When talking with several other IT professionals, they happened to know who Anonymous was. Based on hacking, activism, and other protesting events particularly online, Anonymous has become very well known around the IT world. But, the questions today have to do with how all of us (in the IT and business world) can learn from these motives by Anonymous.
Here are some automatic principles that can be learned that applies to all of us in the IT world:
- Anonymous will not ever cease function, because it is an awesome principle. It requires the hacker to be anonymous, and to not admit identity. Tons of people worldwide do not display their picture with their name online. Ask a “private” person to put their full name online, and they will cower in fear. That is why Anonymous can get away with their motives that are done in secret.
- The target to bring down Anonymous, is to get them to stop their hacking, and to stop the activism in the streets. It’s not getting anywhere. The collective thinks that we need a perfect world, but sadly, it won’t happen!
- Membership in Anonymous is a “free-for-all”. Which means that even if your code name gets banned, you can come back as a different code name/IP address and continue contribution on hacking, projects (software), etc.
- There is probably not a grand-master or leader, just people keeping the same old mission going year after year. It all began with a few voices on 4chan years ago, and keeps on going (8 years now?).
- Time is of the essence. These people spend countless hours hacking. That means you have to work countless hours fighting back and on prevention.
What Businesses can learn
- Anyone entering your organization with anonymous identity ideas, or asks to be anonymous (by preference), has probably bad motives.
- It’s about time to implement better password security policies.
- It’s also time to implement better database encryption.
- Ensure good reputation across the entire spectrum of business…why? It attracts awesome workers, makes income rise, and makes the overall feeling of running the company a great type of feeling.
- Ensure the host server has excellent firewall technology and antivirus. It should not allow even the tiniest of malware threats onto a client server.
What Developers can learn
- “There may be developers smarter than me in Anonymous, so I need to step up my coding skills and get better encryption.”
- Encrypting files and databases has never been more important than now. Don’t think it cannot happen to you. That’s what Philips thought, or even AMD thought. You’d think AMD would have proper protection for their WordPress databasing since they know how to engineer root-level microprocessing chips. What gives?
- If the network is running one or two servers to operate a website, then it DOES need antivirus/firewall software. Don’t think just because your skills in database administration or server management are very good that malware can’t trump your server…you’re wrong. Some of the best administrators/managers have trouble with their server keeping free from malware.
- If you must get an unknown application from the web, or download it from an “anonymous source”, then run it in a sandbox or virtual machine. Execution of malware could be the end of the life for a server…don’t be tricked…stay protected.
- Just because your programming skills are awesome doesn’t mean anything. There are a lot of others that think their programming skills are awesome, however, the first time you let your guard down or get prideful – expect trouble.
What IT Security can learn
- Hackers can get in to nearly anything. Keep up on top standards in IT security. Being one step ahead of the hackers is a good thing.
- Keep the defense-in-depth method in mind. If you can get it to work, it will help for miles and miles (or kilometers and kilometers).
- Don’t expect security to be a piece of cake anymore. It’s now the top challenge in IT, and people are being recruited all across the IT stage to work in security. There just isn’t enough warriors on the scene. It’s time to step it up a notch in all aspects of your work. Don’t procrastinate and don’t be pessimistic. Be optimistic about all outcomes of your work, and see the improvement before your eyes!
- As stated above for businesses: password security is extremely important! Push password security big time. It’s the only chance at keep information secure in personal, business, and enterprise aspects.
- Push internet security software like there’s no tomorrow. Because for some people’s computers, personal or business, there will be no tomorrow. Not just for computers now, but also for devices such as smart phones, tablets, and PDAs.
There may be no more way to stop Anonymous, but at least we can be 5-10 steps ahead of them. If we do that, we’re showing them they have no future. It will also make it more challenging for hackers, and improve the best of technologies all across the IT spectrum. See for yourself, and try these principles on your specific spectrum. You won’t be sorry!
Get Kaspersky Antivirus for Server now to safeguard your Windows Server!
Please consider a donation to help our project, if we have helped you or your business save money.
New hacking group dubbed r00tbeersec, with main leader r00tbeer has posted details about an attack on AMD blogging, the Intel chips rival. Some 30 KB of data was apparently stolen, that contained a total of 189 usernames/passwords from their WordPress blog site.
The main AMD blogs site shows the following image (after redirect):
Some 64-bit operating systems and virtualization software running on Intel CPU hardware are vulnerable to a local privilege escalation attack. The vulnerability may be exploited for local privilege escalation or a guest-to-host virtual machine escape.
A ring3 attacker may be able to specifically craft a stack frame to be executed by ring0 (kernel) after a general protection exception (#GP). The fault will be handled before the stack switch, which means the exception handler will be run at ring0 with an attacker’s chosen RSP causing a privilege escalation.
Find out more about this story at US-CERT: www.kb.cert.org/vuls/id/649219
You may want to consider purchasing Malwarebytes’ Anti-Malware to protect against these types of threats.