Anonymous - ACG 6415
Download
Report
Transcript Anonymous - ACG 6415
Conley, Justin
Glenn, Cassady
Zhang, Fan
Anonymous
ACG 6415
History
Concepts
In its early form, the concept had been adopted by
a decentralized online community acting
anonymously in a synchronized manner, usually in
the direction of a loosely group-chosen goal, but
the primary focus was to entertain them.
Began in 2008 as a decentralized network of
individuals, and became focused on promoting
access to information, free speech, and
transparency.
History
Membership
if you identify with or say you are Anonymous, you
are Anonymous and no one has the authority to say
you are not except yourself.
History
Activities in 2012
Anti-ACTA activism in Europe
Jan. 21st, a series of DDoS attacks on Polish
government websites took place.
Syrian Government Email Hack
Feb. 6th, Anonymous broke into the mail server of
the Syrian Ministry of Presidential Affairs, accessing
some 78 inboxes of Bashar al-Assad's staffers.
AntiSec Leak and CIA Attack.
Feb. 10th, Anonymous claimed responsibility for
taking down the Central Intelligence Agency's
website for more than 5 hours.
AIPAC Attack
March 4th, Anonymous took down the American
Israel Public Affairs Committee website.
Vatican website DDoS Attacks
March 12th, Anonymous took down the Vatican’s
website
History
Reactions from the Society
Media: Reports
People: Comments
Law enforcement: Arrest
History
Habbo Hotel Attack
African-American, grey suits, afros
“Closed due to AIDS”
Claimed Habbo was racist
4/10/2016
History
Project Chanology
Church interviews Tom Cruise
Copyright violation claim
DoS attacks, prank calls, worldwide protest
4/10/2016
History
Epilepsy Foundation Attack
Posted flash videos
Evidence points to Anonymous
Anonymous says it was Church of Scientology
4/10/2016
History
HB Gary Federal Hack
Aaron Barr announces infiltration of Anonymous
Anonymous hacks:
Website
E-mail
& Phone System
Twitter
Greg Hoglund fires back
4/10/2016
History
Operation Payback (#opsony)
George Hotz and Alexander Egorenov
Breach of freedom of speech
Took down PS Network and related sites
Personal action against employees and families
4/10/2016
Controls
Main attacks are SQL injections and distributed
denial of service attacks.
Hardening applications to prevent SQL injections.
Public key authentication
Controls
Routers and firewalls should be configured to stop
invalid IP addresses and filter out protocols that are
not needed
Intrusion detection/prevention system
Incident plan
Multi-cast Source Delivery Protocol or anycast.
Specialty security company
Controls
DDOS attacks are hard to stop and prevent
A large enough attack will take down a website no
matter how much security is in place
Sarbanes-Oxley
Section 302 – Financial statements and internal
controls surrounding them must be certified.
Section 404 - Effectiveness of its internal controls
must be assessed and reported annually to the SEC.
PCAOB - IT controls should only be part of the SOX
404 assessment to the extent that specific financial
risks are addressed
Sarbanes-Oxley
Security is not patched or updated
Relevance of IT to financial statements