Euro Security Watch with Mathew J. Schwartz

DDoS Protection , Governance & Risk Management , Security Operations

Anonymous DDoS Attacks Spread, But What's the Impact?

'Operation Icarus' Targets Numerous Banks, But Interruptions Apparently Limited
Anonymous DDoS Attacks Spread, But What's the Impact?
The face of Anonymous: Guy Fawkes.

Anonymous claims it has unleashed "Operation Icarus" against the "global banking cartel," commencing with a May 3 distributed denial-of-service attack against the central bank of Greece's website, followed by several other bank website attacks. But so far, the impact of the interruptions apparently has been minimal, continuing Anonymous' track record for attacks that fail to pack much of a punch.

See Also: Live Webinar | Special Delivery! Defending and Investigating Advanced Intrusions on Secure Email Gateways

Nevertheless, security experts warn banks that it's time to double-check their DDoS defenses to minimize risks.

The anti-bank DDoS campaign, which the hacktivist collective claims is set to run for 30 days, is just the latest of many Anonymous has launched against targets that its members dislike. But it's unclear what - if any - effect the group's DDoS attacks have had, except to get Anonymous into the news.

Indeed, the Bank of Greece reports that the Anonymous DDoS attack disrupted its website for only a few minutes (see Anonymous Threatens Bank DDoS Disruptions). And Anonymous is taking credit for DDoS attacks against about nine other banks around the world, although the impact of the interruptions appears to have been relatively minimal, according to International Business Times.

Over the years, none of the organizations or individuals Anonymous has targeted with DDoS attacks appear to have been heavily inconvenienced. Among the long list of Anonymous' past targets are PayPal, MasterCard, Visa the FBI and trade associations, including the Recording Industry Association of America and the Motion Picture Association of America. Another target was Westboro Baptist Church, an independent group that self-identifies as a church and which is known for picketing the funeral of members of the armed services.

And in March, Anonymous declared "total war" against Republican presidential candidate Donald Trump, and on April 1 temporarily disrupted several of Trump's websites, The Hill reports. "Dear Donald Trump, how do you plan to protect the world if you can't even protect something as simple as your websites?" the group asked in a video posted to YouTube.

Despite suffering the slings and arrows of anonymous hacktivists, Trump is now the presumptive Republican nominee for November's U.S. presidential elections.

Who's Behind the Mask?

Every year on Nov. 5 - Guy Fawkes Day - some branch of Anonymous or other threatens to destroy something or other, such as Facebook, which went on to post $5.8 billion in 2015 revenue (see Hacktivism: An Affair to Remember).

Of course, anyone can don the proverbial Guy Fawkes mask - the group's icon, drawn from the film "V for Vendetta" - and claim to speak on behalf of the collective. But Anonymous is not a single organization, nor based in a single geography. Investigations into the collective - such as Parmy Olson's 2012 We Are Anonymous - show there's an ever-evolving cast of Anonymous chat-room moderators as well as regular "Anons" who participate in related efforts.

Of course, if everyone is Anonymous, who's to know what agendas might lurk in Anonymous chat rooms? After "Operation Trump" first launched in December 2015, for example, the administrator behind the Twitter account YourAnonCentral, which since 2006 has coordinated Anonymous-related communications, claimed to the Guardian that both the Trump campaign and the campaign of Democratic presidential contender Bernie Sanders had been "actively attempting to subvert and misuse Anonymous for their own gains."

An emerging Anonymous faction argued that Op Trump violated the anarchist collective's ethos of never backing any particular political party. "We are feeling deeply concerned about an operation that was launched in our name - the so-called Operation Trump," according to a March 15 video delivered in the typical Anonymous style, replete with robotic voice. "We - Anonymous - are warning you about the lies and deceits pushed under our banner," the voice continues.

Several of Op Trump's organizers fired back, claiming that their effort had only been an April Fool's Day ploy. "By announcing a DDoS against media darling Donald Trump, the media, enraptured by any coverage of him, gave us a platform to address the American public," they said in a post to text-sharing site Ghostbin.

Despite the bluster, some Anonymous collective members' forays into DDoS technology have failed spectacularly. In 2010, for example, the group began urging people to take up digital arms against MasterCard, PayPal and Visa as part of "Operation Payback," in part by downloading and running the free DDoS tool Low-Orbit Ion Canon, or LOIC.

What many LOIC users failed to appreciate, however, is that the software didn't mask their IP addresses by default. In due course, PayPal and other victims shared packet-capture logs with authorities, who then began tracing back and arresting alleged LOIC users.

Better Dox Success

Where Anonymous has arguably had a bigger impact, however, is when it comes to leaking data from organizations that run afoul of the collective's agenda.

In 2014, for example, an Anonymous-affiliated Twitter account declared "full-scale cyber war" against ISIS - a.k.a. ISIL or Daesh - promising that "Operation Ice #ISIS" would shut down the group's social media influence. Efforts by an Anonymous affiliate that calls itself GhostSec, which says it targets "Islamic extremist content" from "websites, blogs, videos, and social media accounts," have generated intelligence that has been passed to the FBI and apparently helped thwart at least one attack in Tunisia, The Atlantic reports (see Report: U.S. "Dropping Cyber Bombs" Against ISIS).

In December 2015, an Anonymous-branded effort - "Operation KKK" - also leaked the identities of 350 alleged Ku Klux Klan members.

Banks: Be Prepared

Although the history of Anonymous is littered with failed DDoS attacks, multiple security experts have told me that banks should still take the group's most recent threat seriously.

"As with all threats, organizations should review the information available to determine what steps they need to take, if any," information security consultant Brian Honan stresses. As a result, he says, now is a great time for banks to ensure they are reviewing and updating "all of their defense plans," on a regular basis.

But if banks have appropriate DDoS defenses in place, they likely will not feel much Anonymous-delivered DDoS pain.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.