Transcript Anonymous - ACG 6415

Conley, Justin
Glenn, Cassady
Zhang, Fan
Anonymous
ACG 6415
History
Concepts
 In its early form, the concept had been adopted by
a decentralized online community acting
anonymously in a synchronized manner, usually in
the direction of a loosely group-chosen goal, but
the primary focus was to entertain them.
 Began in 2008 as a decentralized network of
individuals, and became focused on promoting
access to information, free speech, and
transparency.
History
Membership
 if you identify with or say you are Anonymous, you
are Anonymous and no one has the authority to say
you are not except yourself.
History
Activities in 2012
 Anti-ACTA activism in Europe
Jan. 21st, a series of DDoS attacks on Polish
government websites took place.
Syrian Government Email Hack
Feb. 6th, Anonymous broke into the mail server of
the Syrian Ministry of Presidential Affairs, accessing
some 78 inboxes of Bashar al-Assad's staffers.
 AntiSec Leak and CIA Attack.
Feb. 10th, Anonymous claimed responsibility for
taking down the Central Intelligence Agency's
website for more than 5 hours.

AIPAC Attack
March 4th, Anonymous took down the American
Israel Public Affairs Committee website.
 Vatican website DDoS Attacks
March 12th, Anonymous took down the Vatican’s
website

History
Reactions from the Society



Media: Reports
People: Comments
Law enforcement: Arrest
History
Habbo Hotel Attack



African-American, grey suits, afros
“Closed due to AIDS”
Claimed Habbo was racist
4/10/2016
History
Project Chanology



Church interviews Tom Cruise
Copyright violation claim
DoS attacks, prank calls, worldwide protest
4/10/2016
History
Epilepsy Foundation Attack



Posted flash videos
Evidence points to Anonymous
Anonymous says it was Church of Scientology
4/10/2016
History
HB Gary Federal Hack


Aaron Barr announces infiltration of Anonymous
Anonymous hacks:
 Website
 E-mail
& Phone System
 Twitter

Greg Hoglund fires back
4/10/2016
History
Operation Payback (#opsony)




George Hotz and Alexander Egorenov
Breach of freedom of speech
Took down PS Network and related sites
Personal action against employees and families
4/10/2016
Controls

Main attacks are SQL injections and distributed
denial of service attacks.

Hardening applications to prevent SQL injections.

Public key authentication
Controls

Routers and firewalls should be configured to stop
invalid IP addresses and filter out protocols that are
not needed

Intrusion detection/prevention system

Incident plan

Multi-cast Source Delivery Protocol or anycast.

Specialty security company
Controls


DDOS attacks are hard to stop and prevent
A large enough attack will take down a website no
matter how much security is in place
Sarbanes-Oxley



Section 302 – Financial statements and internal
controls surrounding them must be certified.
Section 404 - Effectiveness of its internal controls
must be assessed and reported annually to the SEC.
PCAOB - IT controls should only be part of the SOX
404 assessment to the extent that specific financial
risks are addressed
Sarbanes-Oxley

Security is not patched or updated

Relevance of IT to financial statements