Anonymous steps up attacks with hits on Alabama, Mexico and (maybe) CIA

The spate of hacktivist attacks on government systems picked up speed again late last week, with Anonymous taking credit for hacks of Alabama’s state servers, government sites in Mexico and claiming, but then disavowing, an attack on the CIA’s website.

The United Nations’ website also was attacked, though apparently by another hacker.

Anonymous posted a release on PasteBay saying it attacked Alabama police and government servers and harvested personal information — including Social Security numbers, birth dates and addresses — on more than 40,000 people.


Related coverage:

Can government stem the rise of hacktivism?

FBI's Megaupload bust, Anonymous' hacks underscore SOPA battle


The release said the attack was a protest against the state’s “racist” immigration laws, and also blamed the state for failing to protect its citizens by air-gapping and encrypting their data, which the group said it had deleted.

“Because of the possible cost of lives and money to regular citizens, we are deleting this data,” the group said. The release included a sampling of the taken data, redacted to protect the identities of the people involved.

“We mean no harm by releasing this redacted information,” the group said. “This data was not securely segregated from the Internet, nor was it properly encrypted. This is what happens when not enough resources are spent on proper design and the training that comes with it.”

Anonymous posted the release on Feb. 10, the same day a member of the loose collective announced on the YourAnonNews Twitter feed that the group had taken down the CIA website. “#Anonymous takes down main CIA website https://www.cia.gov/; site is still down,” the message read.

But a later tweet on the same feed backed away from that claim, saying, “We'd remind media that if we report a hack or [Distributed Denial of Service] attack, it doesn't necessarily mean we did it...FYI.”

A CIA spokesman acknowledged the agency’s site had a temporary outage on Friday, Feb. 10, but did not offer a cause, The Register reported. The site was back to normal operations by Saturday. The CIA’s website also was taken down after an attack in June, claimed by the group LulzSec.

In Mexico, Anonymous attacked the Mexican Senate, Interior Ministry and other government sites in protest of that country’s proposed anti-piracy law, PC Magazine reported. The group also attacked sites connected with Mexico’s mining industry and released 730M of e-mails from the Mexican National Chamber of Mines—those attacks coming in protest of the working conditions for miners, the article said.

The Mexican anti-piracy law is that country’s version of the U.S. Stop Online Piracy Act in the House, which has pretty much been abandoned after large-scale protests in January.

Hacktivist attacks against government and other websites have accelerated over the past month, coinciding with protests over anti-piracy legislation — SOPA, its Protect Intellectual Property Act counterpart in the Senate, and the proposed  international Anti-Counterfeiting Trade Agreement  — along with anti-piracy crackdowns such as the recent bust of the Megaupload file-sharing site.

After the FBI shut down Megaupload and arrested several of its leaders, Anonymous attacked the websites of the FBI, Justice Department and White House, as well as those of several entertainment companies.

Among other attacks since, Anonymous broke into a Boston Police Department site, shut down a Federal Trade Commission site and intercepted and released a call between the FBI and Scotland Yard in which detectives discussed cyber crime investigations.

A day before the CIA, Mexico and Alabama attacks, a hacker broke into the United Nations website and posted a list of the systems’ potential vulnerabilities on Pastebin, apparently in protest of anti-piracy efforts, Fox News reported. The hacker’s post included a message citing Internet freedom and equal rights.

 

About the Author

Kevin McCaney is editor of Defense Systems. Follow him on Twitter: @KevinMcCaney.

Reader Comments

Tue, Feb 14, 2012 Walter Washington

I think the point is that Alabama did not encrypt the personal data and sent it over the open internet. It would be on par with sending your pay check in the form of cash through the mail with a label on it saying cash. They released enough information to prove they did it but not enough to compromise anyone. If you can't be responsible enough to take minimal efforts to keep the information secure, you shouldn't be using computers hooked to the internet. If these guys could get the information this easily, then there are probably any number of criminal organizations that already have it.

Tue, Feb 14, 2012 Вася Пупкин Blessed South, US

Oh wow, Robin Hood is back :-) I'm kinda sympathetic to the complaints about not enough resources spent on training though. Serving in local gov agency for 10 yrs I have to fight with management for every opportunity of a job related training and only have won Once (1). Thanks GCN at least I could read these articles with buzz words like "air-gapping".

Tue, Feb 14, 2012 dandman

So let me understand. As an individual citizen of Alabama, this group has potentially chosen to intercept my identification and release it for fair game because they don't like what the Alabama government has done? So exactly who put this guy in charge to say what is right or wrong. I would suggest this is a criminal act of theft - breaking and entering just as if it were brick and motar.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above