By Jim West
Information Assurance Professional
ARIFJAN, Kuwait - On June 25, 2011, LulzSec announced they were disbanding after 50 days of attacks on sites ranging from Sony to the CIA. Their final statement:
“Our planned 50 day cruise has expired, and we must now sail into the distance, leaving behind – we hope – inspiration, fear, denial, happiness, approval, disapproval, mockery, embarrassment, thoughtfulness, jealousy, hate, even love. If anything, we hope we had a microscopic impact on someone, somewhere. Anywhere.”
One of the symbols of LulzSec from their twitter account
One of their final sites compromised was a .mil site. Given the hundreds upon hundreds of .mil sites online it would be a daunting task to find which one. A screenshot of the hacked site was released, but did anyone see and report it?
After over 24 hours of being hacked, the .mil site in question was still being controlled by LulzSec. It was stumbled upon by an Information Assurance professional checking for civilian information security jobs online. After reporting it to another IA professional, it was reported to several groups within the overseas signal community in efforts to notify CONUS (Continental United States) counterparts to shut it down. It took over three hours after initial notification before the site was shut down. During which time the site was actively being hacked. Why did it take so long to mitigate this incident? Is there a breakdown in communications within the signal community? When the groups entrusted to protect the Global Information Grid spend more time on who reported the incident than the incident containment itself makes one wonder what will happen the next time; the next time when it matters. Many questions are left to answer, but one thing is for sure; this is not going to end here.
Granted in this case the hackers may not have gained access to Personally Identifiable Information or sensitive data, it is not prudent to assume anything in this incident or future incidents. To underestimate the skills of groups like this is unwise. Some online groups have called LulzSec script kiddies; inexperienced hackers who use automated tools to conduct attacks. Let’s assume that they are script kiddies. If by using an automated tool a script kiddie can own your site, you have the same level of threat to deal with as if they were experienced high level hackers. Worst case would be if during a script kiddie attack a high level hacker comes in on the attack. Now think in terms of a two-car VBIED attack, the first creates the hole while the second more dangerous attack can be carried out. What if these script kiddies opened the door for another hacker or group to come in and carry out additional attacks or destruction of data assets? Within seconds of word hitting the web that a site has been compromised a foreign government or organization could seize this opportunity to have their team of hackers take control and farm and/or destroy data. That’s a scary thought.
What is the risk at hand? The release, modification, destruction, or denial of access to sensitive information are all risks to consider. In the end it affects the warfighter. Whether release of their information, a unit's information, or information they need to conduct their job it should be regarded as an utmost serious matter.
Information Security and Information Assurance should be part of every organizations strategic planning to assist in achieving its goals. Risk assessments should be done regularly. Policies, procedures, and practices should be reviewed and tested regularly for effectiveness. Practicing due diligence and exercising due care are the basic fundamentals in an effective information security program. Most leaders only consider assets as things they can touch like weapons, vehicles, and supplies. Data is an equally if not more important asset to maintain and protect. Think of it like having money in a bank account. You can check the balance online to verify your funds anytime, but if the banks site is hacked then the availability of the account can be denied, payment services disrupted, or worst case money stolen.That is no less real being information viewed on a webpage than cold hard cash in your pocket.
It is amazing, yet not surprising, that LulzSec owned the .mil site for over 24 hours. It is humorous, yet a serious matter that they targeted the information security jobs section of the site. Hacktivism, hacking into a system for a politically or socially motivated purpose, is in no ways less malicious in its intent than regular hacking.
In closing, if you see something suspicious report it. If you believe an incident or event is occurring, report it. Whether you wear a stripes or stars on your chest, it is everyone’s responsibility to protect the Global Information Grid. Get familiar with your organizations incident response procedures today. You never know when you might have a need to know it.
Date Taken: | 08.17.2011 |
Date Posted: | 08.17.2011 05:45 |
Story ID: | 75469 |
Location: | ARIFJAN, KW |
Web Views: | 542 |
Downloads: | 2 |
This work, SITREP: PWND by LulzSec, by Maj. Mike Giaquinto, identified by DVIDS, must comply with the restrictions shown on https://www.dvidshub.net/about/copyright.