Much has been said about the crafty and elusive Anonymous hacking group, which most recently made headlines after breaching and releasing personal information on San Francisco Bay Area Rapid Transit police officers. Now, the technology industry is addressing protective solutions.
The attack on BART police, in which hackers stole email addresses and passwords and other personal information pertaining to 102 officers, comes in true “hacktivist” fashion. The hack was in response to BART police’s controversial move to suspend cellphone service in anticipation of a planned protest in San Francisco.
In most cases involving Anonymous, the organization that was breached has declared a grudge against the group, announcing plans to investigate and punish those responsible for the attack. This has been especially prevalent with law enforcement agencies. For example, the Arizona Department of Public Safety, shortly after Anonymous affiliate organization AntiSec released information on its officers, declared that it was investigating the breach and working to locate and arrest the hackers.
Similarly, BART union president Jesse Sekhon told the San Francisco Chronicle “these people [hackers] need to be brought to justice. They can’t be terrorizing people.”
However, so far, attempts from law enforcement worldwide have been futile, with reactionary measures falling short while hackers move on to new targets. Even the arrests of high-profile Anonymous members, including teenage spokesman Jake Davis, who operated the pro-Anonymous Twitter account @atopiary, do not seem to have slowed the group down. Any push-back appears to instigate Anonymous to undertake new projects.
“We do not tolerate oppression from any government agency,” Anonymous wrote in notes on its posting of MyBart.org information. “BART has proved multiple times that they have no problem exploiting and abusing the people.”
So, with a willing and capable hacktivist organization showing that it can access nearly any information, the technology industry is now focusing on what kind of measures can be taken to protect consumers, businesses and government employees.
At the consumer level, not much can be done to repel a determined hacker besides strengthening passwords. In many cases, consumers need to transmit personally identifiable information over the internet, regardless of whether they trust the service with which they are working. The only solution is to use more complex passwords, and employ a different one for every online account accessed. According to an InformationWeek report, this is one practice that is all too obvious, but very often inexcusably ignored.
“This one’s so basic that every enterprise IT worker who reads it might feel inclined to roll his or her eyes right now, but face it – too many of us aren’t doing the job,” the InformationWeek report stated. “If the Wednesday hack on BARTpoa.org demonstrated anything, it’s that far too many users are allowed to jeopardize the organization’s security with flimsy passwords that any 9-year-old could break via a crude dictionary attack.”
Businesses and other organizations are advised to strengthen their security standards with new technology, while also enforcing strict standards on employee use. According to InformationWeek, other IT security administrators can learn from the mistakes at BART to avoid suffering the same fate.
“Enterprise IT organizations know this story all too well, and diligent IT pros constantly fight the good fight to keep data assets securely within the company’s control, even when working with third parties,” the report explained. “BART failed to protect its workers by vetting the security of its third-party sites, and now it’s reaping the consequences.”
Any internal efforts to strengthen security will be essential in the wake of the BART breach, as Anonymous has already claimed it will release more stolen information later this week.
Cybercrime News by SimplySecurity.com by Trend Micro