Email
Password
Remember meForgot password?
    Log in with Twitter

article imageOp-Ed: Anonymous vs Symantec – Letting a beast loose on the world

By Paul Wallis     Mar 4, 2012 in Internet
Sydney - Well, things just got a lot dirtier. Security firm Symantec claims an Anonymous Distributed Denial of Service (DDOS) attack was hijacked by a Trojan which stole banking and other personal details from Anonymous supporters. Anonymous denies the claim.
Symantec has quite a bit of information about how a very nasty Zeus Trojan got included in source materials for the Anonymous botnet .
According to Symantec a malware operator changed a file name and infected the users with the Trojan. Exactly how Symantec got this information is debatable, but it’s pretty obvious that the company has been doing a lot of analysis of the Anonymous operation, and that it’s been monitoring Anonymous very thoroughly.
Note: You do actually need to read the Symantec article to get their entire argument.
Anonymous posted a few Tweets which included “tools of the trade for DDOS attacks” and a tutorial. You don’t need to be brilliant to use these things, but you do need some basic literacy on the software and issues.
The malware operator took advantage of this to simply replace the Anonymous content with its own, similar and similarly named file, known as Slowloris.
Anonymous, meanwhile, has denied that anything of the sort took place. According to CNET:
For, on the YourAnonNews Twitter feed, there was posted a fierce rebuttal: "This post from @Symantec about @YourAnonNews's spreading the DDOS hijacking trojan is wrong & libelous to say the least http://goo.gl/MUVxD."
The following tweet read: "Dear @Symantec - @YourAnonNews NEVER posted the DDOS hijacker nor did we attempt to trick people; instead we WARNED of it."
And a third offered: "Also, @Symantec - maybe if you paid attention to more details and did proper due diligence, your source code wouldn't have been stolen. SMH."
Cute stuff, this. Let’s look at something other than the “did/didn’t” side of this thing.
A new monster on the net
The fact is that Symantec, intentionally or otherwise, has posted a How To for malware operators in terms of pirating practically anything and installing malware into any feed of this type, whether by Anonymous or your friendly local spam bit torrent company. This is not good news for anyone. Whether Anonymous was hacked or not, a new beast is loose on the internet. While internet security in some basic consumer areas is strong, lower level operations are anything but secure.
It doesn’t really matter how a Trojan gets in. I had an experience of hitting an “employment site” which loaded 8 Trojans on my computer in about 3 seconds. Fortunately for me, my free security software found all of them, while my pricey Norton stuff didn’t even recognize some which I knew had been around for years.
Downloads, however, are scripted paths. When you say OK, they’re in. Most people rarely stop downloads, because after all, they want the things they’re downloading. The trouble with the botnet hack is that it also means that these things can break into the millions of computers already in zombie (unaware) botnets around the world.
The validity of the Symantec story is debatable on several levels.
1. There’s some reason to believe the claim that the skilled Anonymous guys were not only aware but able to avoid the malware. If you check out code writing forums, you’ll find a lot of discussion of DIY virus traps and other non-commercial methods of managing unwanted intruders. This isn’t very high level stuff for code writers, (viruses are limited by their functions, and their actions can be predicted if you take the time) so Anonymous’ claim that it was aware of the malware is more likely to be true than not.
2. There’s no identity for the malware source? This Robin Hood of cyberspace did this out of the goodness of their hearts? More likely, if this actually was a hacker, another hacker wanted to challenge Anonymous. There are good guys and bad guys, but there are also egos in hacking. The “criminal mastermind” type, for example, brags about their hacks. A hack of Anonymous would be a real feather in this guy’s cap/cranium housing/flowerpot.
3. Another hacker, however, would be comparatively good news compared to the other option- A targeted operation by faceless, unaccountable authorities. The idea of “law enforcement” doesn’t do well out of this scenario. If authorities are trumpeting massive online criminal options, cyber-attacks, cyber espionage, and an all-out war is in progress around the world, this operation raises more than a few questions:
If one file can disrupt a DDOS attack, why are DDOS attacks a plague around the world on a daily basis?
If it’s that easy, why have Anonymous and many others been able to hit at will?
There’s another rather interesting and revealing hole, roughly the size of Asia, in the commentary on the “dozens of Anonymous participants arrested" commentary from Symantec. If the people arrested were also the ones who downloaded the Trojan, how did the authorities know to arrest them?
Not many dots to join on the likely answer to that question, are there? One very possible scenario is that a selective effort was made in response to Anonymous attacks, while nothing much is being done about criminal attacks on the public. Says a lot about the priorities of the “authorities”, doesn’t it?
Methinks someone has been a bit too ready to claim a hit on Anonymous, either on principle or in the name of trying to attack the reputation of the group. I doubt very much that an attack of this kind could have hit key Anonymous operators. I don’t doubt for a minute that a demand for some sort of response to Anonymous could have generated a hit on their supporters.
A new and very dangerous beast is loose. It’s either an “official” monster, or a criminal monster, but when you bear in mind the sheer number of uses the attack described by Symantec could have, it’s a true monster. This methodology, now out of the bag, is a risk to everyone. Watch your downloads, folks, because the Next Big Thing looks like it’s just getting off the bus.
This opinion article was written by an independent writer. The opinions and views expressed herein are those of the author and are not necessarily intended to reflect those of DigitalJournal.com
More about Anonymous, Symantec, Zeus Trojan, Botnet, DDOS attack software