Track: General Security
Author: Stephen Gates, Chief Research Intelligence Analyst, NSFOCUS
When I first heard about the latest name for their operation, I remembered Icarus from my mythology class, senior year of high school. Although I remembered the name, I could not recollect the story about Icarus. Thank goodness for the Internet.
According to the myth, Icarus was the young man who flew too close to the sun with wings made of feathers and wax. His father warned him, but he did it anyway. The wax melted and he fell into the sea. But more importantly, the myth also illustrates why he did it. Many of the Greek myths had classic themes. In this case, the theme was centered on hubris. The word hubris means extreme foolishness, pride and arrogance. Now things were beginning to become more clear.
Most people know what Anonymous normally does to organizations in their crosshairs. Their victims are often taken offline for a period of time, their defenses are breached, and their data is released online. The victims frequently make the headlines, and some of the headlines can be rather embarrassing. This is what Anonymous does.
So how do they do it? They normally begin with a combination of different DDoS attacks, while attempting to breach an organization’s security layers to steal their sensitive data. In this case, DDoS is used to erode the victim’s defenses, and help hide their breach activity. It’s called “Dark DDoS”. The DDoS attacks are being used as a distraction.
Now let’s get back to why. According to a video on YouTube, which was released on May 8, the why is clearly explained. Anonymous is now targeting the arms industries, global banking, financial institutions, as well as government and intelligence agencies. Apparently, Anonymous has it out for these groups and feels they have become full of extreme foolishness, pride and arrogance; hence the reference to Icarus. Not only is this video interesting, it also quite alarming. The video ends with a call to arms, which has a possibility of escalating through the recruitment of groups and individuals enticed by their initiatives.
At the time of writing this blog, reports have shown that the Bank of Greece, the Central Bank of the Dominican Republic, the Guernsey Financial Services Commission, the Central Bank of Maldives, the Dutch Central Bank, the National Bank of Panama, the Central Bank of Kenya, the Central Bank of Mexico, and the Central Bank of Bosnia and Herzegovina, have experienced DDoS attacks, since the beginning of May.
If you see any kind of DDoS attack activity whatsoever, Anonymous may be trying to breach your defenses. If the DDoS attack came and went, they may have obtained what they were looking for. If they didn’t, they may be back. The DDoS attack is not the end, it is the “means to the end”. This is why they use DDoS in the first place. You can protect yourself from Dark DDoS attacks that are designed to attack the other layers of your security. Expect to see copycats following in their footsteps.
Steve is a key research intelligence analyst with NSFOCUS IBD. He has been instrumental in solving the DDoS problem for service providers, hosting providers, and enterprises in North America and abroad. Steve has more than 25 years of computer networking and security experience with an extensive background in the deployment and implementation of next-generation security solutions. In his last role, Steve served as the Chief Security Evangelist for Corero Network Security before joining the NSFOCUS team. Steve is a recognized Subject Matter Expert on DDoS attack tools and methodologies, including next-generation defense approaches. You can usually find Steve providing insight, editorial, industry thought leadership, and presentations covering the latest security topics at RSA, SecureWorld, SANs, Black Hat, IANS, ISSA, InfraGard, ISACA, etc.