2011-06-20
By Deborah Ritchie
Hackers LulzSec and Anonymous have come together to launch a new campaign against government organisations and banks. The main aim is to leak emails or classified information of governments, banks or “other high-ranking establishments” in order to expose what the hacktivist groups claim to be corruption and restriction of freedoms.
The UK and US governments have become increasingly aware that information is the new currency, this adds to the incentives that we think hackers are motivated by, financial gain. Some want to make statements that they are fighting corruption or fighting for freedoms but the same information is used for gain (identity theft) and some can be used for far more sinister reasons.
Yesterday, the Serious Organised Crime Agency (Soca) was subject to a distributed denial of service (DDoS) attack designed to bring down its website. Today LulzSec say they have ‘blissfully obtained records of every single citizen who gave their records to the security-illiterate UK government for the 2011 census’.
Other recent Lulzsec targets to have had their websites downed include the US Central Intelligence Agency and the US Senate website.
The attacks of yesterday were not damaging but a Twitter post today has threatened that future attacks will be. Whether or not any tangible harm has been done to systems and data assets, there is considerable damage caused to the trust we place in agencies who are funded by tax payer.
“Against this backdrop there is a clear and present need to defend any organisation's IT platform as never before. This can only be achieved by raising the security bar at the point where traffic enters and or leaves you network,” says Ray Bryant, CEO of digital security provider, Idappcom.
“In most western countries government departments are faced with the largest cuts, austerity measures, they have faced for many years. Whilst there has been specific funding promised to create projects that look at the issues the cuts are today and that presents a real problem for government departments today. How do you increase the security effectiveness without purchasing new equipment or recruiting additional expertise. This can be done, raise the security bar, make what you have work harder and efficiently”, he continued.
There are many ways that security can be enhanced. Training of personnel to be security conscious, making sure every device that connects to the network is patched, desktop protection is current, but perimeter defence is the frontline in this war. Effective and efficient IPS/IDS/Firewalls.
“The recent and promised future attacks are all based around Denial of Service”, so Bryant. “ Future attacks may be combined with evasion techniques but they both be countered and resolved by using automated tools for audit and Penetration testing of your perimeter defences to ensure they are configured to detect effectively and that your security rules are doing the job they are supposed to. Ensuring your perimeter defences are always operating at the highest level is the best form of defence. This does not mean that you have to slow down your traffic, the same tools can be used to tune your Intrusion detection to be more efficient”.
 DRAFT1.jpg)
