• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Current News   »   Security lessons learned from Anonymous’ BART breach

Security lessons learned from Anonymous’ BART breach

  • Posted on:September 6, 2011
  • Posted in:Current News, Cybercrime
  • Posted by:
    Trend Micro
0

Much has been said about the crafty and elusive Anonymous hacking group, which most recently made headlines after breaching and releasing personal information on San Francisco Bay Area Rapid Transit police officers. Now, the technology industry is addressing protective solutions.

The attack on BART police, in which hackers stole email addresses and passwords and other personal information pertaining to 102 officers, comes in true “hacktivist” fashion. The hack was in response to BART police’s controversial move to suspend cellphone service in anticipation of a planned protest in San Francisco.

In most cases involving Anonymous, the organization that was breached has declared a grudge against the group, announcing plans to investigate and punish those responsible for the attack. This has been especially prevalent with law enforcement agencies. For example, the Arizona Department of Public Safety, shortly after Anonymous affiliate organization AntiSec released information on its officers, declared that it was investigating the breach and working to locate and arrest the hackers.

Similarly, BART union president Jesse Sekhon told the San Francisco Chronicle “these people [hackers] need to be brought to justice. They can’t be terrorizing people.”

However, so far, attempts from law enforcement worldwide have been futile, with reactionary measures falling short while hackers move on to new targets. Even the arrests of high-profile Anonymous members, including teenage spokesman Jake Davis, who operated the pro-Anonymous Twitter account @atopiary, do not seem to have slowed the group down. Any push-back appears to instigate Anonymous to undertake new projects.

“We do not tolerate oppression from any government agency,” Anonymous wrote in notes on its posting of MyBart.org information. “BART has proved multiple times that they have no problem exploiting and abusing the people.”

So, with a willing and capable hacktivist organization showing that it can access nearly any information, the technology industry is now focusing on what kind of measures can be taken to protect consumers, businesses and government employees.

At the consumer level, not much can be done to repel a determined hacker besides strengthening passwords. In many cases, consumers need to transmit personally identifiable information over the internet, regardless of whether they trust the service with which they are working. The only solution is to use more complex passwords, and employ a different one for every online account accessed. According to an InformationWeek report, this is one practice that is all too obvious, but very often inexcusably ignored.

“This one’s so basic that every enterprise IT worker who reads it might feel inclined to roll his or her eyes right now, but face it – too many of us aren’t doing the job,” the InformationWeek report stated. “If the Wednesday hack on BARTpoa.org demonstrated anything, it’s that far too many users are allowed to jeopardize the organization’s security with flimsy passwords that any 9-year-old could break via a crude dictionary attack.”

Businesses and other organizations are advised to strengthen their security standards with new technology, while also enforcing strict standards on employee use. According to InformationWeek, other IT security administrators can learn from the mistakes at BART to avoid suffering the same fate.

“Enterprise IT organizations know this story all too well, and diligent IT pros constantly fight the good fight to keep data assets securely within the company’s control, even when working with third parties,” the report explained. “BART failed to protect its workers by vetting the security of its third-party sites, and now it’s reaping the consequences.”

Any internal efforts to strengthen security will be essential in the wake of the BART breach, as Anonymous has already claimed it will release more stolen information later this week.

Cybercrime News by SimplySecurity.com by Trend Micro

Related posts:

  1. Lessons learned from recent Evernote breach
  2. Anonymous cracks system of Booz Allen Hamilton
  3. Apply lessons learned from Wi-Fi to help BYOD
  4. Our Journey to GDPR Compliance: Lessons learned on our way to May 25th

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Cloud-based Email Threats Capitalized on Chaos of COVID-19
  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.