The US government is keeping a wary eye on what it says is hacking collective Anonymous' growing interest in attacking critical infrastructure targets.
A DHS bulletin posted this week assesses the ability of the collective to inflict damage on industrial control systems that manage equipment at power plants, water treatment facilities, chemical plants and other potential targets.
The report downplays the near-term threat posed by Anonymous to such targets, but adds that experienced and skilled members of the group could "develop capabilities to gain access and trespass on control system networks very quickly."
Accessing energy companies
The report says that Anonymous recently called on members to target energy companies. DHS said the call is likely to attract both members of the collective and the broader activist hacking community.
"Asset owners and operators of critical infrastructure control systems are encouraged to engage in addressing the security needs of their control system assets," the DHS said.
The bulletin was posted on Monday on publicintelligence.net, which describes itself as "an international, collaborative research project aimed at aggregating the collective work of independent researchers around the globe who wish to defend the public's right to access information."
The DHS National Cybersecurity and Communications Integration Center (NCCIC) bulletin is not classified, but is marked for official use only. It is addressed broadly to stakeholders within the cybersecurity and critical infrastructure communities.
In the report, the DHS cites several recent actions that point toward a growing interest by Anonymous in industrial control systems.
In July, it notes, Anonymous members released a report spelling out the collective's concerns about global warming and called for protests against the Alberta Tar Sands project in Montana.
The Anonymous report aimed to draw attention to what the group claimed was "boundless greed" of several energy and financial services companies.
In July, a known member of Anonymous also publicly claimed to have accessed multiple control systems.
Anonymous showed that they understand control systems
"The posted xml and html code reveals that the individual understands the content of the code in relation to common hacking techniques to obtain elevated privileges," the DHS said. "It does not indicate knowledge of ICS; rather, it indicates that the individual has interest in the application software used in control systems."
The Anonymous post included administrative code used to create password dump files for a human-machine interface system from Siemens, and so-called "foundation code" that is used in server communication with programmable logic controllers, industrial controllers and remote terminal units, the DHS bulletin said,
The publicly posted code "indicates that the individual was able to recognise and post the portions of code that would ensure others knowledgeable in control systems would take notice," the DHS said.
The report notes that Anonymous has the ability to disrupt some systems within the critical infrastructure - such as Windows systems and Web applications - by using "rudimentary attack methods" such as denial of service attacks.
"Anonymous' increased interest may indicate intent to develop an offensive ICS capability in the future," it said.
The DHS assessment comes amid increasing concern about vulnerabilities in US critical infrastructure. Last year's Stuxnet worm in particular drew massive attention to the possibility that cyberattacks could disrupt or take down critical infrastructure targets.
The DHS in recent months issued several similar alerts about the activities of Anonymous, which indicates that the loosely affiliated collection of so-called hactivists is seen as a serious threat.