Lessons From the Hacking Attack That Wasn't
Hacking attacks that fizzle can be just as dangerous as those that don't.
This week, the loosely coordinated Anonymous hacking crew promised an all-out assault against U.S. government and banking websites in retaliation for drone attacks and the wars in Iraq and Afghanistan. Tuesday was supposed to be a day of "justice for the downtrodden," with the sites of more than 100 large organizations coming under sustained denial-of-service computer attacks.
That didn't happen. A few sites, mostly obscure, were defaced or disrupted, and there were only six serious delays overall, according to Carl Herberger, a vice president at Radware, a security firm in Tel Aviv, Israel, that monitored the attacks.
On the surface, "OpUSA" appeared to be a flop. The truth is, though, that we may never know whether it achieved its real aims. The reason? As I described in a Bloomberg News story this week, hackers are refining their skills of misdirection -- and getting rich from it.
Tens of millions of dollars have been stolen from European banks over the past year by criminals using denial-of-service attacks -- launched by them or by political "hacktivists" -- as cover for stealing credit and debit card numbers, according to Symantec, a Mountain View, California-based security firm that investigated the attacks. While the banks' security teams scrambled to keep their sites online, hackers used malicious software to quietly drain customer accounts.
Slideshow: Top Ten Hacking Countries
This week's attacks-that-weren't have the feel of a giant sleight of hand. Maybe the whole thing fizzled because banks' security is getting better, as Herberger suggested. Or maybe Anonymous was trolling the media, which it has been known to do. Another explanation, though, is that maybe the threat of a major attack was just a test to see how officials would react, and possibly a misdirection to pull security resources away from more serious types of fraud.
Considering how tight-lipped major banks are when it comes to addressing security issues, we may never know.