Security company exploitation by loosely-organised hacking outfits could spark a cyber war against other security and business firms.
This is according to Haroon Meer, lead researcher at research firm Thinkst, pointing to attacks made by politically motivated hacking - or 'hactivist' - group Anonymous against security firm HBGary Federal.
Meer will speak at the sixth annual ITWeb Security Summit, which will be held from 10 to 12 May at the Sandton Convention Centre.
Late last year, HBGary tried to discredit WikiLeaks by threatening to name those responsible for conducting denial-of-service attacks against MasterCard, Visa and other perceived WikiLeaks enemies.
In retaliation, Anonymous used SQL injection attacks to hack into HBGary's content management system. The hacking group exploited weak passwords and published 71 000 company e-mails, according to various media reports.
“By the end of the attack, HBGary CEO Aaron Barr's iPad was reputedly erased, his LinkedIn and Twitter accounts hijacked, [and] the company's Web site defaced.”
Proprietary company source code was also stolen, and with over 71 000 private e-mails now published to the Internet, the security firm was laid bare, Meer said in a recent blog posting.
Meer advises that South African business should learn from the HBGary attacks and demand that Internet service providers and IT administrators protect crucial information from those that might have a political or financial agenda.
digital lives as well,” says Meer.
Meer says HBGary, a security firm that has strong offensive cyber capabilities, was given a beating by “a non-funded, loosely organised hacker collective”. He says this shows that a cyber war is brewing and that even the strongest of companies are vulnerable to cyber threats.
“I think we will see attacks such as the Anonymous hack filtering into SA. This is largely due to the fact that there is so little to stop people from doing this.
“One of Julian Assange's famous comments on WikiLeaks is that 'courage is contagious'. He uses it to refer to the fact that if a few brave people leak info on wrongdoings, more will.”
Meer adds: “Today, with Anonymous and various leak sites springing up, this changes the game. In a way, it makes the famed 'insider threat' potentially more harmful.”
According to Meer, the e-mails published by Anonymous revealed that HBGary was selling rootkits, or software that enables continued access to a computer while actively hiding its presence from administrators, to government contractors for prices between $60 000 and $200 000.
Meer says: “I think groups like Anonymous have been around for some time. What's different now is the public's awareness of it, and the fact that such groups can get onto the world stage with their actions.”
Share