Community effort needed to forestall cyberattacks

Select an option below to continue reading this premium story.

Already a Honolulu Star-Advertiser subscriber? Log in now to continue reading.

Get unlimited access

From as low as $12.95 /mo.

Subscribe Now

On May 1, the Department of Homeland Security issued an alert warning of a pending cyberattack targeting high-profile U.S. government agencies and financial institutions.

The initiative was dubbed "OpUSA" by its instigators,

a loose collective of global hacking groups, including members of the infamous Anonymous. After a largely unsuccessful attack on Israeli interests ("OpIsrael") in April, the groups vowed to strike harder during OpUSA, launching Denial-of-Service attacks against banks’ websites and initiating website defacements and Wikileaks-style document releases. They planned to strike in unison on May 7.

More than 100 financial institutions, including two in Hawaii, were named on the public website that the attackers used to coordinate their activities. Eight U.S. government agencies were also designated as targets, supposedly in retaliation for U.S. support of Israel and ongoing military actions in the Middle East.

In the end, OpUSA fizzled even more spectacularly than OpIsrael. There were no widespread reports of sites taken down, only a handful of site defacements and a few seemingly random dumps of personal information from some previously compromised sites.

A defunct emergency notification system run by the Honolulu Police Department was hacked during this time, compromising the email addresses, cellphone numbers and passwords of 3,500 people who signed up for HPD email or text message alerts. HPD had used Nixle, a community information service, since 2011 to distribute "HPD Alerts," notifying the public of road closures or other warnings. It was discontinued in April 2013, and it is unclear when exactly the breach occurred or if it was even related to the OpUSA campaign.

The consensus is that the attacks fizzled because law enforcement, service providers and their customers are sharing intelligence and collaborating more than ever in efforts to mitigate them. It will continue to be a community effort to blunt these attacks when they come. If you own a business on the Web and are concerned about being caught up in attacks such as these, reach out to your Internet service provider to see what options may exist to help you.

In next month’s column, we’ll discuss some of the motivating factors behind cyberattacks.

———

Hawaiian Telcom Information Security Director Beau Monday, CISSP, GSEC is a local cybersecurity expert. Reach him at Beau.Monday@hawaiiantel.com.