Welcome!

Cloud Security Authors: Elizabeth White, Pat Romanski, Zakia Bouachraoui, Liz McMillan, Yeshim Deniz

Related Topics: Cloud Security, @CloudExpo, Government Cloud

Cloud Security: Blog Feed Post

Anonymous, Surfaces, and Gaps

The Department of Homeland Security is warning that Anonymous is going to take to infrastructure attacks

The 1980s Marine Corps doctrine of Maneuver Warfare (MW) heavily focused on the concept of “surfaces and gaps.” Marines, which largely defined themselves with frontal tactical and operational attacks against fortified sites in World War II maritime campaigns, would aim to move through existing weaknesses in the enemy’s line in future campaigns rather than creating them.  Whatever the merits or demerits of MW, the concept has utility for explaining the nature of cyber threats that exist for most companies and organizations rather than exotic foreign cyberwar specialists or apocalyptic infrastructure-crashing attacks.

The Department of Homeland Security is warning that Anonymous is going to take to infrastructure attacks, and elements from the groups themselves are threatening to black out the Internet to protest copyright measures. While these may cause massive press attention (to the consternation of resident CTOVision hacker Bryan Halfpap), here’s a more realistic look at what Anonymous is actually doing:

Anonymous, a group not known for discipline, is giving itself a weekly deadline, a new attack every Friday. Following the Tuesday compromise of the website of tear gas maker Combined Systems, Inc., the Antisec wing of Anonymous struck a Federal Trade Commission webserver which hosts three FTC websites, business.ftc.gov, consumer.gov and ncpw.gov, the National Consumer Protection Week partnership website. …“We are already sitting on dozens of unreleased targets,” said an Antisec anon, who went on to describe an inventory of already compromised servers that could fill five months or more of #FFF releases. “Yes, each and every Friday we will be launching attacks… with the specific purpose of wiping as many corrupt corporate and government systems off our internet,” the anon continued.

Politically motivated hackers are, after all, looking to make political points. Most Internet users–including, government and private sector organizations–are not conversant in basic security procedures. Why go for spectacular attacks when there is simply so much low-hanging fruit lying around for doxing, defacing, and shutdowns? Or, to return to the metaphor at the beginning, why attack the fortress when one can move through the gaps in the wall? The hacks themselves admittedly are very basic stuff:

Anons claiming responsibility for the attack spoke to Wired.com in an online chat just as it happened, freely admitting that there was nothing technically remarkable in this hack. As one remarked, “own & rm and move on.” (rm being a unix command to delete data.)

As I wrote on the STRATFOR hack, despite the company’s tangential relationship to the actual Bradley Manning case, it got hacked anyway simply because it was a target of opportunity. There’s really a simple (conceptually) answer to the problem: harden the targets rather than buy into the threat of attacks–such as the laughable idea of crashing the Internet–that are more media trolling than anything else.

Read the original blog entry...

More Stories By Bob Gourley

Bob Gourley writes on enterprise IT. He is a founder of Crucial Point and publisher of CTOvision.com

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


IoT & Smart Cities Stories
Business professionals no longer wonder if they'll migrate to the cloud; it's now a matter of when. The cloud environment has proved to be a major force in transitioning to an agile business model that enables quick decisions and fast implementation that solidify customer relationships. And when the cloud is combined with the power of cognitive computing, it drives innovation and transformation that achieves astounding competitive advantage.
In an era of historic innovation fueled by unprecedented access to data and technology, the low cost and risk of entering new markets has leveled the playing field for business. Today, any ambitious innovator can easily introduce a new application or product that can reinvent business models and transform the client experience. In their Day 2 Keynote at 19th Cloud Expo, Mercer Rowe, IBM Vice President of Strategic Alliances, and Raejeanne Skillern, Intel Vice President of Data Center Group and G...
DXWorldEXPO LLC announced today that "IoT Now" was named media sponsor of CloudEXPO | DXWorldEXPO 2018 New York, which will take place on November 11-13, 2018 in New York City, NY. IoT Now explores the evolving opportunities and challenges facing CSPs, and it passes on some lessons learned from those who have taken the first steps in next-gen IoT services.
The current age of digital transformation means that IT organizations must adapt their toolset to cover all digital experiences, beyond just the end users’. Today’s businesses can no longer focus solely on the digital interactions they manage with employees or customers; they must now contend with non-traditional factors. Whether it's the power of brand to make or break a company, the need to monitor across all locations 24/7, or the ability to proactively resolve issues, companies must adapt to...
"IBM is really all in on blockchain. We take a look at sort of the history of blockchain ledger technologies. It started out with bitcoin, Ethereum, and IBM evaluated these particular blockchain technologies and found they were anonymous and permissionless and that many companies were looking for permissioned blockchain," stated René Bostic, Technical VP of the IBM Cloud Unit in North America, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Conventi...
Founded in 2000, Chetu Inc. is a global provider of customized software development solutions and IT staff augmentation services for software technology providers. By providing clients with unparalleled niche technology expertise and industry experience, Chetu has become the premiere long-term, back-end software development partner for start-ups, SMBs, and Fortune 500 companies. Chetu is headquartered in Plantation, Florida, with thirteen offices throughout the U.S. and abroad.
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
SYS-CON Events announced today that DatacenterDynamics has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY. DatacenterDynamics is a brand of DCD Group, a global B2B media and publishing company that develops products to help senior professionals in the world's most ICT dependent organizations make risk-based infrastructure and capacity decisions.
A valuable conference experience generates new contacts, sales leads, potential strategic partners and potential investors; helps gather competitive intelligence and even provides inspiration for new products and services. Conference Guru works with conference organizers to pass great deals to great conferences, helping you discover new conferences and increase your return on investment.
DXWorldEXPO LLC announced today that ICOHOLDER named "Media Sponsor" of Miami Blockchain Event by FinTechEXPO. ICOHOLDER gives detailed information and help the community to invest in the trusty projects. Miami Blockchain Event by FinTechEXPO has opened its Call for Papers. The two-day event will present 20 top Blockchain experts. All speaking inquiries which covers the following information can be submitted by email to [email protected] Miami Blockchain Event by FinTechEXPOalso offers sp...