'Hacktivist' Groups Like 'Anonymous' are not the Biggest Threat to Cybersecurity, says UB Information Assurance Expert

A Q&A with the director of UB's Center of Excellence in Information Systems Assurance Research and Education

Release Date: August 15, 2011 This content is archived.

Print

Related Multimedia

Professor Shambhu Upadhyaya is a cybersecurity expert; his research center studies ways to protect the nation's information technology systems.

University at Buffalo Professor Shambhu Upadhyaya, PhD, (pronounced SHAM-Boo Oop-a-DYE-uh) teaches and conducts research in the area of computer security. He is director of UB's Center of Excellence in Information Systems Assurance Research and Education (CEISARE), whose work has included studying cybersecurity and training students to protect the nation's information technology systems.

With hacker collectives carrying out high-profile cyber attacks -- most recently claiming to have stolen a large trove of data including personal information from U.S. law enforcement agencies -- Upadhyaya comments on how much of a threat these groups really pose to cybersecurity. Upadhyaya can be reached at 716-645-3183 or shambhu@buffalo.edu.

Q: Are hacker groups like Anonymous the biggest threats to cybersecurity today?

A: No. Groups such as Anonymous, LulzSec, AntiSec, etc. belong to a special group who indulge in 'hacktivism' -- hacking and activism. They are largely a sympathizer of "freedom of information," and their agenda is basically to protest what they perceive as violation of freedom of information or violation of privacy. These attacks are not aimed at individuals but against organizations. Based on the recent arrests across the country and in the U.K., it appears that the group consists of juveniles who want to get some notoriety. They are not big threats because they indulge in denial of service attacks -- creating nuisances such as defacing of websites, slowing down online accesses on the Internet, etc. -- and occasionally stealing sensitive information such as password files, social security information, etc.

Q: What are some of the most important threats to cybersecurity today?

A: The biggest threat to cybersecurity is attacks on the nation's critical infrastructure, such as the electric power grid, transportation system, financial network and military assets. We have seen attacks on the Pentagon's $300 billion F-35 Joint Strike Fighter project in April 2009, where the attackers stole some critical/sensitive information. Hactivism attacks of the type of Anonymous, LulzSec, AntiSec, etc. cannot be ignored, but they are of much lower risk compared to the attacks aimed at the nation's critical infrastructure.

Q: What are some new approaches being developed to prevent cyber attacks?

A: The Cybersecurity and Internet Freedom Act of 2011 proposed by Congress will help fight cyber attacks. It focuses on training and recruiting a cybersecurity workforce to protect the critical assets of the nation. Companies and academia are doing research on cybersecurity to counter cyber attacks but there is no magical solution for this problem yet. There will never be a complete solution for cyber attacks because it involves a combination of process, technology and people, the people becoming the weakest link in the security chain. As an individual, one should use strong passwords and apply security patches to their systems constantly. One should not open unsolicited and suspicious emails and attachments. Such good practices will prevent a number of attacks and make you somewhat secure.

Q: What else should the public be aware of regarding groups like Anonymous?

A: The latest Anonymous activity is their alleged threat to attack Facebook because they do not agree with Facebook's privacy protection measures -- they perceive that Facebook is spying on users' privacy and colludes with law enforcement agencies to "unprotect" users' privacy. This kind of activism/protest is illegal and constitutes a cyber crime.

Anonymous showed solidarity to WikiLeaks last year when WikiLeaks founder Julian Assange was arrested. As an act of sympathy, they attacked Visa, MasterCard and online payment companies, such as PayPal, because these companies broke ties with WikiLeaks. Anonymous also attacked Fox News and CIA websites. The FBI went after Anonymous and made several arrests recently in the U.S. and U.K. Other sympathizer groups such as AntiSec attacked several law enforcement agency websites as a retaliation to the arrest of Anonymous members.

A list of additional UB faculty experts is available at http://ubfacultyexperts.buffalo.edu.

The University at Buffalo is a premier research-intensive public university, a flagship institution in the State University of New York system and its largest and most comprehensive campus. UB's more than 28,000 students pursue their academic interests through more than 300 undergraduate, graduate and professional degree programs. Founded in 1846, the University at Buffalo is a member of the Association of American Universities.

Media Contact Information

Charlotte Hsu is a former staff writer in University Communications. To contact UB's media relations staff, email ub-news@buffalo.edu or visit our list of current university media contacts.