(Translated from the original Italian)
In recent months we have discussed the security status of US networks and infrastructure, and we have described American cyber strategies and the main actions proposed to protect the principal assets of the nation.
One story in particular struck us deeply related to the vulnerability of U.S. Government networks in an admission by senior government officials that they are routinely hacked.
It is difficult to accept a reality that is this disconcerting, that one of the major superpowers in the world that is on the forefront of technology is so vulnerable to attack by hacker groups with diverse motives.
Who is interested to US networks and why?
Consider that the cyber infrastructure of a country attracts foreign governments, independent hackers, and also hacktivists, and that all of these forces combine their actions daily against the same target.
The success cyber attacks against US networks, according the declarations of security experts, is due in part to the fact that the US infrastructure is protected by obsolete defense systems unable to fight against continuous incursions.
Speaking before the Senate Armed Services Subcommittee on Emerging Threats and Capabilities, experts told the assembled Senators that the U.S. government needed to abandon the notion that it could keep intruders off its computer networks.
Very meaningful was the response to the testimony by Senator Rob Portman, member of the Emerging Threats and Capabilities subcommittee:
“We can do things to make it more costly for them to hack into our systems… but you didn’t say we can stop them.”
Portman clearly expressed awareness of the threat and the impossibility to defeat it in the short term.
Now come revelations on the status of US network security from the famous group Anonymous, in a recent interview its component Christopher “Commander X” Doyon, who lives in Canada:
"Right now we have access to every classified database in the U.S. government. It’s a matter of when we leak the contents of those databases, not if. You know how we got access? We didn’t hack them. The access was given to us by the people who run the systems…"
"The five-star general (and) the Secretary of Defense who sit in the cushy plush offices at the top of the Pentagon don’t run anything anymore. It’s the pimply-faced kid in the basement who controls the whole game, and Bradley Manning proved that."
According Doyon, the access of the group is given by insiders in the government infrastructure that provide the group an unimaginable power, the power of knowledge and information.
He was arrested in September for a minor hack on the county website of Santa Cruz, Calif., where he was living, in retaliation for the town forcibly removing a homeless encampment on the courthouse steps.
For that, Doyon is facing 15 years in jail. But he crossed the border into Canada in February to avoid prosecution.
Doyon was the leader of the People’s Liberation Front , a group allied with Anonymous and he is considered the most wanted hacktivist after Julian Assange.
The hacker reiterated the concept saying:
“The entire world right now is run by information... Our entire world is being controlled and operated by tiny invisible 1s and 0s that are flashing through the air and flashing through the wires around us. So if that’s what controls our world, ask yourself who controls the 1s and the 0s? It’s the geeks and computer hackers of the world.”
What do you think about the revelation of the insider component of the group? What is the truth behind these declarations?
We are now accustomed to sensational statement by Anonymous, and we all recognize their great media capacity, but rather than believing the truth exposed, the experts have the following interpretations:
- Hackers are operating on a psychological front, trying to instill the culture of suspicion in the enemy's lines. Everyone could be a spy, everyone could be Anonymous.
- Just the statement “everyone could be Anonymous” is the base for a second hypothesis regarding the revelations of the inside hackers. Anonymous is sending a message to all those who are employed by the government that they are open for collaboration.
I think both assumptions are valid, while acknowledging that Doyon has certainly exaggerated claims. The risk of the government insider who is close to the group is high, and to face similar threats requires observations of procedures and protocols in order to prevent unauthorized access to confidential information.
I'm still convinced that the group is in a phase of profound transformation, as new tumultuous currents have surfaced and they could degenerate into dangerous insurgents.
In my opinion, such statements must be taken into consideration, but I also believe that the group has issued statements to pursue a clear media strategy.
In several articles I predicted the possibility that law enforcement and intelligence agencies were infiltrating the group. Today, according the hacktivist's declaration, we are involved in a reverse of the scenario. The reality is that both factions fear infiltration and are working to ensure that the damage would be minimal.
Meanwhile, we little info on how Anonymous is approaching the problem, and on the opposite side we have a perception of how government agencies are facing the threat. I note that the FBI on more than one occasion has pointed out the need to detect insiders who may be providing access.
Regarding the topic, I suggest reading the guidance provided by the FBI, "The Insider Threat An introduction to detecting and deterring an insider spy", a guide for security personnel on how to detect an insider threat and which provides tips on how to safeguard your company’s trade secrets.
Cyber espionage and theft of intellectual property are ever increasing threats to organizations and government institutions, and they can go unnoticed for months or even years.
The message is that we must remain on guard, and we don't wait for the day when Doyon's words will come true.
Cross-posted from Security Affairs