'Anonymous could be criminals hiding in plain sight' - security expertHostile governmenns could be posing as Anonymous - expert
Users could give data to criminals under hacktivism guise
Time for people to go "old school" to make a difference
Anonymous hack it again: steals ISP user data from AAPT
THE people claiming to be from Anonymous could be wolves in sheeps clothing - but not in the way you think, an Australian internet security expert has warned.
Photo Credits: Tim Pierce Image
Phil Kernick, Chief Technology Officer of CQR Consulting, told news.com.au that cyber criminals and hostile governments could be using the publicly acceptable alias of the hacktivist group to trick people into handing over their data.
“Imagine that Anonymous encouraged users to help bring down the Australian Government by downloading software and told them on to press a button on a specific date, bombard a website and take it offline, but instead of getting a real version of the software you are pointed to a website which has an embedded banking Trojan (virus),” he said.
“This kind of behaviour is perfect for people who want to attack you.
“Attacking the government is just a side effect. It may not even work but it doesn’t matter. It’s not what they’re trying to achieve.“
Mr Kernick said this kind of behaviour was called “hiding in plain sight” - a classic misdirection technique practised by magicians since time immemorial.
Because Anonymous are a group of loosely affiliated activists and hackers, almost anyone can claim to belong to the group – including hostile governments.
He emphasised that he did not think the recent attacks on Australian government websites and ISPs were the work of cyber criminals or nation states but the group’s popularity was making the possibility of this easier.
He said that the recent hack on Syrian President Bashar al-Assad’s email account was a perfect example: “The question is who benefits from this. Yes, it could be random teen hacktivists getting bored but I would have thought the email of the Syrian President would be a bit above the skill set of your average spotty hacker, but maybe not past the level nation states could get past.
“So why not embarrass them publicly and expose details, to the benefit of your own nation state and blame it on Anonymous?”
Perpetrating cyber fraud under the guise of activism is the future of the internet, Mr Kernick said.
“We’ve moved past attacking systems and websites to attacking people to gain their credentials,” he said.
“If you're a nation state it's about attacking people because they have access to stuff and they can get people to do things for them.
“It’s much easier than attacking people.”
So what is the solution? Going old school.
Mr Kernick said education campaigns have failed largely because people live in denial that they could ever be the subject of cyber criminals or nation states and that security companies need to stop trying the same old awareness campaign expecting a different result.
“I would suggest if you want to protest, go write a placard, get manual, get real world about it,” he said.
“Write a letter to your MP, write a letter to News Ltd, get it published the paper.
“I’m not a fan of this ‘anonymous’ sniping.”
However the cyber security expert acknowledged that it’s unlikely people would take this route because it’s always easier to click on a link than pen a letter they might have to put some thought into.