(U//FOUO) Los Angeles Fusion Center: Detecting and Mitigating Cyber Threats

The following bulletin from the Los Angeles Joint Regional Intelligence Center was originally released by Anonymous on December 16, 2011.

Los Angeles Joint Regional Intelligence Center Awareness, Detection, and Mitigation of Cyber Threats and Attacks

10 pages
For Official Use Only
July 5, 2011

(U//FOUO) US citizens and assets – including the White House, the Central Intelligence Agency, InfraGard, the state of Arizona, and major defense contracting companies – experienced high-profile cyber threats and attacks in the first half of 2011. Most of the tactics and techniques used were not new, however the increase in attacks during the past few months exemplifies the growth of cyber incursions and reinforces the need to be aware of risks and mitigation techniques associated with cyber threats. Appendices A, B and C contain detailed lists of threats, potential indicators of attacks, and possible remedies; some areas may contain overlap.

(U) Different Actors, Different Motives, Different Threats

(U) Recent reporting has largely centered on attacks by “hacktivist” groups – loose collectives that conduct cyberactions to raise awareness regarding particular grievances or causes.ii These attacks generally garner significant media attention. While they are annoying, embarrassing, and disruptive to victims, they seldom result in meaningful losses or damage, beyond costs associated with website repair. More worrisome are sophisticated probes and attacks that exfiltrate sensitive data for malicious use, or plant software designed to disable systems. Attacks such as these may be conducted by state-sponsored actors or organized criminal enterprises, and may inflict greater damage and losses.

(U//FOUO) On 23 June, hacker group LulzSec released information taken from the Arizona Department of Public Safety – including personal information of law enforcement officers – to protest a controversial immigration law.

(U) A multi-phase attack between March and June 2011 against RSA, a secure token provider, and three major defense contractors, saw hackers use stolen and cloned token keys to breach and remove data from networks at the defense firms.

(U) The mid-2009 targeted Stuxnet virus temporarily disabled a uranium enrichment plant in Iran.

(U) Different Targets, Different Methods

(U//FOUO) A successful cyber attack can be detrimental to targeted systems, computers or individuals. Hackers may install programs that steal personal information, flood a browser with pop-up advertising, slow Internet connections, fill e-mail with advertisements and/or crash the system. They may take control of a computer, commit fraud or identity theft, or cause an individual to lose all data stored on that system. This can impact both personal and work systems, and can affect all aspects of an individual’s life.

(U//FOUO) Cyber threats can involve any aspect of communications and data infrastructure, but can be broadly categorized as threats to users, systems, and access devices, including mobile devices.