Fresh off the last few days’ worth of Web attacks, designed as a kind of cyber-retribution for the demise of file-sharing site Megaupload at the hands of the FBI, members of the “hacktivist” group have taken to Twitter to claim accountability for an attack on CBS.com this morning.
And by CBS.com, we mean all of CBS.com. As in, the attackers didn’t just force the site offline using a barrage of distributed denial-of-service attacks (DDOS) delivered by the group’s “Low Orbit Ion Cannon” tool – which has now been transformed into a Web-based attack vector that unsuspecting users can unknowingly participate in.
Anonymous seemed to have somehow acquired root access to CBS.com in this morning’s attack, as members of the group were allegedly able to completely wipe the site’s files and directories. Users attempting to access the main CBS index page were instead shown a directory structure containing just one file – foundry.html. Users attempting to access any of CBS.com’s sub-sites, like bookmarked pages for its litany of television shows, for example, were met with 404 Not Found errors.
According to the Twitter account @youranonnews, CBS.com was offline for approximately 20 minutes.
But CBS hasn’t been Anonymous’ only Sunday target. The primary site for Universal Music was taken offline earlier today as well, the second such attack on the site in the past week. And the website for French media conglomerate Vivendi, which currently owns Universal Music Group, remains offline as of 2 p.m. (PST).
So, who’s next? A video allegedly representing Anonymous threatened to attack a litany of websites if Megaupload wasn’t put back online within three days’ time. That video (embedded below) was uploaded three days ago, we note, and it appears that whoever was behind it hasn’t followed through with the threats on that one. The list of potential targets included websites and services for the United Nations, Xbox Live, and U.S. Bank, as well as Twitter, Facebook, and YouTube.
Latest Anonymous Video
[vsw id="5LlaF2AoL-o" source="youtube" width="425" height="344" autoplay="no"]
For those of you who may not know who or what anonymous is below is a brief history.
Anonymous is the most famous ‘hacktivist’ group in the world. The informal nature of the group makes its mechanics difficult to define. Subsequently, without a formal organizational hierarchy, it’s difficult to explain Anonymous to the general public and the media. In this article, I’ll explain the history of the group, and offer some clarity on what’s misunderstood about them.
‘Hacktivist’ is a portmanteau of ‘hacker’ and ‘activist’. When people have technical skills, have access to the Internet, and understand how network infrastructure and servers work, it can be tempting to put that knowledge into having some effect on the world. The ‘activist’ part of ‘hacktivist’ means that they don’t do their hacking and cracking without a cause. The various people behind Anonymous worldwide are united in a belief that corporations and organizations they consider to be corrupt should be attacked. If you’re an administrator for a network that has little reason to be a target for social activists, your network and servers are unlikely to become a target for Anonymous. If for some reason you believe your network might become a target, I recommend testing it for handling DDoS attacks, as that’s the most common method Anonymous uses to bring down web servers.
Not all of Anonymous’ activities involve attacking networks or websites. Anonymous has also been active in initiating public protests. But the web and IRC channels are the lifeblood of the group. If it weren’t for the Internet, Anonymous would’ve never existed.
Read the historical timeline of Anonymous at Resources.InfosecInstitute.com.
A Brief History
What concerns me in all of this is that the same people who tell us not to worry about their having access to our personal information are using the fact they have that access to manipulate Congress. If “we” the people” begin to turn on Anonymous I have no doubt they wouldn’t use my personal information for retribution, right?
Not that Anonymous consults me on their marketing strategy, but if they want me to believe my personal information is safe then perhaps they shouldn’t use it to blackmail Congress. Just a thought.