US experts concerned about risk to infrastructure posed by Anonymous

According to a memorandum from the Department of Homeland Security's (DHS) National Cybersecurity and Communications Integration Center (NCCIC), hacker group Anonymous is alleged to be interested in attacking targets considered by the US government to be critical to national infrastructure and security. The memorandum claims that Anonymous' current attack capabilities are limited to attacking web and Windows-based systems using standard techniques such as DDoS attacks, but that the hackers may be interested in using other techniques to attack industrial control systems.

The DHS's conclusions are based on analysis by the Control Systems Security Program/Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) of statements and data posted on the web by alleged Anonymous members. On 11 July, for example, documents describing attacks on biotechnology company Monsanto's web site and email servers were posted to pastebin. The memorandum also refers to 'Operation Green Rights', which targets the extraction of oil from oil sands in Canada.

According to the report, one hacker tweeted about XML and HTML code aimed at Siemens programmable logic controllers. The memo notes that the code does not show that its author has sufficient knowledge of industrial control systems, but it does show that he or she is at least interested in application software on such systems. The US government experts are concerned that the hackers could quickly extend their knowledge, particularly as information on security vulnerabilities in control software is already in the public domain. There is also concern that hackers from outside the ranks of Anonymous could get involved in attacks on energy companies.

(ehe)