The following bulletin from the Los Angeles Joint Regional Intelligence Center was originally released by Anonymous on December 16, 2011.
Los Angeles Joint Regional Intelligence Center Awareness, Detection, and Mitigation of Cyber Threats and Attacks
- 10 pages
- For Official Use Only
- July 5, 2011
(U//FOUO) US citizens and assets – including the White House, the Central Intelligence Agency, InfraGard, the state of Arizona, and major defense contracting companies – experienced high-profile cyber threats and attacks in the first half of 2011. Most of the tactics and techniques used were not new, however the increase in attacks during the past few months exemplifies the growth of cyber incursions and reinforces the need to be aware of risks and mitigation techniques associated with cyber threats. Appendices A, B and C contain detailed lists of threats, potential indicators of attacks, and possible remedies; some areas may contain overlap.
(U) Different Actors, Different Motives, Different Threats
(U) Recent reporting has largely centered on attacks by “hacktivist” groups – loose collectives that conduct cyberactions to raise awareness regarding particular grievances or causes.ii These attacks generally garner significant media attention. While they are annoying, embarrassing, and disruptive to victims, they seldom result in meaningful losses or damage, beyond costs associated with website repair. More worrisome are sophisticated probes and attacks that exfiltrate sensitive data for malicious use, or plant software designed to disable systems. Attacks such as these may be conducted by state-sponsored actors or organized criminal enterprises, and may inflict greater damage and losses.
(U//FOUO) On 23 June, hacker group LulzSec released information taken from the Arizona Department of Public Safety – including personal information of law enforcement officers – to protest a controversial immigration law.
(U) A multi-phase attack between March and June 2011 against RSA, a secure token provider, and three major defense contractors, saw hackers use stolen and cloned token keys to breach and remove data from networks at the defense firms.
(U) The mid-2009 targeted Stuxnet virus temporarily disabled a uranium enrichment plant in Iran.
(U) Different Targets, Different Methods
(U//FOUO) A successful cyber attack can be detrimental to targeted systems, computers or individuals. Hackers may install programs that steal personal information, flood a browser with pop-up advertising, slow Internet connections, fill e-mail with advertisements and/or crash the system. They may take control of a computer, commit fraud or identity theft, or cause an individual to lose all data stored on that system. This can impact both personal and work systems, and can affect all aspects of an individual’s life.
(U//FOUO) Cyber threats can involve any aspect of communications and data infrastructure, but can be broadly categorized as threats to users, systems, and access devices, including mobile devices.
Related Material From the Archive:
- (U//FOUO/LES) Los Angeles Fusion Center: Methods to Defeat Law Enforcement Crowd Control
- (U//FOUO) LulzSec Release: DHS Evaluating Threats 2008-2013
- (U//FOUO) DHS Utility-Sector Employee Insider Threats Warning
- (U//FOUO) Indiana Fusion Center: Suspicious Activity Involving Emergency Services and Hospitals
- (U//FOUO) FBI Anonymous’ Participation in “Day of Rage” Protest May Coincide with Cyber Attack
- (U//FOUO) Colorado Information Analysis Center Smartphone Security Bulletin
- (U//FOUO) Arizona Fusion Center: Occupy Phoenix “When Should You Shoot A Cop?” Flyer
- (U//FOUO) San Diego Fusion Center: Hotels are Potential Bomb Labs