Anonymous Threatens Stock Exchange

[Backstop]

This could get interesting.

http://www.foxnews.com/scitech/2011/...tock-exchange/

Hacker Group Anonymous Threatens to Attack Stock Exchange

By Perry Chiaramonte & Jana Winter

Published October 04, 2011
| FoxNews.com

The FBI is investigating threats purportedly from the hacking collective that calls itself Anonymous to bring down the New York Stock Exchange on Monday by hacking into its computer system.

Members of the notorious hacker group appear to be threatening to bring the Occupy Wall Street protests in New York to a dangerous new level, sounding a call to “declare war on the New York Stock Exchange" on Monday by “erasing" it from the Internet.

A letter posted online by hacker group Anonymous where they claim that that the planned #InvadeWallSteet attack on the the NYSE's website is not from them. they also urge people not to participate is they want to avoid prison time.

“The FBI is aware of these schemes and threats and is looking into the matter,” FBI spokesman Tim Flannelly told FoxNews.com.

The hackers say they plan to launch a DDoS (or distributed denial of service) attack on the NYSE’s computer systems -- the same type of computer attack that brought down numerous websites last Spring, making them inaccessible.

Anonymous has also separately declared the Stock Exchange announcement a hoax, and it remains unclear whether this is an official effort by Anonymous, a group of rogue hackers or someone else entirely.

Either way, the FBI is investigating.

“It is a crime to show the intent to carry out a hack when you are in possession of software or computer applications to do so and we take it seriously,” FBI spokesman Flannelly said.

In one of the videos, which was addressed to the media, a narrator states, “We can no longer stay silent as the population is being exploited and forced to make sacrifices in the name of profit. We will show the world that we are true to our word. On October 10, NYSE shall be erased from the Internet ... expect a day that will never, ever, be forgotten.”

In a video addressed to the public, the narrator states, “We are the 99 percent. You have complained that something needs to be done. You now have an opportunity to make a difference. Join the protests. Organize your own. Watch online. Be a part of the movement.”

A digital flier has circulated online with the banner “Operation Invade Wall Street: This is not an occupation. This is an invasion,” and instructions how to participate in “three simple steps.”

It provides a link to download a program to participate as well as the URL for the Stock Exchange (www.nyse.com) and the date and time, October 10th at 3:30 p.m., to attack.

Would-be participants are also urged to “spread the F----- word.”

Still, other Anonymous representatives denied the plans.

A second letter has been posted online, also with Anonymous on the masthead, that references rumors of the planned attack and disclaims the group’s association:

“We have taken notice to a planned attack which has been named #InvadeWallStreet ...We strongly advise against this action and everything it entails to,” the letter says.

“We do not want history to repeat itself, and are sincerely worried,” the letter adds, referencing past attacks on Visa, Paypal, and Mastercard after they refused to accept transactions for payment to WikiLeaks.

Some have taken to Twitter, claiming the DDoS threat is a hoax, or even a setup.

“Smells like a trap! Don't participate,” said one tweet with the hashtag #invadewallstreet.

“HOAX: #invadewallstreet is not a valid OP. Beware of provocateurs!!!” said another posting.

Video found elsewhere.

They're saying 10 Oct 2011.

[Malsua]

I can guarantee you that if they manage to interrupt the stock exchange, they will have committed a capital crime. Yes, it's a double entendre but the big money will make sure they are found and if not out and out executed during a hot swat raid, they will disappear into a hole for the rest of their natural lives. Anywhere on the planet. You don't interrupt the flow of hundreds of billions of dollars. If you do, you will be hunted down and squished like the bug you are.

[Backstop]

Absolutely.

[Ryan Ruck]

I'll believe it when I see it.

If the Russians or Chinese haven't pulled it off yet, I doubt they can.

[Malsua]

I sort of _hope_ the clan at /b/ tries it. They'll wind up staring down a SBR at 4am if they are allowed to wake up instead of given a new hole to whistle out of. Those botnets are very well known and doing a DDOS will expose the dipshits.

[catfish]

I hope they try it as well. I've had it with these pukes. Who are they to decide for me what is right or wrong? As far as I'm concerned, anyone who does this kind of thing is a criminal.

[Backstop]

Got this elsewhere, and I guess the original post is gone.

