When the British newspaper the Guardian reported Jan. 7 that the Ministry of Defence (MoD) was funding university research into Anonymous, hacktivism, and surveillance (and had been for at least a year), it was only a matter of time before someone, somewhere in the hacker collective took retaliatory action.
Within about four hours of the article’s publication, #OpPhDPounds was on. It’s an Anonymous action that targets U.K. universities studying cyberwar, even at arm’s length. It’s been in stealth mode for almost two weeks as the Anons attempted to gather intel.
The hackivists have zeroed in on Queen Mary University of London and one of the institution’s researchers, a specialist in nanotechnology, in particular, releasing a couple of potentially embarrassing lists and internal communications.
But there’s a larger, more threatening action in the works.
“[We] plan on stirring things up over the universities taking MoD cash for invasive research,” one of the team members, with whom I was already familiar from previous hacks, told me via encrypted chat. “I am going to release basically their own map of their network, with all of the IPs and Mac addresses of every computer on their network.”
— Anonymous (@blackplans) January 20, 2014
On Jan. 19, they did exactly that, in a combination press release/dox that went live over the weekend at ZeroBin, a sort of self-destructing document delivery system. In one year, the document will be erased. They allegedly mapped the entire university computer network, identifying each computer and each Internet connection. It’s analogous to having the blueprints to a bank.
That information could be used in a distributed denial of service (DDoS) attack to target the specific university machines. In such a case, the website would likely remain up, but the individual computers on the university system—the ones used by the staff and students—could become inoperable. No damage would be done to their contents, but they could be frozen as long as they remained connected to the Internet and the subject of attacks.
DDoS is the most likely form of attack, as it is easy, cheap, and standard operating procedure for Anonymous, but other, more malicious or longer-lasting hacks are also certainly possible given.
The hackers claim they also have data from the human resources department, grades, evaluations, and personal details, of which I have been shown only a small selection. The hacker told me, “Bear in mind we do not plan on releasing much that will identify individual students, but we could if we wanted to.”
As for the motivation, Anonymous aims to draw attention to data insecurity in the institutions entrusted with MoD grants for security projects and research. “It’s obvious,” said our source, careful to note that this was an international effort, not specific to the U.K. “The institution is woefully underprepared for the kind of attention working with the Ministry of Defense can cause. If we are on their systems, anyone else could be as well.”
The hacker also claimed that they still have access to Queen Mary’s systems on an ongoing basis.
“They want to analyze data on the net, while their own data is woefully unsecured.”
Update: A spokesperson for Queen Mary University told the Daily Dot, “We are investigating the claims. We have informed the police.”
Photo via Hayes MKII/Flickr