Anonymous Attacks Irish Government Websites

This evening I was putting together my slide deck for an upcoming presentation at the next IISF meeting on my information security predictions for 2012.  One of the topics I am going to discuss is the rise of hacktivism and the impact that can have on an organisation.  Ironically, as I was writing my slides Anonymous announced operation OpIreland in which they are targeting Irish government websites.  OpIreland is in protest against a law the Irish government is planning to introduce to allow copyright holders get access to websites blocked that they claim are hosting pirated material.

According to The Journal.ie, the websites of the Department of Justice and Finance have been impacted by the attack.  From watching various updates on Twitter other government websites seem to be also impacted, but as yet it is not clear whether or not this is a direct result of the OpIreland attack or if these sites share or are hosted on the same infrastructure as the targeted sites. 

It also appears the the mobile phone numbers and email addresses of all the TDs have been published, information that was publicly available in the first place anyway.

While these attacks appear to have happened at an unusual time, midnight on a Tuesday night, and have had minimal impact on the general population, they could simply be a “warning shot” from Anonymous highlighting the campaign has started.  Over the coming days we may see these attacks intensify, especially as more people are recruited into the operation. Typically these attacks will eventually fade away as those taking part in the attack lose interest and move onto other items.

Many will see this as a way to draw government’s attention to the concerns many have with the proposed new law.  However, I believe that this action will simply divert the attention of the media and elected officials away from the core issue at heart and focus instead on Ireland been subjected to these attacks.  TJ McIntyre argues this case more eloquently that I can on his blog post Anonymous attacks on Ireland will hurt, not help the case against blocking.

If you want to register your protest against the proposed changes in the law then you should consider taking what I believe to be the more constructive and democratic option of signing the StopSOPAIreland petition rather than taking part in the OpIreland attacks.

If you are a system adminsitrator based in Ireland and responsible for managing your organisation’s websites and systems, then you should do a risk profile of your organisation to determine will it be a potential target of OpIreland.  If so then you should take some proactive measures to ensure the security of your systems;

  • Ensure your systems are fully patched, this includes your firewalls, your operating systems, web server software and the web application software on your site.
  • Review all your firewall rules and ensure they are up to date and correct.
  • Ensure your log files are turned on, that they are recording key events and that you are actively monitoring them for suspicious activity
  • Look at deploying DDOS mitigation tools
  • Ensure all your passwords are secure passwords and are not re-used across multiple systems.
  • If you have Intrusion Detection Systems (IDS) in place, ensure they are configured and working properly and are being monitored.
  • Have your incident response plan close by in the event that you are impacted.

5 Comments

  1. Justa Joe says:

    Very good points… The one that stuck out to me that followers should pay CLOSE attention to is •If you have Intrusion Detection Systems (IDS) in place, ensure they are configured and working properly and are being monitored. With a BIG emphasis on the “AND ARE BEING MONITORED” part. SO many times I see Robust IPS pieces in place however they were implemented to drop traffic for “x” amount of hours in a “set it and forget it” type mode. IPS only works properly when monitored! Thanks for sharing your post… Agree with the point that most of the brags on pastebin have been public information readily available for the scraping I mean taking… Anaon used to be a hero of sorts with its stab & run attacks and the redesigned website face, but causing monetary damage to others and damaging systems has crossed a line of irresponsibility. You don’t damage others things… There are more immature parlor hacking tricks that are funny and grab attention, but damage to others is not cool.. Not cool at all.. Their actions have crossed the line of ethics and responsibility and have gone from cool to fool.

    • Brian Honan says:

      Indeed I also have seen many IPS/IDS systems badly deployed, firewalls not set up securely or log files not been properly monitored. A lot of breaches could be prevented or at least detected and reacted to earlier if admins took the time to set up, update and monitor the basic tools available to them. But the challenge is very often finding the time to do these things.

      Also agree with your points on Anonymous, they seem to have moved from a movement that generate some interest to now being an annoyance, and in many cases a disruptive one at that.

  2. jay says:

    Couldn’t agree more good post.

    At first you could respect Anonymous but yes they do seem to be just a bunch of anarchic kids out to cause disruption and garner “lulz” these days.

    • Brian Honan says:

      Thanks for dropping by and commenting Jay.

      When the activists are undermining the very people they say they are representing then serious questions do need to be asked as to what their real motivations are.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.