But the claim was Anon was infiltrated by "someone" so the gig (crash wall street) is off.

HURRAY!! We're gonna crash Wall Street.

OH NO!!! We've been infiltrated. Run for your lives!!

[Phil Fiord]

Mal,

The /b folks are not the same folks of yesteryear. The "oldfags" went to reddit. What there is on there now are malcontents who do not get the joke. Those who frequent there now are not l33t and use LOIC as the tool, but need an infograph on use.

So, while any hacker will know what /b is, not every hacker would go there except to trick script kiddies into using LOIC in order to feel accepted.

Not a personal army? Nope, unless its tricking teens into being fall guys.

My point being that I have nothing against Chris Poole or his creation. In fact, I admire the concept. From what I have researched, his small admin staff does flag and save info on illegal activities and associated IP's for law enforcement. There are arrests pretty frequently actually. The rest sinks and falls off. Sort of. There are now sites that archive the main one.

I guess my point is, the anonymous on /b are mostly just that. Anonymous folks looking for a laugh. Some is very bad in taste, I admit. That aside, these days it would be an hero to try and actively use it for any real op.

From what I have gathered, TOR is the choice for real l33t trying to stay under the radar. That underweb seems to largely be the literal underground now.

[American Patriot]

10 Strategies To Fight Anonymous DDoS Attacks

Preventing distributed denial of service attacks may be impossible. But with advance planning, they can be mitigated and stopped. Learn where to begin.
By Mathew J. Schwartz InformationWeek
February 08, 2012 08:00 AM


Anonymous: 10 Facts About The Hacktivist Group
(click image for larger view and for slideshow)
Consider 2011 to be the year that distributed denial-of-service (DDoS) attacks went mainstream. Who's responsible? Blame Anonymous, according to a new report released Monday by security vendor Radware.



"Their major campaign, Operation Payback, during the WikiLeaks saga in December 2010--against those supporting the U.S. government--was the turning point that shaped the security scene in 2011," according to the report. In short, by distributing easy-to-use DDoS tools, such as low-orbit ion cannon, Anonymous popularized DDoS attacks.



[ So you've been hacked. Learn 9 Ways To Minimize Data Breach Fallout. ]

But are DDoS attacks something that businesses and government agencies must simply endure, or, can they be more actively resisted? In fact, organizations can take a number of steps to at least mitigate the effect that DDoS attacks have on their websites, servers, databases, and other essential infrastructure.



1. Know you're vulnerable.
One lesson from the use of DDoS by Anonymous--as well as its sister hacktivist group LulzSec--is that any site is at risk. That's not meant to sound alarmist, but rather simply to acknowledge that the hacktivist agenda can seem random, at best. Indeed, after Anonymous came along, "the financial sector, which had not really considered itself as a prime target, was hit and urgently forced to confront threatening situations," according to the Radware report. "Government sites had been targeted before, but 2011 saw a dramatic increase in frequency, and neutral governments that felt themselves exempt, like New Zealand, were attacked."



2. DDoS attacks are cheap to launch, tough to stop.
As the recent Anonymous retaliation for the Megaupload takedown shows, hacktivists can quickly crowdsource "5,600 DDoS zealots blasting at once," as Anonymous boasted on Twitter, to take down the websites of everyone from the FBI and the Justice Department to the Motion Picture Association of America and Recording Industry Association of America. "DDoS is to the Internet what the billy club is to gang warfare: simple, cheap, unsophisticated, and effective," said Rob Rachwald, director of security strategy of Imperva, via email.



3. Plan ahead.
Stopping DDoS attacks requires preparation. If attacked, "folks that don't take active measures to ensure the resilience of their networks are going to get knocked over," said Roland Dobbins, Asia-Pacific solutions architect for Arbor Networks, via phone. "They need to do everything they can to increase resiliency and availability." Accordingly, he recommends implementing "all of the industry best and current practices for their network infrastructure, as well as applications, critical supporting services, including DNS."


