Anonymous attack mocks government security measures

In Information Security ByTeam Acumin / 16th April 2012

They knew it was coming, yet they still couldn’t stop it. A few days before Anonymous launched a DDoS (distributed denial-of-service) attack against the coalition government’s Home Office website; it announced its plans to the world. And still it couldn’t be thwarted.

This proclamation, loud and vocal the digital way, is seen by many as a clear sign from the hacktivist collective that it means serious business and it doesn’t care how big you are as an organisation, everyone is liable for getting ‘hit’. Anonymous wants to be the preeminent force for political and social good, it argues, and if that is to be achieved through underhand means, then so be it – this is a “war” and rules don’t apply as they do in peacetime. This declaration was a sort of “come on have a go if you think you’re hard enough”.

It was audacious behaviour. As PC Advisor’s Anthony Savvas noted on April 5th, it meant that the pressure was on the government to show that it is on top of its game and able to quash such wildly flagrant threats. If it didn’t, then it would be unable to say, confidently, that it has the resources and savvy to stop “more serious cyber attacks” from taking place.

On April 7th, people trying to log onto the Home Office website were greeted with the following message: “Due to a high volume of traffic this page is currently unavailable. Please try again later.”

Now, this might have passed as a routine –  certain websites do, on occasion, get really busy – yet everyone knew what had caused the high volume of traffic: Anonymous and its motley crew of hacktivists.

Like a poker player bluffing with a decent but by no means winning hand of cards, the government was forced to show, losing face. They got beat. Even if no data was extracted and the website was back up and running again the next day, it has exposed some shortcomings, which security professionals will be, no doubt, keen to get to the bottom of.

2011 was the year that DDoS entered into the popular lexicon and made its mark as a bothersome security threat. What will 2012 bring? As the second quarter of the year gets comfortable, the big question is what can be done? Survivability is a word that gets thrown about in this conversation, but that comes across as weak, as if to imply that it’s not something that can be fully thwarted.

While that may be the case – all attacks evolve in a responsive sense – there is certainly scope for significant improvement. If Anonymous can be so brazen as to explain that it is going to attack, surely this should be met with an equally robust response. We have to work harder.