WASHINGTON — In war, one knows his enemy. In cyber, the enemy is often anonymous.
Rep. Mike Rogers, chairman of the House Intelligence Committee, said he worries about the irrational, non-nation groups that have investment in cyber capabilities.
Though the threat of cyber espionage looms as countries such as China, Russia and Iran build up their capabilities, one of the predominant fears is not knowing who exactly the enemy is or where an attack will originate.
With the rise of hacktivist groups like Anonymous, the war on the cyber threat takes on a novel tone.
Lawmakers have been pressured to make strides in cybersecurity legislation that will protect the private sector going forward. But frequent news of Anonymous’ attacks spark a new wave of potential perils, bringing to light the innumerable possibilities of cyber espionage.
In a bulletin last year, the Department of Homeland Security said Anonymous has the ability to cause critical infrastructure damage in the future.
The agency’s National Cybersecurity and Communications Integration Center learned of a possible cyber attack operation planned against Halliburton, a U.S. oil and natural gas company in August 2011. Although the attack didn’t happen, the department said it would have been “consistent with Anonymous’ targeting preferences.”
The group often engages in distributed denial of service attacks, disrupting normal activity by making websites unavailable. It has attacked several federal websites this year.
Last month, Anonymous teamed up with Wikileaks to release over five million emails from the private intelligence firm Stratfor — one of several private intelligence companies working with the U.S. government that it attacked.
The lingering question is why.
Authorities may have made a break in the cybercrime game. Five members of Lulz Sec, an offshoot of Anonymous, were arrested in connection with cybercrimes last week. Hector Xavier Monsegur, a vocal leader of the collective, worked with the Federal Bureau of Investigation to turn the crew.
Cole Stryker, author of “Epic Win for Anonymous,” told the New York Times it would be difficult for the group to work collectively “now that their ranks are undoubtedly infiltrated by feds, security contractors and rival hackers.”
Still, Anonymous’ growing ability to pick and choose what pirated information it wants to release, is a cause for concern, Rogers said.
“They have the capability and they are getting better,” the Michigan Republican said. “At the end of the day, they don’t have to worry about governance.”
To understand just how Anonymous interacts, Professor Gabriella Coleman decided to peek behind its digital iron curtain and follow the chatter.
Coleman, professor of media, culture, and communication at New York University, embarked on an anthropological study of the group in 2008, the year it launched an attack on the Church of Scientology. She noticed a surprising metamorphosis from pulling pranks for fun to more active forms of protest.
Like workers talking shop at a bar, individuals, only known by their anon, laud the accomplishments of the collective when an attack occurs. Some lurk on the server, occasionally chiming in to organize protests. Others contribute as experts, providing the collective valuable information or advice for future endeavors.
Anonymous originated as an Internet meme in 2003, spreading through the social image aggregator 4chan. Its moniker — a business suit with either a question mark or a Guy Fawkes mask for a head — reveals itself on the group’s videos to show the leaderless organization.
Before 2008, Coleman says, the group exclusively targeted people and organizations for sheer amusement. But after the attack on the Church of Scientology, the group released a video, joking about its exploits.
“It was a call to arms to dismantle the Church of Scientology,” she said, “but it prompted a discussion on Internet chat rooms, where people ask, “Huh, maybe we should, in fact, protest the Church in earnest.”
Its hackers rely on “relatively crude tools…to deny access to websites, or hijack or deface web pages and post quasi-political statements, or perform other malicious activity,” according to the Homeland Security Department’s National Cybersecurity and Communications Integration Center Bulletin.
But the group’s overall identity is often misunderstood, Coleman said.
“Anonymous seems everywhere, and yet, notoriously difficult to pin down,” she said. “Their actions are alternatively peaceful and legal, illicit and disruptive.”
It could be because its members come from a variety of backgrounds. Some are hackers, geeks, even human rights activists — a “cluster of both ideas and ideals adopted by these individuals to organize collective actions,” Coleman said.
The types of attacks the collective partakes in are often unorganized and lack a definitive starting point. In a recent disruption of several Vatican websites, for instance, the group issued a statement to an Italian newspaper, claiming responsibility for the attack
But the reason behind the attack differed depending on what feed one reads.
“Anonymous decided today to besiege your site in response to the doctrine, to the liturgies, to the absurd and anachronistic concepts that your for-profit organization spreads around the world,” the hackers said in a statement to an Italian newspaper.
But the YourAnonNews feed called the attack “for the pure, simple lulz, no other reason.”
Still, the group’s statements signal a new era of cyber activism, sparking worries in government entities. Its members pride themselves on being “social media savvy,” using Twitter and YouTube to take responsibility for their actions.
“Though Anonymous has increasingly devoted its energies over time toward digital dissent and direct action, marshaled in the service of political causes,” she says,” it has no definite trajectory and its political sensibilities are still drawn by the collective will towards pranking, transgression, and mischief.”
The DHS and private sector watch intently
A few years ago, Larry Clinton and a few colleagues at the Internet Security Alliance — a multi-trade association that lobbies for Internet companies — were worried. They had received information about a potential cyber infiltration to networks from what they thought to be Eastern Europe. After an investigation, the culprit, working surreptitiously, came instead from Texas.
One of the major problems private sector entities face, Clinton says, is the anonymity of attackers who deceptively work behind the scenes to deny or disrupt networks. The enemy can be a foreign entity or a domestic savant. The administration has stated that the Department of Homeland Security is the lead agency on cybersecurity affairs.
“We don’t have a good threat assessment,” said Paul Rosenzweig, a senior fellow at the Heritage Foundation. “Until we do that, we’re not going to get anywhere.”
Clinton expects the private sector to invest more than $80 billion dollars on protection alone this year. The Homeland Security Department proposes $769 million to support the operations of the DHS National Cyber Security Division — double the amount of money Secretary Janet Napolitano requested in 2011.
He says there is a common misconception that the government manages the cyber protection of the private sector, when in fact the private companies are left on their own.
Roger Cressey, senior vice president of Booz Allen Hamilton, a defense and intelligence contractor that was attacked last year, told the New York Times that Anonymous is a “wake-up call” for other firms who have taken the group’s infiltration capabilities for granted.
Booz Allen Hamilton declined to comment specifically on the attack.
The Department of Homeland Security gathers intelligence from a variety of sources and pushes it out to the business community through the United States Computer Emergency Readiness Team (US-CERT). US-CERT, a part of the agency’s National Cyber Security Division, provides alerts to the public and private sector in case of a cyber attack.
Information sharing for potential threats, Larry Clinton said, occurs through informal exchanges between companies and hubs called information sharing and analysis centers (ISACS). The centers analyze the pervading trends and distribute relevant information to specific sectors.
Heritage’s Rosenzweig said Anonymous has not demonstrated the ability to disrupt critical infrastructure. He said the loss of six members from Lulz Sec, a group closely affiliated to Anonymous, will deeply affect them.
“Anonymous is kind of the brazen boardwalk at the carnival show, but in the back, there are people who are far more dangerous,” he said.