The advice to prepare for DDoS attacks would appear to make sense as Anonymous has used them to great effect in the past, but as the technology behind DDoS Attacks improves we have to wonder if most current mitigation policies will have any effect at all. According to a recent pastebin file the attacks will not just come in the form of DDoS, but will also be DNS hijacks, redirects, data breaches and more.
“You can not stop the internet hate machine from doxes, DNS attacks, defaces, redirects, ddos attacks, database leaks, and admin take overs”
Currently most US companies are not ready for this level of activity whether it is in the form of a DDoS or an attempted data breach. Our infrastructure is simply not built for it. UD ISPs have complained about the cost of maintaining a secure network and more money is spent fending off or fighting for different laws and regulations than on infrastructure changes that would help to mitigate this type of massive operation. What makes things worse is that corporate America and the Government has been aware of the fragile state of our internet infrastructure for years. Instead of working to fix it they have been busy trying to create new laws to spy on people and protect the copyright industry.
Additionally most US companies do not have effective programs to upgrade hardware and software to ensure they are not vulnerable to attacks like this. In many cases it is all about the money it costs to maintain a more secure network. People will little understanding of security make decisions based on potential risk and exposure. They do not get the impact that attacks like this can have on their customers (and in many cases they do not care). If the cost of the upgrade program is more than the potential for loss if an attack happens then it is not done.
Of course Anonymous does not even have to go after a company’s webservers to take them down. They can hit infrastructure components that are not even owned by the company, but their Internet Service Provider. They can hit the routers that allow traffic out from the site and effectively block all traffic to and from the site without ever touching the web server. This is one of the newer techniques that has been documented over the last few months and it has been used to great effect against ISPs in recent attacks.
What is interesting is that when and if these attacks take place Anonymous will be the only ones blamed for any outages or data loss. The attacks will be used to push for more bills like CISPA, SOPA, PIPA, and even the legendary “internet kill switch”. The companies that did not spend the money to maintain proper security will get cast as the victims here while they apologize for any inconvenience to their customer base and have their lawyers make sure they are not liable for damages. Sadly some of these targets are the same people that want us to trust them with backdoors in ISP and website services as well as 24/7 access to user data. They cannot even maintain what they have now properly and they want to open up more holes in the system? What kind of logic is that?
What do you think about all of this? Tell us in our Forum