FBI warns of US government networks violated by Anonymous

The FBI is warning that members of the Anonymous hacking collective have violated networks belonging to multiple government agencies stealing sensitive data

The Reuters agency reported that members of the hacktivist group of Anonymous  secretly violated U.S. Government networks in multiple agencies and stolen sensitive information. The FBI warned that the hacking campaign began almost a year ago, the hacktivists have exploited a flaw in Adobe applications to compromise the target systems and install software backdoors to maintain the control of the victims computers over the time, the facts dated back to last December.

The alert issued this week by the FBI reveals that the hacking campaign affected the U.S. Army, Department of Energy, Department of Health and Human Services, and other government agencies.

[the attacks are] “a widespread problem that should be addressed.” states the FBI memo.

The memo issued by the FBI also provided useful information for system administrators to discover evidences of Anonymous attacks on their system, it suggests what to look for to determine if their networks are compromised.

The nature of the attack led the security experts to believe that Anonymous is conducting a wide range cyber espionage campaign against Government agencies, the hacktivists are still operating under coverage according law enforcement.

“According to an internal email from Energy Secretary Ernest Moniz’ chief of staff, Kevin Knobloch, the stolen data included personal information on at least 104,000 employees, contractors, family members and others associated with the Department of Energy, along with information on almost 2,0000 bank accounts. The email, dated October 11, said officials were “very concerned” that loss of the banking information could lead to thieving attempts.” states Reuters post.

It seems that the hacking campaign was linked to the case of Lauri Love, a British resident indicted on October 28 for allegedly breaking into computers at the Department of Energy, Army, Department of Health and Human Services, the U.S. Sentencing Commission and elsewhere.

Law enforcement sustains that attacks began when Love and other members of the group of hacktivists exploited a security flaw in Adobe’s ColdFusion application, of course Adobe spokeswoman declined any responsibility and declared that similar attacks are possible only if targeted systems are not updated with the latest security patches.

Law enforcement confirmed that some of the stolen information on the latest campaign had previously been disclosed by Anonymous members during the “Operation Last Resort.”

Despite the earlier disclosures, “the majority of the intrusions have not yet been made publicly known,”  “It is unknown exactly how many systems have been compromised, but it is a widespread problem that should be addressed.” the FBI wrote.

The cyber espionage campaigns conducted by Anonymous are the reply to the arrests of popular hackers linked to the collective linked to US retaliation strategy against hackers.

Consider hacktivism a transitory phenomena are dangerous, underestimate the capabilities of groups like Anonymous is a serious error and the FBI memo is a important warning for Governments and IT community … Anonymous is alive and could hit every target in every moment!

Pierluigi Paganini

(Security Affairs – Anonymous, hacktivism)