Late Friday night, the hacktivist group Anonymous took control of the U.S. Sentencing Commission website in a new campaign called “Operation Last Resort.” The website was still experiencing downtime as of 11am PT this morning, and according to a ZDNet report, the website was re-hacked on Sunday afternoon and turned into a playable video game accessible from multiple U.S. government websites.
Upon visiting ussc.gov and entering the code in the Tweet below, the page becomes a playable version of the old Atari game, Asteroids:
Why This Website, and Why Now?
In a YouTube video published Saturday (embedded below this article), Anonymous explained that the hack was done symbolically in response to the recent suicide of Internet freedom activist and Reddit Co-Founder Aaron Swartz. Swartz was facing federal charges – a fine of up to $1M and potentially 3 decades in prison – for downloading academic articles from the MIT computer archive. Alongside Swartz’s family, Anonymous believes Swartz was “killed by the government” – an assertion that led the hacker group to target the U.S. Sentencing Commission website, which sets guidelines for sentencing in federal courts.
Implications for Federal Cybersecurity
No matter where readers stand on the case above, these recent hacks bring to light a broader issue related to federal cybersecurity. On the one hand, this hack could be seen as merely cosmetic. Since the U.S. Sentencing Commission website is outward facing, what Anonymous has done is essentially defaced the sign above the USSC’s front door.
Does it catch attention? Certainly. But is it dangerous? It depends.
The reality is that all computer systems with Internet access are connected to one another. This fact alone means that even if Anonymous cannot gain access to sensitive government information through this particular website hack, it’s not hard to imagine how their actions could escalate.
Hacking vs. Cyberterrorism
Should the actions of hacker groups like Anonymous be considered a form of cyberterrorism? In a way, this U.S. Sentencing Commission attack makes the threat of cyberterrorism seem less serious than it really is. After all, they defaced the ussc.gov domain with a game of Asteroids.
But if we look at the history of cyberterrorism, it has much more potential than defacing a government website in the name of social activism. For example, the Stuxnet virus, discovered in 2010, was powerful enough to cause physical damage to Iran’s nuclear program. While this wasn’t the first time that hackers have targeted industrial systems (i.e. power plants, water treatment facilities, gas lines, etc.), Stuxnet was the first virus developed by and designed to interfere with nation-states.
In response, the Pentagon is already on the move, looking to employ a larger cybersecurity force over the next few years to boost the nation’s defenses around critical computer systems. Only time will tell if these initiatives will be enough to prevent a major attack, but it’s certainly a step in the right direction.
For more technical details on the Anonymous hack, readers can check out this blog post from McAfee Labs, and be sure to follow us on Twitter @McAfeeConsumer to keep up-to-date as the story evolves.