A recently published bulletin by the U.S. Department of Homeland Security shows that the government has a close eye on hacker group Anonymous, especially in their shift in interest.
The latest report provides an assessment of Anonymous' capability to penetrate Industry Control Systems (ICS) and gain access to infrastructural networks, which follows up on a previous report that investigated the group's ability to develop new cyber attack tools.
According to the current evaluation, the government believes that Anonymous has shown that it can access ICS, but may not have the ability to actually understand the structure and inner workings of such software yet. There is speculation that Anonymous may be interested in gaining that knowledge, especially through freely available sources: "Free educational opportunities (conferences, classes), presentations at hacker conferences, and other high profile events/media coverage have raised awareness to ICS vulnerabilities, and likely shortened the time needed to develop sufficient tactics, techniques, and procedures (TTPs) to disrupt ICS," the report states.
However, the government's concern is that the simple capability of "recognizing and posting code", which Anonymous has done, for example, in the case of Siemens Simatic control software, "could gain the attention of those knowledgeable in control systems". However, at least in this unclassified report, there is no clear answer why the government believes that Anonymous appears to have increased interest in ICS, especially those that are tied to its "hacktivist" campaigns.
The report concludes:
"While Anonymous recently expressed intent to target ICS, they have not demonstrated a capability to inflict damage to these systems, instead choosing to harass and embarrass their targets using rudimentary attack methods, readily available to the research community. Anonymous does have the ability to impact aspects of critical infrastructure that run on common, internet accessible systems (such as web-based applications and windows systems) by employing tactics such as denial of service."
The advice to ICS owners is to make sure their security needs of their control system assets are addressed.