Has Anonymous Infiltrated the US Government?

Wednesday, May 16, 2012

Plagiarist Paganini


(Translated from the original Italian)

In recent months we have discussed the security status of US networks and infrastructure, and we have described American cyber strategies and the main actions proposed to protect the principal assets of the nation.

One story in particular struck us deeply related to the vulnerability of U.S. Government networks in an admission by senior government officials that they are routinely hacked.

It is difficult to accept a reality that is this disconcerting, that one of the major superpowers in the world that is on the forefront of technology is so vulnerable to attack by hacker groups with diverse motives.

Who is interested to US networks and why?

Consider that the cyber infrastructure of a country attracts foreign governments, independent hackers, and also hacktivists, and that all of these forces combine their actions daily against the same target.

The success cyber attacks against US networks, according the declarations of security experts, is due in part to the fact that the US infrastructure is protected by obsolete defense systems unable to fight against continuous incursions.

Speaking before the Senate Armed Services Subcommittee on Emerging Threats and Capabilities, experts told the assembled Senators that the U.S. government needed to abandon the notion that it could keep intruders off its computer networks.

Very meaningful was the response to the testimony by Senator Rob Portman, member of the Emerging Threats and Capabilities subcommittee:

“We can do things to make it more costly for them to hack into our systems… but you didn’t say we can stop them.”

Portman clearly expressed awareness of the threat and the impossibility to defeat it in the short term.

Now come revelations on the status of US network security from the famous group Anonymous, in a recent interview its component Christopher “Commander X” Doyon, who lives in Canada:

"Right now we have access to every classified database in the U.S. government. It’s a matter of when we leak the contents of those databases, not if. You know how we got access? We didn’t hack them. The access was given to us by the people who run the systems…"

"The five-star general (and) the Secretary of Defense who sit in the cushy plush offices at the top of the Pentagon don’t run anything anymore. It’s the pimply-faced kid in the basement who controls the whole game, and Bradley Manning proved that."

According Doyon, the access of the group is given by insiders in the government infrastructure that provide the group an unimaginable power, the power of knowledge and information.

Doyon has admitted participation in some of the most important attacks on websites last year from Sony to PayPal.

He was arrested in September for a minor hack on the county website of Santa Cruz, Calif., where he was living, in retaliation for the town forcibly removing a homeless encampment on the courthouse steps.

For that, Doyon is facing 15 years in jail. But he crossed the border into Canada in February to avoid prosecution.

Doyon was the leader of the People’s Liberation Front , a group allied with Anonymous and he is considered the most wanted hacktivist after Julian Assange.

The hacker reiterated the concept saying:

“The entire world right now is run by information... Our entire world is being controlled and operated by tiny invisible 1s and 0s that are flashing through the air and flashing through the wires around us. So if that’s what controls our world, ask yourself who controls the 1s and the 0s? It’s the geeks and computer hackers of the world.”

What do you think about the revelation of the insider component of the group? What is the truth behind these declarations?

We are now accustomed to sensational statement by Anonymous, and we all recognize their great media capacity, but rather than believing the truth exposed, the experts have the following interpretations:

  • Hackers are operating on a psychological front, trying to instill the culture of suspicion in the enemy's lines. Everyone could be a spy, everyone could be Anonymous.
  • Just the statement “everyone could be Anonymous” is the base for a second hypothesis regarding the revelations of the inside hackers. Anonymous is sending a message to all those who are employed by the government that they are open for collaboration.

I think both assumptions are valid, while acknowledging that Doyon has certainly exaggerated claims. The risk of the government insider who is close to the group is high, and to face similar threats requires observations of procedures and protocols in order to prevent unauthorized access to confidential information.

I'm still convinced that the group is in a phase of profound transformation, as new tumultuous currents have surfaced and they could degenerate into dangerous insurgents.

In my opinion, such statements must be taken into consideration, but I also believe that the group has issued statements to pursue a clear media strategy.

In several articles I predicted the possibility that law enforcement and intelligence agencies were infiltrating the group. Today, according the hacktivist's declaration, we are involved in a reverse of the scenario. The reality is that both factions fear infiltration and are working to ensure that the damage would be minimal.

Meanwhile, we little info on how Anonymous is approaching the problem, and on the opposite side we have a perception of how government agencies are facing the threat. I note that the FBI on more than one occasion has pointed out the need to detect insiders who may be providing access.

Regarding the topic, I suggest reading the guidance provided by the FBI, "The Insider Threat An introduction to detecting and deterring an insider spy", a guide for security personnel on how to detect an insider threat and which provides tips on how to safeguard your company’s trade secrets.

Cyber espionage and theft of intellectual property are ever increasing threats to organizations and government institutions, and they can go unnoticed for months or even years.

The message is that we must remain on guard, and we don't wait for the day when Doyon's words will come true.

Cross-posted from Security Affairs

Possibly Related Articles:
Insider Threats FBI Attacks Network Security Anonymous Hacktivist National Security Cyber Espionage Christopher Doyon
Post Rating I Like this!
Marc Quibell LOL! I can't believe you take anything seriously coming from some clown kid in Canada who thinks there are still 5-star generals in the US. So has anonymous infiltrated the US Gov? No. Why on earth would you even begin to give credence to a fugitive criminal?
Plagiarist Paganini Hi Mark, I take seriously the possibility of insider. If you ignore it you make a serious mistake
Marc Quibell Always be vigilant, regardless. Whatever this person says has no affect on continuing to be vigilant. If some kid says they have insider information, my next words would be, "Prove it"
Plagiarist Paganini Perfectly aligned. I agree
Michael Johnson It sounds more like an off-the-bat statement, just Chris Doyon bigging himself up.
Of course there are insider threats. It's inevitable in such a big organisation, and it's always been that way. Governments already take that into account and implement measures (protection levels, compartmentalisation, etc.) to limit whatever damage.

It's also a matter of when and not if a compromise occurs, but we can kind of tell whether an insider or opportunist was responsible by how meaningful the compromise is. If it's something especially damaging, the chances are it's APT or insider. If it's the usual random dump on Pastebin lacking context, the chances are it's an opportunist using a published exploit.

But I don't think the motivation's there in this case. It's just too difficult to leak information without getting caught, when the average government worker has a very defined role. Nobody would seriously consider risking their job to massage the collective ego of Anonymous.
Plagiarist Paganini Hi Michael, I believe that the risk is concrete and must be mitigated with the improving of the right measurements.
An insider is a threat, no matter if it is a spy or an hacktivist, his behavior could compromise/expose sensible information.
Regarding Anonymous, I believe that they really already have infitrated several government all around the world, but I'm also convinced that is true viceversa.
let's see what happen ... in the meantime we must do all the best to prevent such phenomenon.
Warm regards
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.