Defcon: The lesson of Anonymous? Corporate security sucks

LAS VEGAS -- Anonymous has run up quite a score against corporations, governments and law enforcement agencies, but for all these warnings corporate executives are turning their heads from the real problem -- their network security is terrible, a panel of experts concluded at Defcon.

The particularly high profile attack against security firm HBGary by the hacker collective earlier this year caught the attention of C-level executives for a few weeks, but then they relaxed, says krypt3ia, a panel member, a security blogger and longtime infosec practitioner.

The executives could have redoubled efforts to better defend their networks, but that's not what's happening. Rather than invest in better security, they're looking to hedge the economic impact if they do get hacked, he says.

MORE: Three tips for a better Anonymous

"It's no coincidence that hack insurance is up," he says. He said he'd heard at the conference that a major corporation laid off security staff and bought hack insurance instead. He wouldn't name the corporation.

In doing so, executives have taken their eye off the main goal, which is protecting corporate intellectual property. By and large the Anonymous hacks and attacks have not scored valuable business intelligence, says Josh Corman, director of security research for Akamai, but it's just a matter of time until they do.

"Your executives are distracted by DDoS attacks, a new noisy thing that distracts us from the actual mission," Corman says.

Meanwhile the panel had a low assessment of Anonymous in whose name many high-profile defacements, data thefts and posting of stolen information have been made.

"Build a better Anonymous," says Jericho, another panel member and security blogger. Stealing documents and posting them all with few or none of them revealing wrongdoing doesn't make a point about whey the victim was attacked in the first place, he says.

"Releasing 250,000 documents is cool, but it hurts the cause," he says. "It's noise."

Krypt3ia says stealing and posting information from random police agencies in response to police in the United Kingdom arresting a teenager purported to be a key member of Anonymous spinoff LulzSec is irresponsible.

He cited the case of data about Phoenix police being posted in protest of the Arizona immigration laws they enforce. "Cops are bound to carry out the laws," he says. Protests about the laws should be aimed at the legislators who create them, he says, but releasing personal information about police and other law-enforcement workers is reckless. "There could be people in danger now," he says.

Corman says that Anonymous was by design decentralized, but that loose structure has enabled just about anyone to carry out attacks and attribute them to Anonymous. In some cases -- like the assistance groups using the name Anonymous gave to support uprisings in the Middle East -- the actions may coincide with what the groups founders intended.

But a change has occurred and now Anonymous attacks have less clear motivations, Corman says. "It's a franchise. Some people took the name and did Arab Spring and used it locally," he says. "Then it was hijacked by smaller groups and now it's become something of a public nuisance."

Krypt3ia gives them less credit. "I think they just wanted to smash things, and if they get caught, we say, 'We believe this ...'" he says. "You want to out people for doing bad things, do it right. ... Stop taking down stuff that's unimportant."

He says Anonymous should do its homework better and use other methods than network attacks and infiltration. "Learn your target," he says. "Know what they're doing. The only real dirt comes from insiders, people in the know who have access to very dirty things."

Read more about wide area network in Network World's Wide Area Network section.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags firewallsDefconsecurity

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tim Greene

Network World
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?