Security Experts:

Anonymous Launches Attacks Against Trade Associations and Boeing

Two technology trade associations, TechAmerica and USTelecom, and one of the world’s largest defense contractors, Boeing, had their web sites knocked offline by Anonymous for their support and connections to the controversial CISPA bill. They are the latest in a string of targets selected by those supporting Anonymous’ Operation Defense (OpDefense).

Anonymous strongly opposes the Cyber Intelligence Sharing and Protection Act (CISPA). Their outrage over CISPA mirrors the sentiment put on display when they rallied behind those who stood against SOPA, ACTA, and PIPA.

CISPA Protest DDoS AttacksIn short, CISPA (House Resolution 3523) allows ISPs to collect information about a person’s Internet usage. The collected information is considered proprietary, so the customer (any Internet user in the U.S.) does not have the right to know what information is being collected, and the ISPs are under no obligation to share it.

However, organizations such as the RIAA or MPAA can contract with the ISPs to access the collected information if they wish, and the government can access it whenever they want. There is a bit more to it, but the information collection and the legal shield (corporations cannot be sued or prosecuted) offered to those that collect it or help collect it are the main issues.

The coordinated efforts against the organizations and people supporting CISPA falls under the domain of OpDefense, and while the operation itself is still in its infancy, it has already caused headaches for some high-profile targets.

So far, websites hosting the U.S. Chamber of Commerce, the Whitehouse, and the National Cable and Telecommunications Association have been knocked offline in addition to the websites hosting TechAmerica, USTelecom, and Boeing. In each case, a sustained DDoS attack crippled the domains, denying access to them for several hours at a time.

“The CISPA bill has many supporters and proponents, and these have been our targets. We have once again demonstrated what we are capable of, as well as our resolve in making sure our Internet remains free,” Anonymous said in a published statement.

In some instances, the DDoS attacks are mitigated quickly and the domains return after a short outage. Sometimes however, the domains remain offline longer as administrators cope with the scripts used by HOIC (High Orbit Icon Cannon), which allows the person doing the DDoS to rotate target URLs, and shift their reported User Agent. Such methods render automated DDoS defenses useless early on, prolonging the attack until other methods of mitigation are deployed.

For example, during the DDoS on the U.S. Chamber of Commerce, the HOIC script rotated between 10 URLs and switched user agents between 16 variations, including Firefox, Chrome, Opera, Google Bot, and Safari. HOIC wasn’t the only tool being used however, as supporters have been encouraged to use LOIC too.

When SecurityWeek asked Boeing to comment on the latest attacks and how they addressed them, the company declined to comment specifically on the attacks, and provided the following generic statement: "We have a robust computing security team that constantly monitors our network. However, as a practice, we don't discuss specifics about our security program."

In an emailed statement, Walter McCormick, president of USTelecom, called Anonymous out on their previous stance on speech. “By launching a cyber attack in an effort to coerce, intimidate and stifle speech, members of Anonymous are acting contrary to the very freedoms and Internet norms that they espouse,”he wrote.

On the other hand, Shawn Osborne, TechAmerica’s president, said that Anonymous’ “...strong-arm tactics have no place in the critical discussions our country needs to be having about our cybersecurity, they just underscore the importance of them.”

CISPA hasn’t been voted on, so it’s possible that it will never pass into law. However, as long as it’s on the table, Anonymous will continue their attacks.

Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.