DHS issues Anonymous threat assessment

The US Department of Homeland Security (DHS) has issued an unclassified threat assessment detailing the tactics and capabilities of Anonymous.

Although the DHS claimed Anonymous hasn’t demonstrated “any capability” to damage critical infrastructure, the department did (grudgingly) acknowledge that certain members have displayed “moderately higher levels” of skill and creativity – as is evidenced in operations where a combination of methods and techniques were employed to target multiple networks.

“To date, their attacks have largely resulted in the release of sensitive documents and personally identifiable information. These attacks have the potential to result in serious harm, particularly to law enforcement and other federal, state and local government personnel who may be targeted as a result,” stated the report. 

“We assess with high confidence that Anonymous and associated groups will continue to exploit vulnerable publicly available web servers, web sites, computer networks and other digital information mediums for the foreseeable future.”

Interestingly enough, the report emphasized that its current unclassified assessment did not take into account the possibility of a “higher-level actor” potentially providing Anonymous with more advanced capabilities. 
Nevertheless, the DHS proposed adjusting the monitoring of both internal and external resources for indications of a pending or ongoing attack against cyber/telecommunications networks.

The unclassified report also attempted to analyze the recruiting and operational methods of Anonymous. According to the DHS, cyber activists associated with the group use the ‘Net to routinely recruit and train new personnel, conduct reconnaissance on potential targets, exploit vulnerabilities found in information systems, deny access to resources, alter information presented by organizations and steal sensitive information.

“Though the TTPs and tools employed by Anonymous are commonly thought to be rudimentary and unsophisticated, their success to date executing operations and gaining media attention is on par with high profile incidents allegedly involving sophisticated ‘Advanced Persistent Threat’ (APT) actors,” the authors of the assessment concluded. 

“They have relied on taking advantage of weaknesses in applications, thus allowing them to bypass, at least initially, conventional network defenses such as firewalls and anti-virus applications to access sensitive data.”

As such, the report recommends that various government agencies and private sector partners ensure processes are in place to notify leadership and network operators if their organizations becomes a possible target by hacktivists or other malicious actors. 

“Should a cyber attack occur, ensure backup and recovery procedures are in place and enabled. Be prepared to execute a full spectrum defensive plan that includes contact information for external sources to draw on for assistance. Collect and centrally manage detailed aspects of the attack so you can provide accurate information to Operations, Security, and Law Enforcement personnel as necessary. 

“Such a plan may also include materials identifying who to contact at your Internet service provider, possibly via alternate means, and at any time of day or night to minimize the duration and effect of a cyber attack. Similarly, have contact information readily available for public and private entities to draw on for assistance: the NCCIC, US-CERT, FBI Joint Terrorism Task Force, local FBI Field Office, applicable

Information Sharing Analysis Center (ISAC) and Sector Specific Agency.”

Anonymous responded to the above-mentioned report by posting a PDF link on one of its Twitter feeds, along with a short blurb which reads: “Department of Homeland Security bulletin about #Anonymous and @LulzSec. Now they know what Lulz are.”