In March, Anonymous hackers threatened to take down the Irish government's IT system as revenge for what it believed were unfair water bills and the introduction of water metering. The socio-politically motivated group accused the government of stealing and using threats to introduce new water charges and in retaliation posted a video warning it would take down the government website and make public information available.
The Irish government was quick to respond saying it had robust measures in place. And indeed it should as a matter of course – Radware’s latest study on which sectors are most likely to be attacked showed the government sector at the heart of its ‘ring of fire’.
Interestingly, ISPs and hosting companies are the next most likely group of companies to be attacked. You might think that has nothing to do with government, but in fact it’s a real cause for concern, especially when you consider the number of businesses, government bodies, local councils and NGOs that rely on an ISP or hosting provider to run their online operations. It’s the perfect domino effect – target the ISP and you take down the people who rely on it too.
The survey also found that attacks are increasing in number, sophistication, frequency and duration with some lasting for months rather than hours. Under this kind of pressure, it’s very easy to find yourself fire fighting and lurching from protecting one part of your network to another without being able to properly put in place the defences that would mitigate an attack in the first place.
The most common attack method is a distributed denial of service attack (DDoS) whereby you flood a network, usually with what appears to be legitimate traffic, until it buckles. Many people think these attacks are all about extortion but in fact the motivations are far more varied today, aided by the proliferation of internet access and social media channels to rally against a socio-political or economic cause.
That’s what has made Anonymous a heavyweight in the world of cyber war. Unlike other ‘hacktivists’, it’s rarely motivated by money but rather the underdog. It’s bought down or taken over the websites of the FIFA World Cup sponsors to highlight social poverty in Brazil, and ironically, it fought back against the hackers that exploited the Charlie Hebdo attacks. Its methods are to render websites and networks useless, hijack websites, or hack into networks to obtain and distribute information.
It may seem extraordinary that a group of people co-ordinated online and through social media could have such power. But they do.
And their approach isn’t new. Back in 2013 they hacked the Mole Valley council network and replaced pages on its website related to the detention of David Miranda at Heathrow airport in relation to the whistle blower Edward Snowden. They demonstrated how easy it is to take over a website and made real waves about the potential damage they could do and havoc they could cause.
What’s more Anonymous is not alone. They are the pioneers and are copied. Just look at the Jihadist activists who took over the Seven Oaks town council website to post explicit images in the summer and autumn of 2014. They had a political cause and they wanted to make a noise.
But of course, it’s not just politically motivated organisations and terror groups that are undertaking cyber attacks and crime. You only need a disgruntled member of the public unhappy about a parking fine, someone hell-bent on proving the council is corrupt, or a bored student fulfilling a dare to find yourself at the receiving end of untold mayhem.
That may seem far-fetched, but unfortunately it’s a reality. Black market computer software can be purchased for a few hundred pounds and can be run by pushing a button. No longer do you need to be a computer genius to infiltrate a network. You can buy the expertise and capability if you have a mind and funds to do so.
So what should you do to protect yourself and the community and citizens you serve and represent?
1. Know your enemy. Staying abreast of the latest information and guidance is critical. It’s vital to follow a reputable source that does the legwork for you: The National Crime Agency regularly issues warnings on attacks and viruses and will provide detail on the scale and severity of threats. CERT-UK is another useful source and there are regional bodies like the North East Regional Special Operations Unit (NERSOU), which was set up last October to provide localised information and help.
2. Check your network security can withstand the latest attack tactics. Today attacks are more complicated and vigorous. Multiple attack vectors, often as many as five, are used concurrently and attacks can last weeks or months. Check your network is resilient to withstand such attacks. Also ensure your network is not set to ‘fail over’ under attack which would open up the core network to attack.
3. Check for resilience and plug the gaps. Will it detect a legitimate user and block the fake ones? How strong is your web application firewall, will it protect against attacks on the network’s application layer? Are the suppliers you rely on for hosting, power and mobile communication secure? As part of this you should monitor for unusual patterns. Anonymous is known to test its attack tactics before launching the assault. Spotting unusual activity on the network will help you prepare for an assault.
4. Beware of the mob. Be vigilant for ‘mob’ hackers who will take advantage of the hard work done by Anonymous and use the open door to steal customer data and intercept financial transactions. It’s estimated the financial repercussions for Sony amounted to $1 billion after customer information was stolen when it was attacked. The fine alone was £250,000. The ramification for a voting public would be devastating if the same were to happen to a local council.
5. Be prepared. Successfully defending your network is all about preparedness. Put in place an emergency response plan and team that are first responders to an incident. Consider both the skills you’ll need and adopting technology that continually monitors and detects risks and reacts with the appropriate mitigation tactics on your behalf. It can alleviate significant strain. After all you can’t fight what you can’t detect.
Adrian Crawley is director UK and Ireland of Radware
