The hacker group Anonymous is interested in attacking the industrial control systems (ICS) behind energy, biotechnology and oil businesses, according to a Department of Homeland Security bulletin.
The website Public Intelligence released the bulletin to the public this week. The DHS bulletin was issued privately last month.
The document was created by the National Cybersecurity and Communications Integration Center (NCCIC) and is labeled unclassified and for official use only.
Industrial control systems “monitor and control complex industrial processes like petroleum refinement, chemical production, product manufacturing, and electric power generation and transmission,” according to the National Security Agency’s Systems and Network Analysis Center. The infrastructure includes vital pumps and switches that communicate over network links.
Although Anonymous allegedly wants to compromise these ICS systems, the organization’s members may not actually be able to do it yet. “While Anonymous recently expressed intent to target ICS, they have not demonstrated a capability to inflict damage to these systems, instead choosing to harass and embarrass their targets using rudimentary attack methods, readily available to the research community,” the authors wrote.
“Anonymous’ increased interest may indicate intent to develop an offensive ICS capability in the future,” the document writes, but the hacker collective may have trouble making this happen. “The lack of centralized leadership/coordination and specific expertise may pose challenges to this effort.”
The NCCIC noted three cases that proved Anonymous’ interest in this area:
- On July 11, a suspected member of the group posted information on Pastebin describing an attack on websites for Monsanto, a biotechnology company. The post writer claimed that, “over the last two months we have pushed the exposure of hundreds of pages of articles detailing Monsanto’s corrupt, unethical, and downright evil business practices.”
- On July 12, Anonymous released a report and called for protests along a Montana highway against the Alberta Tar Sands project for being a corrupt member of “Big Oil.” Protestors came to Montana’s state capitol on July 13.
- On July 19, an Anonymous member tweeted code obtained from browsing the directory of a piece of Siemens software. The person claimed access to and control over the company’s systems. Siemens provides technology for electrical engineering.
The NCCIC bulletin concludes that Anonymous has a limited ability to target ICS systems in a sophisticated manner but that “experienced and skilled members of Anonymous in hacking could be able to develop capabilities to gain access and trespass on control system networks very quickly.”