4. Secure potential bottlenecks.
Which parts of the corporate network can become a bottleneck or weak link in a DDoS attack? A survey by Radware of 135 people with information security expertise--including IT managers as well as CIOs and CISOs--found that the bottlenecks they'd experienced included the server under attack (for 30%), their Internet pipe (27%), a firewall (24%), an intrusion prevention or detection system (8%), a SQL server (5%), or a load balancer (4%). For example, Sergey Shekyan, a Web application vulnerability scanner developer at Qualys, reported that he was able to DDoS a Squid proxy server using the free slowhttptest tool with slow read DDoS attack support. That's because while the server was theoretically able to handle 60,000 concurrent connections per minute, it had been misconfigured to only allow 1,024 open file descriptors at a time.



5. Watch what's happening on the network.
If prevention--including securing infrastructure and making sure it can reasonably scale to handle sharp increases in packet traffic--is the first step, the second is actively monitoring the network. "If the enterprise doesn't have visibility into their network traffic so they can exert control over the traffic, then they have a problem," said Dobbins.


6. Look beyond large attacks.
Historically, the most popular type of DDoS attack--and the one most used by Anonymous--has been a packet flood. The concept is simple: direct so many packets at a website that its servers buckle under the pressure. But not all effective DDoS attacks unload untold numbers of packets. Notably, a study by Radware of 40 DDoS attacks from 2011 found that only 9% involved more than 10 Gbps of bandwidth, while 76% involved less than 1 Gbps.



7. Beware application-layer attacks.
Attacks that eschew packet quantity for taking out a switch or application can unfortunately be quite difficult to detect. According to Radware's report, "it is much easier to detect and block a network flood attack--which is about sending a large volume of irrelevant traffic such as UDP floods, SYN floods, and TCP floods, typically spoofed--rather than an application flood attack where the attackers are using real IP addresses from real machines and running complete application transactions."



8. Watch for blended attacks.
Detection can get even trickier when attackers start targeting more than one application at a time, perhaps together with a packet flood. "Attackers are often likely to combine both packet flooding attacks with application-layer DDoS, to increase their odds of success," according to the Radware report. "The majority of organizations, which are targeted by sub-1-Gbps attacks, are targeted with a mix of network and application flood attacks."



9. Make upstream friends.
Large attacks can overwhelm even the largest enterprise network. "Work very closely with [your] Internet service provider--or for multinationals, providers--to successfully deal with these attacks," said Arbor's Dobbins. Build relationships and lines of communication in advance. "At 4 a.m., if there is a DDoS attack, it's not the time you want to be scrambling around trying to reconfigure your infrastructure, and finding who call at your ISP," he said.



10. Consider countermeasures.
While the legality of certain types of attack countermeasures is an open question, Radware said that network gear may be able to automatically mitigate suspected DDoS attacks. For example, it can silently drop questionable packets, or send a TCP reply to the attacker that advertises "window size equals 0," which says that for the time being, no new data can be received. "Legitimate clients generally respect this and will suspend their communication for the time being," according to Radware's report. "It seems that some attackers also honor this message and suspend the attack until a new, larger window size is advertised, which of course the site being attacked has no intention of doing."



It's no longer a matter of if you get hacked, but when. In this special retrospective of news coverage, Monitoring Tools And Logs Make All The Difference, Dark Reading takes a look at ways to measure your security posture and the challenges that lie ahead with the emerging threat landscape. (Free registration required.)

[Malsua]

When IP V6 becomes required by law, and it will someday, all this anonymous garbage disappears. I realize that botnets are comprised of innocent machines on benign networks but what IPV6 allows is for the entire structure to track back to origin. A zombie machine gets its orders from an IRC chatroom, but the posts to the chatroom are trackable to the source...a proxy and from that source to the next proxy and so forth. No spoofing of IPs. It becomes much pretty much impossible to pull this shit off.

[American Patriot]

I set up a test "bot net" once to "attack anomalies". I managed to get my "virus" out there to a few folks (some knew, some didn't )

It worked to the point I was able to control about half the machines the way I wanted. I never "attacked" Anomalies though because I wasn't trying to take anything down, just understand how this crap worked.

I used other people's code and modified a little of it, but that was many years ago and I don't play with that crap anymore.

But you're right, this will all be moot some day.

On the other hand, there's ALWAYS a way "in" to something. No matter how well protected a network is, if there are loop holes, someone will find them.

[Phil Fiord]

And what of TOR? Will it become traceable under IP V6? Seems TOR is slow by nature and dependent upon users having open entrances and exits.