Anonymous Hacks Wal-Mart, CapitalOne, Finland, El Salvador
Releases troves of stolen data, some of unknown origin, and issues call for mass disruptions of the Iowa caucuses.
On Saturday, Anonymous released data it had stolen after hacking the websites of CapitalOne and Wal-Mart. According to Anonymous, its data dump includes information on everyone from Warren Buffet and Michael Bloomberg to Monsanto CEO Hugh Grant and embattled ex-Harvard president and former Obama financial advisor Lawrence Summers.
More Security Insights
- How Attackers Identify and Exploit Software and Network Vulnerabilities
- Getting a Grip on Mobile Malware
- The 451 Group Impact Report: Skybox Enters Vulnerability Management Space
- Skybox Security Vulnerability Management Survey
Also on Saturday, the group released a YouTube video calling for people to occupy "campaign offices of presidential headquarters in Des Moines, Iowa," come December, in a bid to disrupt the Iowa caucuses in January. The Anonymous communication accused both the Democratic and Republican parties of "committing crimes against humanity on behalf of American people" and destroying "the American democracy." As a result, the group said that it was extending "Operation Empire State Rebellion"--a nod to the Occupy Wall Street movement, which it has been supporting with hack attacks--to Iowa.
Meanwhile, on Monday, officials in El Salvador disclosed that Anonymous had launched a cyber attack against government websites there, two weeks ago. All told, the distributed denial of service (DDoS) attack flooded government websites with a total of 30 million hits, reported AFP. The government said it took the websites offline until the attack had subsided.
[A former Anonymous hacker offers security tips. See 14 Enterprise Security Tips From Anonymous Hacker.]
On Saturday in Finland, officials discovered that Anonymous had released a data dump involving information on 16,000 Finns, but from an unknown website or websites. "We still do not know if the data has been collected by breaking into the services, or if some other method of obtaining information has been used. In the related Internet conversations there is a rumor circulating, according to which this would be a list for adult education marketing purposes," Mikko Hypponen, chief research officer at Finland's F-Secure, told the Finnish newspaper Helsingin Sanomat on Tuesday.
The newspaper said that the released data includes "the names, full social security numbers, addresses, telephone numbers, street addresses, and email addresses of the victims." Government officials said the list seems to combine information from multiple higher-education institutions, including the country's police college.
Again in Finland, Anonymous claimed on Monday to have hacked a database that stores requests for joining the mailing list for the website of a far-right political party in Finland. The Suomen Kansallinen Vastarinta (SKV) party, according to one Finland commentator, Enrique Tessieri, espouses the position of "many neo-Nazi organizations in Europe, who live in a delusionary views about racial purity that date back to Germany and Europe of the 1930s."
The Anonymous exploits in El Salvador, Finland, and the United States follow recent, claimed attacks against numerous Israeli government websites, as well as a campaign--later called off--against Mexico's Zetas drug cartel.
In other words, various parts of Anonymous have been busy lately, quite possibly due to it having been Guy Fawkes Day on November 5. The day holds special significance for the collective, which has incorporated graphic novelist Alan Moore's V For Vendetta take on the day, which transformed Fawkes, a religious zealot bent on exploding the British Parliament, into a modern crusader against a corrupt, totalitarian government, sporting what's now become the trademark Anonymous mask. (As also featured in the film version.) However, as noted in a recent Guardian story, there's no small irony in the fact that a portion of the sale of every mask goes to Warner Brothers, which is part of TimeWarner, which is part of the Motion Picture Association of America, which promotes an anti-online-piracy ethos that's decidedly not part of the Anonymous philosophy.
[Update: Capital One has contacted InformationWeek with a correction to this story: "Capital One's site was under a scheduled routine maintenance on Saturday evening. This was something we controlled and our customers were still able to access online account servicing and complete their transactions. The news that our website was hacked is inaccurate and at no time were our customers unable to transact," the spokesman said.]
Security professionals often view compliance as a burden, but it doesn't have to be that way. In this report, we show the security team how to partner with the compliance pros. Download the report here. (Free registration required.)