Two weeks ago, Anony颅mous, a global group of hackers, suc颅cess颅fully infil颅trated the Depart颅ment of Justice鈥檚 system and released stolen data. At the same time,  al-鈥嬧€婹aida, the inter颅na颅tional ter颅rorist orga颅ni颅za颅tion, released a video calling for an 鈥渆lec颅tronic jihad鈥� on the United States. Northeastern University news office asked Themis Papa颅george, an asso颅ciate clin颅ical pro颅fessor in the Col颅lege of Com颅puter and Infor颅ma颅tion Sci颅ence, and the director of the college鈥檚 infor颅ma颅tion assur颅ance pro颅gram, to ana颅lyze the threat posed by rogue hacker groups and what the U.S. gov颅ern颅ment can do to pro颅tect itself against future attacks.

This isn't the first time the Department of Justice was hacked. What do groups such as Anonymous accomplish by hacking into these networks and releasing data? What is the motivation behind their attacks?

Groups like Anony颅mous are becoming a crit颅ical threat to society and national secu颅rity: They attack gov颅ern颅ment, public and pri颅vate com颅pa颅nies, and indi颅vid颅uals鈥� net颅works and com颅puter sys颅tems mul颅tiple times every day. When they breach a com颅puter system they steal data and many times install mali颅cious soft颅ware pro颅grams that, unbe颅knownst to the sys颅tems鈥� owners, allow for future access by the hackers and con颅tin颅uous leaking of con颅fi颅den颅tial data.

Stolen data can vary from pro颅pri颅etary product infor颅ma颅tion and other intel颅lec颅tual prop颅erty to national-鈥嬧€媠ecurity data. Anony颅mous and sim颅ilar groups can embar颅rass a gov颅ern颅ment or a com颅pany by breaching its net颅works and com颅puter sys颅tems and can also gain finan颅cially by selling the stolen data.

The moti颅va颅tion of hacker groups such as Anony颅mous is a key com颅po颅nent of the threat analysis that we teach in infor颅ma颅tion assur颅ance courses at North颅eastern. Threat agents, such as Anony颅mous group mem颅bers, are moti颅vated by many fac颅tors, ranging from per颅sonal gain to revenge, peer recog颅ni颅tion, curiosity, and crime; to polit颅ical, reli颅gious and sec颅ular influ颅ence; and poten颅tially to ter颅rorism and national mil颅i颅tary objec颅tives. We train our stu颅dents to assess the cyber颅se颅cu颅rity risk posed by each group by ranking these moti颅va颅tion factors.

What can government do to thwart future breaches? What challenges do federal entities face in protecting themselves from hackers?

We need to defend more effec颅tively against such groups, both from a tech颅nical capa颅bil颅i颅ties per颅spec颅tive as well from a con颅tex颅tual per颅spec颅tive. Gov颅ern颅ment and public orga颅ni颅za颅tions need to con颅sis颅tently imple颅ment risk-鈥嬧€媌ased tech颅nical coun颅ter颅mea颅sures and con颅trols for net颅works and com颅puter sys颅tems, along with poli颅cies and user awareness.

Many times a cyber颅se颅cu颅rity con颅trol, such as a soft颅ware patch, may be avail颅able for months before it is impliemented. People can be our most capable fire颅wall by training employees to defend against social engi颅neering. It is impor颅tant to know not to click on a mali颅cious attach颅ment in an email and not to pro颅vide con颅fi颅den颅tial infor颅ma颅tion to an uniden颅ti颅fied tele颅phone caller. User training and aware颅ness are some of the valu颅able com颅po颅nents in secu颅rity risk management.

The greatest chal颅lenges facing fed颅eral enti颅ties come from a lim颅ited knowl颅edge of the threat agents鈥� modus operandi.

Since the attackers have the advan颅tage of choosing the method and time of attack, fed颅eral agen颅cies could make risk-鈥嬧€媌ased deci颅sions by defending against the most dam颅aging attacks only by having access to a com颅pre颅hen颅sive and cur颅rent data set of attacks and methods. This can be accom颅plished by sharing attack and method data and sce颅narios across fed颅eral agen颅cies and public com颅pa颅nies. This strategy would help build effec颅tive net颅work and com颅puter system secu颅rity con颅trols, coun颅ter颅mea颅sures, poli颅cies and inci颅dent response strategies.

Al-Qaida has called for an "electronic jihad," promoting attacks on a range of online targets. Is there evidence that a network of al-Qaida operatives could plan coordinated attacks?

Al-鈥嬧€婹aida has a well-鈥嬧€媎ocumented record as a ter颅rorist group with mul颅tiple phys颅ical attacks. In terms of orga颅ni颅za颅tional struc颅ture, hacker groups have been a col颅lec颅tion of indi颅vidual threat agents with net颅working abil颅i颅ties (ini颅tially using the Internet and also later tech颅nolo颅gies such as Peer-鈥嬧€媡o-鈥嬧€婸eer and Bit颅Tor颅rent) to talk about their exploits and share mali颅cious tools. Al-鈥嬧€婹aida is reported to have a hier颅archy but seems to operate as a net颅work of semi颅au颅tonomous cells of threat agents whose actions are thus even more dif颅fi颅cult to pre颅dict and stop.

There颅fore, if al-鈥嬧€婹aida were to acquire the tech颅nical capa颅bil颅i颅ties of a hacker group such as Anony颅mous, they would be a very cred颅ible and high-鈥嬧€媟isk cyber颅se颅cu颅rity threat. Plan颅ning and exe颅cuting coor颅di颅nated attacks in the cyber颅se颅cu颅rity domain is very dif颅ferent from exe颅cuting attacks in the phys颅ical secu颅rity domain, because the space and time con颅straints of phys颅ical attacks are con颅sid颅er颅ably reduced in the cyber domain. It may take weeks or months to plan a cyber颅se颅cu颅rity attack, but it could only take a few min颅utes to launch a denial-鈥嬧€媜f-鈥嬧€媠ervice attack, using a botnet of com颅puters belonging to unsus颅pecting com颅pa颅nies and indi颅vid颅uals, and poten颅tially bring down a com颅po颅nent of crit颅ical infrastructure.