Threat Management

Anonymous leads attacks over Assange, Pussy Riot handling

The hacktivist group Anonymous is taking credit for a series of attacks aimed at U.K. and Russian websites.

On Monday, vandals temporarily brought down the websites of the U.K.'s Ministry of Justice and Home Office.

A popular Anonymous Twitter account said the attacks were launched out of solidarity with WikiLeaks founder Julian Assange, who was granted asylum in Ecuador, but remains at the country's London embassy because police there have threatened to charge him with violating his bail conditions. Assange has not been charged with any crime, but is wanted for questioning in Sweden related to sexual offense allegations. He has said he will answer any questions from Swedish authorities if he is promised not to be extradited to the United States, where he fears prosecution related to his whistleblower site.

Currently, the targeted websites -- the Ministry of Justice and the Home Office, which lead U.K. government affairs pertaining to security, customs and immigration -- are back operating.

Meanwhile, on Tuesday, hackers defaced the website for the Russian court where last week three members of punk rock band Pussy Riot were sentenced to two years in prison. The band led an anti-Putin protest in February at a Moscow cathedral, and were charged with "hooliganism."

The attackers defaced the site to include a song by the band, called "Putin is Lighting the Fires of the Revolution," and a Bulgarian singer's video was posted. The pranksters left a message saying they are affiliated with the “American group Anonymous.”

The website for the Khamovnichesky District Court was temporarily down for maintenance to repair the defacement, and now appears to be operating normally.

Jonathan Lewis, senior product marketing manager for  security firm Arbor Networks, told SCMagazine.com on Tuesday that DDoS attacks have a range of motivations, but, over the last few years, ones developed because of political beliefs have been on the rise.

“There's a whole ecosystem supporting the phenomena,” Lewis said. “There are lots of tools out there, like software you can download to launch an attack on any website you can identify. They don't even have to buy it – it's available for free download."

While some DDoS attacks are launched with the intention to make a website unavailable, some are foisted to distract IT administrators while the hackers subsequently steal information, Lewis said. This was the case with Sony when a DDoS attack led to the personal data theft of customers using the company's PlayStation Network and entertainment on-demand service Qriocity.

Lewis said organizations need to better prepare themselves.

“In terms of best practices, they should implement protection from their internet service provider, to defend their particular website from high-volume attacks,” Lewis said.

They should also make sure they've developed a tested plan to handle the attack, should it occur, he said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.