Hacktivist group Anonymous is staging a second wave of distributed denial-of-service (DDoS) attacks on government websites. It began by hitting the Home Office and GCHQ websites over the weekend, and moved on to other sites including MI6 yesterday.
US government sites, including those of the CIA, DOJ, FBI and NASA have also come under attack this week.
The Home Office admitted in a statement that its website was targeted by protesters on Saturday night, resulting in intermittent interruption to the service.
“We had measures in place to protect the site, which is now running normally,” a spokesperson told Techworld. “The site was not hacked and no other Home Office systems were affected.”
The attack follows an earlier attempt to bring down the websites of 10 Downing Street and the Home Office over the Easter bank holiday weekend. The attacks were conducted under the banner #OpTrialAtHome, and were reportedly launched in support of Pentagon hacker Gary McKinnon and TVShack's Richard O'Dwyer, who face extradition from the UK to the United States.
Graham Cluley, senior technology consultant at Sophos, described the first attack as an “audacious move by Anonymous and its supporters,” warning that other hacktivists who have launched DDoS attacks against websites belonging to British authorities – such as Ryan Cleary – have been arrested.
Meanwhile, the UK Government Communications Headquarters (GCHQ) appears to have headed off a similar attempt by Anonymous to knock its website offline.
The organisation claims it has “reasonable and proportionate information assurance measures in place to protect the site”. However, its defences will be tested once again on 21 April, when Anonymous is threatening to launch another attack.
Both of these attacks were announced via the Anonymous Operations Twitter account, which seems to have become the primary mode of communication for the hacktivist collective. The account was also used yesterday to claim responsibility for bringing down the MI6 site in the UK, as well as the CIA and Department of Justice sites in the US.
These attacks were initially claimed by a hacker from Brazil who goes by the Twitter handle @Havittaja, who claimed the attacks were done for the “lulz”. However, Havittaja also advocates freedom for fellow “Anons” currently facing incarceration for their participation in previous Anonymous operations.
“It's all of us together,” the Anonymous group stated on its Facebook page. “We are the 'little people', the hungry, the poor, the 'manipulated', and yet for all their power and might, these 'little people' brought their pride down.”
Organisations that have successfully resisted attacks by Anonymous are understandably reluctant to reveal details of the security measures they have in place to defend against DDoS, for fear of making themselves an easy target. However, Anonymous hackers do tend to vary their methods until they find one that works.
Earlier this year, security firm Imperva published a detailed analysis of an attack by Anonymous on one of its customers, providing new insight into how the hacktivist group operates. The New York Times revealed that the target in question was the Vatican, and a week later the Vatican website was brought down in a repeat attack.