Security officials said the “DDoS” attacks occur when a website is overwhelmed by malicious messages carried out by thousands of followers, usually with easily downloadable software.
“Anonymous has shown through recently reported incidents that it has members who have relatively more advanced technical capabilities who can also marshal large numbers of willing, but less technical, participants for DDoS activities,” the August DHS bulletin said.
Anonymous orchestrated the crashing of Paypal late last year after the online financial service suspended Wikileaks’ account after the website published confidential diplomatic cables and other sensitive U.S. government intelligence. The group also targeted Visa, Mastercard and others for the same reason and has carried out several other hacks during the year. Last month, for example, the group claimed responsibility for hacking a website belonging to the Bay Area Rapid Transit agency and releasing personal information of 2,000 passengers.
“Anonymous is incredibly active,” said Josh Shaul, chief technology officer of Application Security, Inc., a New York-based provider of database security software. It’s rare to have a hacking group willing to work outside of the shadows. These guys are quite brazen.”
Anonymous emerged in 2003 from an Internet chat channel where members organized random Web incidents for their own amusement. By 2008, the prankster nature of Anonymous morphed into “hacktivism,” where members sabotaged websites and leaked confidential information for political purposes.
Investigators suspect a splinter Anonymous group known as LulzSec was responsible for a June 15 denial of service attack on the CIA’s public website.
This summer, Anonymous claimed credit for hacking into a Booz Allen Hamilton website and leaking email addresses of 90,000 U.S. military personnel and hacking a Monsanto Co. website and releasing personal data of 2,500 employees.
Until July, law enforcement officials around the world had arrested just a handful of suspected hackers thought to be affiliated with Anonymous. But on July 19, the FBI fanned out across the United States and raided more than 35 homes, seizing dozens of computers and arrested 16 on charges that they participated in the Paypal attack.
In response, Anonymous said it hacked a website on Sept. 1 belonging to police chiefs in Texas. The group posted personal information such as emails about internal investigations before the site was shut down.
FBI investigators in court filings said that the raids and arrests were made from a list of 1,000 computer users that Paypal cyber-security workers identified as the most active attackers. The fourteen appearing in San Jose federal court have pleaded not guilty and were released on bail after promising not to access Twitter, Facebook and other social media sites.
Most of the defendants were younger than 30. Security experts and the Department of Homeland Security say most of Anonymous followers are so-called “script kiddies,” young people who carry out the attacks and who are “less skilled hackers” than the vocal group members who call for the protests and attacks.
The DHS defines script kiddies as: “Unskilled individuals who use scripts or programs developed by others to attack computer systems and networks and deface websites.”