China sends its brightest hackers against the U.S., while the U.S.’s own talent turns against it, as well
Just days after the U.S. Department of Energy (DOE) sent a letter to employees telling them its servers had been hacked and some personal information was stolen, the U.S. Federal Reserve made a similar announcement.
I. Federal Reserve Gets Pwned by Anonymous
Like the DOE, the central bank of the U.S. said the intrusion was minimal and didn’t affect its functions. But reports indicate the attackers — Anonymous, a global collective of anti-establishment hackers — scooped 4,000 records detailing personal information of top bank executives.
A spokesperson for the federal bank told Reuters, “Exposure was fixed shortly after discovery and is no longer an issue. This incident did not affect critical operations of the Federal Reserve system.”
News of the hack broke Sunday night when Anonymous leaked 4,000+ bankers’ login information, credentials, internet protocol addresses, and contact information. The data was dumped to page on the Alabama Criminal Justice Information Center entitled “whoops we did it again”. The page has predictably since been removed.
The leak was announced by the Twitter account OpLastResort, an account associated with Anonymous’ anti-government campaign that’s seeking vengeance for internet activist Aaron Swartz’s death:
The published information included mailing address, business phone, mobile phone, business email, and fax numbers.
II. PLA Hackers Bombard WSJ With More Attacks
Meanwhile, a second report indicates that hackers from Chinese IPs are still battering The Wall Street Journal in apparent effort to silence stories about corruption in the Chinese government. The Chinese have appeared to openly and brazenly attacked The New York Times and Bloomberg in the last year in retaliation for stories about corruption in the highest levels of the Chinese government.
China, who admits to having a large “cyber army”, claims it only uses the highly skilled unit for “self defense”. It denied allegations made in the recent NYT report on attacks on U.S. media, which claimed that the attack bore the telltale signs of other cyberattacks connected to the People’s Liberation Army.
Rupert Murdoch, media mogul owner of News Corp. (NWS) and WSJ took to Twitter on Tuesday to announce that the attacks were continuing. He wrote:
It is unclear what kinds of attacks were conducted or whether any intrusions were successful.
III. America Faces a Two-Headed Threat
The attacks announced this week illustrate the two-headed beast facing government cyberdefense forces in the U.S. On the one side you have domestic hacker groups like Anonymous, which appear to be scooping up poorly secured government records with ease and defacing government websites.
Domestic hackers are problematic as there’s no solid option for “counterattack” other than prosecution, and the government appears ill equipped to defend itself. To make matters worse, many of the campaigns play to public frustrations about government corruption, and as a result efforts to bring domestic hackers to justice are often met with derision.
On the other side of the aisle is the powerful, sophisticated PLA hacking machine, which has steadily and ruthlessly attacked the U.S. in recent years. As with the domestic threats, the U.S. government appears to be doing a poor job, at best, defending itself. And its official counterattack group — U.S. Cyber Command — is too small to be effective, with a skeleton crew of 500 experts.
In many ways the problems overlap. While China recruits its best and brightest black hats to attack the U.S., the U.S. is fighting to imprison many of its own best and brightest black hats. Meanwhile other U.S. black hats actively work to attack the government. The result is a cyberwarfare scenario that is highly conducive to Chinese success — and highly dangerous for the U.S. federal government.
The U.S. National Security Agency (NSA), one of the organizations tasked with federal cyber defense, has reached out to black hat hackers at recent hacking conventions. However, OpLastResort and recent prosecution efforts against Andrew Auernheimer, et al. illustrate the deep ongoing divides between the U.S. and its star hackers.