Rash of Italian Cyberattacks Target State Governments

The group known as AnonPlus defaced three New Mexico Workers Compensation websites Wednesday, marking the third such attack on state government in six days.

by / May 16, 2018
Shutterstock

Three websites operated by New Mexico’s Workers' Compensation Administration were taken down Wednesday after hacktivist group AnonPlus claimed to have defaced them, Government Technology has learned.

“We received a call from Workers' Comp that they wanted to take the websites down as a precaution,” said Estevan Lujan, deputy cabinet secretary for New Mexico's Department of Information Technology. “We do not yet know what is going on with the websites.”

One of the websites is the main portal to the New Mexico Workers' Compensation Administration, and another is the former main portal that redirects to the current one, said Aileen O'Catherine, spokeswoman for New Mexico Workers Compensation Administration. The third website was an interim site that never went live, she noted.

AnonPlus, an offshoot of the renowned hacktivist group Anonymous, apparently has been busy targeting state-related agencies and organizations in the past six days.

On Monday, the group claimed to have defaced InfraGard Connecticut, a nonprofit partnership between the FBI, U.S. Department of Homeland Security, Federal Emergency Management Agency, US Coast Guard and Transportation Security Administration for Bradley Airport. The goal of InfraGard Connecticut is to protect local, state and the national infrastructure, according to the organization’s mission statement.

But the three InfraGard Connecticut websites that AnonPlus claims to have defaced are currently inaccessible. An InfraGard Connecticut representative was not immediately available for comment.

And on Friday, AnonPlus also claimed to have attacked the Idaho Legislature and iCourt websites. But the impact was minimal, Jon Hanian, press secretary for Idaho Gov. Butch Otter, told GT.

The sites were each down for approximately 15 minutes in total between the time they were defaced, discovered, taken down and repaired, Hanian said. 

“We would characterize this attack as a nuisance attack and a minor inconvenience for our citizens because the sites were temporarily down. Our Legislature was not in session when this occurred, so the impact to the Legislative Services Office site was minimal,” he said, adding, “We want to emphasize, no data or personal information was stolen, compromised or otherwise harvested by these hackers.”

As with the other attacks on the state agencies and organizations, it is not clear why the hacktivist group went after Idaho’s websites. Hanian surmised the group may have been seeking to garner attention.

On AnonPlus Italia’s website, it states its mission is, in part, to:

"AnonPlus spreads ideas without censorship, creates spaces to spread directly through mass defacement, publish news that the media filtered and managed for the consumption of who controls, we do that to restore dignity to the function of the media: media should be free, without censorship and must limit itself to “show what’s happening” and don’t 'say to us what’s wrong and what’s right.'

AnonPlus puts offline sites that actively contribute to the control of the masses from the corrupt, that by manipulating information and opinions create false realities: this is censorship!

AnonPlus not act for personal or political causes, has no leaders, moves to the interests of the people and we will fight until the leadership and the powership will lead into the hand of people: unique owner of the free world AnonPlus is ready to support the people’s need. And people is supporting AnonPlus: that’s our alliance, that’s our brotherhood, that’s our pact."

“While the hackers are targeting vulnerable government websites, it is unclear how they are successful in these attacks. Is it due to vulnerabilities, Web application vulnerabilities, configuration hardening or privileged attacks? The attack vectors are unknown from current public material,” said Morey Haber, chief technology officer for cybersecurity firm BeyondTrust.

In light of the recent incidents, Haber recommends that all government agencies utilize a cloud-based vulnerability assessment and Web application assessment solutions to test their public sites for security risks. 

“Commercial tools can help reveal any critical flaws that are behind these attacks and help organization mitigate the threats before their site becomes the next victim,” Haber says. “This process should be a part of every agency’s basic cybersecurity program for public Internet access.”

In the case of Idaho, the governor created the new position of state director of information security last year, and since then Jeff Weak, the former Air Force officer who heads up that position, has been implementing broad changes to the state’s IT protocols, including mandatory training for all state employees to prevent this kind of attack from happening in the first place, Hanian said.

 

Dawn Kawamoto Former Staff Writer

Dawn Kawamoto is a former staff writer for Government Technology.