DHS National Cybersecurity Center Warns of Crude, But Effective LulzSec/Anonymous/AntiSec Attacks

U.S. Department of Homeland Security analysts work at the National Cybersecurity & Communications Integration Center (NCCIC) located just outside Washington in Arlington, Virginia in this September 24, 2010 file photo.

Public Intelligence

A bulletin released in late June by the Department of Homeland Security’s (DHS) National Cybersecurity and Communications Integration Center (NCCIC) warning of the recent activities by LulzSec and Anonymous has surfaced online.  The unclassified bulletin titled “Hacktivist Groups Target U.S. and Foreign Networks” was recently posted to an unknown online network security website Aisle.net before being subsequently removed.  The site it was posted to has also disappeared  and now visitors to the domain are greeted with a blank screen.  While the full document is not recoverable at this point in time, a cached version of the document’s summary contains a number of surprising admissions regarding the effectiveness of basic techniques utilized by LulzSec/Anonymous.

The bulletin states that the NCCIC “through coordination with its partners and monitoring of multiple sources” is monitoring hacking activities conducted by LulzSec and Anonymous, making particular reference to the recent “Operation AntiSecurity” (AntiSec).  The NCCIC describes LulzSec as “a group of former Anonymous members who typically use widely available and crude tools to hijack or deface web pages as a political statement” adding that they “routinely post information regarding planned and ongoing activities on publicly available Internet Relay Chat (IRC) sessions and social networking sites like Twitter”.  Yet, the bulletin also states that the recent spate of attacks by “LulzSec and Anonymous have proven simple Tactics, Techniques and Procedures (TTPs) are often successful, even against entities who have invested a significant amount of time and capital into designing and securing their information networks”.

If anyone has a copy of the full document, please consider sending it our way.

UPDATE: We have now obtained the full version of this bulletin.

(U) Hacktivist Groups Target U.S. and Foreign Networks

DISTRIBUTION NOTICE (A): THIS PRODUCT IS INTENDED FOR THE CYBERSECURITY, CRITICAL INFRASTRUCTURE AND/OR KEY RESOURCES COMMUNITY AT LARGE. PLEASE DISTRIBUTE IT AS NECESSARY TO COMMUNICATIONS STAKEHOLDERS IN THE PUBLIC AND PRIVATE SECTORS.

EXECUTIVE SUMMARY

(U//FOUO) This Bulletin is being provided for your Executive Leadership, Operational Management, and Security Administrators situational awareness. The National Cybersecurity and Communications Integration Center (NCCIC), through coordination with its partners and monitoring of multiple sources, is tracking reports that members of the hacktivist collectives ‘LulzSec’ and ‘Anonymous’ have combined their efforts and continue to perpetrate cyber attacks targeting U.S. and foreign networks. LulzSec Members have posted statements on the internet claiming the attacks, referred to as ‘Operation AntiSecurity’ (AntiSec), are ‘designed to demonstrate the weakness of general internet security’ and have allowed them to collect massive amounts of data.

(U) LulzSec is purported to be a group of former Anonymous members who typically use widely available and crude tools to hijack or deface web pages as a political statement. They also routinely post information regarding planned and ongoing activities on publicly available Internet Relay Chat (IRC) sessions and social networking sites like Twitter. Recent attacks by LulzSec and Anonymous have proven simple Tactics, Techniques and Procedures (TTPs) are often successful, even against entities who have invested a significant amount of time and capital into designing and securing their information networks.

(U//FOUO) While LulzSec has generated a significant amount of media coverage and at least a moderate degree of financial impact to several commercial firms, it has primarily resulted in negative publicity for the entities whose networks were affected.

Share this:

Facebooktwitterredditlinkedinmail