Hacktivist group Anonymous is at it again, this time targeting Brazilian websites apparently in protest of Brazil’s costly hosting of the FIFA World Cup. While more traditional protests had been going on for many months with only nominal impact and attention, Anonymous immediately gained the media spotlight after claiming through Twitter to have hacked over 100 websites, including Brazil’s federal police website. Many of the website attacks consisted of Denial of Service assaults or simple defacements, but Anonymous sharply made their point by posting a list of logins and passwords purportedly from the police website, as well as claiming to also have harvested numerous operations documents and email exchanges.
What this means for you:
Just like any hot media item, hackers will be leveraging the globe’s enthusiasm for the World Cup, and it’s likely you will see spam and phishing attempts based around news, events and celebrities of the sport. As always, avoid clicking links in emails unless you can verify they lead to legitimate websites. Cybercriminals will also be counting on plenty of people searching for news about World Cup matches, so make sure you examine your search results carefully and only visit websites you know and trust. Don’t rely just on your antivirus software to protect you – use your common sense laced with a healthy dose of skepticism to avoid hackers scoring a goal on you.
Following recent attacks by hacktivist group Anonymous on various government websites, the Department of Energy has reported that it too has been hacked, and personal information on hundreds of its employees has been compromised. The DOE has been relatively tight-lipped about the breach, and it’s not immediately clear whether this may be related to Anonymous’s current campaign “Operation Last Resort” which aims to reform computer criminal laws in the wake of internet celebrity Aaron Swartz’s suicide. In the case of the Anonymous-led attacks, various government websites have been completely taken over by hackers and used to post derogatory videogame parodies and login credentials for hundreds of banking executives.
What this means for you:
The gloomiest of the doomsayers are saying that in the near future, there will be only 2 types of businesses: “Businesses that have been hacked, and ones that don’t know that they’ve been hacked.” We’re not there yet, but some analysts believe we’ve hit an inflection point in cyber security where the criminals are now ahead of the business world in terms of sophistication and advantage. If the above is any indication, many government institutions are probably even further behind businesses in terms of security. Does that mean it’s time to pack up all that technology and return to paper ledgers, brick and mortar storefronts and hand-written checks? Not yet, but the businesses that take an aggressive stance towards tightening up their ships will stay well ahead of the competition, especially when those looser ships start to spring cyber-leaks.
What’s the first step? Find out if you have an information security policy. If so, make sure it’s being enforced. If not, call me right away to start talking about how to get your company’s technology battened down for the coming storm.
Numerous sources are reporting that web services provider GoDaddy.com is currently suffering from a severe, widespread outage of its DNS and webhosting services, crippling thousands of its customers’ websites. GoDaddy’s website and phone support are also unavailable. Though GoDaddy is not commenting on the reason for the outage, responsibility for the outage is being claimed by hacker “Own3r” who is allegedly the Security Leader of the infamous hacktivist group “Anonymous“.
#tangodown godaddy.com by @anonymousown3r
— Anonymous Own3r (@AnonymousOwn3r) September 10, 2012
What this means to you:
GoDaddy is one of the world’s largest domain registrars, and by default, also one of the largest DNS providers as well. The easiest way to explain DNS is to liken it to a directory that matches the domain name (e.g. “c2techs.net”) with that website’s actual IP address (eg. “76.89.143.130”). Whenever you type a domain name into your browser, you are actually reaching out to that domain’s “name server” (hence “DNS”) so that your browser knows where to find the webserver that serves pages for that particular domain name.
Even if your site isn’t hosted by GoDaddy, if the above attack has taken GoDaddy’s DNS servers offline, your site is still unreachable unless the browser (or the human behind it) knows the IP address of your domain name and uses that instead.
What can you do about it:
While their service is down, not a whole lot. Once they come back online, you can transfer any GoDaddy services to any number of other providers. I use Hover.com and have been very happy with their simple and low-key approach. If you’ve registered domains with GoDaddy, then you are more than capable of handling the transfer process, especially if you start the transfer from Hover.com, but there are a few gotchas here and there that may complicate the process. Website transfers are a bit more complex, and unless you are an accomplished website administrator, I’d suggest you contact us for help. C2 Technology provides a full complement of web services including domain registration, website design and hosting.