DHS: Anonymous not a threat to industrial systems, for now
- By Kevin McCaney
- Oct 18, 2011
The hacker group Anonymous has gotten a lot of attention for distributed denial-of-service attacks on government websites and other high-profile targets, but it's not likely to launch an attack that could damage the United States' critical infrastructure, according to a Homeland Security Department report.
DHS initiated a study after Anonymous expressed interest in attacking industrial control systems, according to the Sept. 16 report, which was marked unclassified but "for official use only." It was posted Oct. 17 on the Public Intelligence website.
Concerns about threats to the nation’s critical infrastructure were raised earlier this year after the Stuxnet attack on an Iranian nuclear processing facility. In that attack, the worm manipulated the controls in centrifuges at the facility, effectively shutting down uranium processing.
What is Anonymous? It is not pro-privacy.
Stuxnet-style attack could wreak havoc at prisons, study says
Stuxnet’s sophistication and targeted nature, although requiring a lot of resources, prompted speculation about what such an attack could do in this country — at power plants, electrical grids, and even prisons and nuclear facilities.
Anonymous, a politically motivated hacktivist group, has had successful takedowns of high-profile targets such as Sony, San Francisco’s Bay Area Rapid Transit system, and more than 70 rural sheriff’s departments, along with a number of other government sites here and overseas. A series of arrests in places around the world have slowed the groups activities but not stopped them altogether.
In July, a known member of the group posted on Twitter the results of browsing the directory tree for Siemens SIMATIC software, which is used in industrial systems, DHS said. “This is an indication in a shift toward interest in control systems by the hacktivist group,” the report states.
However, DHS’ study found “no indications of knowledge or skill in control systems operations, design or components,” the report states. “The individual may possess the necessary skill to exploit elevated privileges by hijacking credentials of valid users…[but] no posting by the individual indicated direct malicious activity.”
The report concludes that Anonymous likely has a limited ability to carry out a Stuxnet-like attack on industrial control systems, but it notes that “experienced and skilled members of Anonymous in hacking could be able to develop capabilities…very quickly.”