
Now, taking down the CIA public-facing Website did negligible damage to the operational functioning of the organization. Popular Webcomic “xkcd” illustrated the disparity between what people assumed about this attack and what actually happened, by comparing the hack to an attacker tearing down a poster hung up by the CIA. But still, it was embarrassing, and it generated a lot of buzz for the attacker.
In May, Citigroup discovered a serious security breach, in which hackers were able to access data from over 360,000 credit card accounts, including names, numbers, and contact info. The attack, which only affected 1 percent of Citigroup’s customers (still a whopping 21 million), was announced the following month, at which point Citigroup began issuing new cards.
That same month hackers broke into the Lockheed Martin network, breaching the system of the United States’ largest weapons manufacturer. Hackers exploited a VPN, a system used by employees to access Lockheed’s network remotely.
Some experts believe that the attack might have come from China. Hackers also targeted the International Monetary Fund in May, obtaining contact info and other documents around the same time when the former IMF managing director, Dominique Strauss-Kahn, was arrested in New York for sexual assault. Again, China and Russia are among the chief suspects.
Experts suggest that China would be motivated to obtain information about economic aid and policy information for nations in distress due to how China could exploit those transactions in global financial markets. China was also suspected of employing hackers to steal passwords from hundreds of Google account holders the following
Some experts believe that the attack might have come from China. Hackers also targeted the International Monetary Fund in May.
month. Google was able to pinpoint the origination point of the hacks in Jinan, the capital of the Shandong province. The Chinese government denied any affiliation with the hackers. In July Anonymous breached the network of intelligence contractor Booz Allen Hamilton, releasing the data they scraped to the public in a torrent file.
The file contained the log-in information of personnel from a variety of government agencies and military branches, like the Department of Homeland Security, the State Department, the Marine Corps, the Air Force, SOCOM (Special Operations Command), and others.
The above examples are just a fraction of what has been made publicly available, and those are likely an even smaller fraction of the total hacking activity in 2011 that’s been discovered. Serious hackers are much more careful about covering their tracks than are the hacktivists. All of these attacks are certainly among the gravest costs of online anonymity. Anyone who wishes to seriously engage with the identity wars must be willing to recognize that there are legitimate costs to supporting the right to remain anonymous.
However, as we’ll see, security experts tend to agree that the problem lies with buggy code, lazy or negligent network administrators, and bad security practices rather than hacks.
HACKING THE FUTURE is out now on Duckworth Books and can be purchased here