Information Security Blog

Hacktivists Turn US Government Site into Playable Video Game as China Hacks the New York Times

These Government links are part of a weekly series, Ethical Hacker Roundup, featuring recent information security and cybersecurity related articles that we’ve read over and thought worth sharing.

These articles were emailed to us, shared on Twitter @pivotpointsec and our Google+ page, and read in RSS subscriptions this week.

Anonymous Repeatedly Hacks US Government Site

Hackers claiming to be part of the Anonymous hacker collective “owned” the US Sentencing Commission website ( on January 25 through 27, first replacing the home page with a long screed detailing its gripes with the US legal system and threatening to release embarrassing “secrets” stolen from US government websites.  The next move in “Operation Last Resort” was to turn the commission’s restored home page into a playable version of the classic Asteroids arcade game. A subsequent threat to release a list of people in the federal Witness Protection Program was bogus.

The hack was in retaliation for the suicide by hanging of Aaron Swartz on January 11 in his New York apartment. Swartz was awaiting trial on charges of computer intrusion. Swartz invented Really Simple Syndication (RSS) at the age of 14, and started the wiki platform infogami while an undergrad at Stanford. He was charged with breaking into JSTOR files of academic papers in order to make them freely and publically available. Prosecutors said they had no plans to seek jail time for Swartz.

When the Asteroids hack was finally shut down, Anonymous moved it to the US Probation Court for the state of Michigan website ( – suggesting that Anonymous could have background control of multiple US government websites.

Chinese Government Implicated in Cyber Assault on New York Times

The Chinese government apparently feels it has political reasons to assault the New York Times computer systems over a four-month period with 45 pieces of custom malware, which were built to compromise business processes and steal passwords. The persistent attacks were partly successful; however, the paper was able to surreptitiously detect and investigate them as they were underway, leading to identification of sophisticated Chinese hackers with probable ties to its government/military as the likely perpetrator. The Times has expelled the attackers and strengthened its systems for the future.

The attacks coincided with and were presumably motivated by the reporting of a times investigation that found that relatives of China’s prime minister, had accumulated a multi-billion dollar fortune through their business dealings. A reactionary desire on the part of China’s current oligarchy to control how the world perceives, discusses and acts towards China is the likely ideological basis for this and similar attacks on western media.

White House Cybersecurity Order Likely

The Chairman of the Senate Homeland Security and Governmental Affairs Committee, Tom Carper, said yesterday that the White House has “signaled” it will most likely introduce a long-awaited cybersecurity executive order in mid to late February. The order is a follow-up to the Cybersecurity Act of 2012, which was killed by Senate Republicans back in August 2012. (An early draft of the order was leaked on back in September.)

Carper announced that after the order is released, he plans to hold a joint hearing with the Commerce and Intelligence committees to discuss the measures included in the order. The Obama administration feels an executive order is necessary because the cybersecurity threats facing the US are too great for action to be further delayed by bipartisanship in the legislative branch.

Government IT Security

Pivot Point Security has the right combination of Information Security/Compliance domain expertise, government knowledge and experience, and organizational character to help you define and execute on the best course of action to know you’re secure and prove you’re compliant. See how we can help.


Free Whitepaper: Five Best Practices for SIEM


The promise of SIEM is the consolidation of all relevant Security Event Logs from disparate sources into a single unified and normalized data store.

Is ISO 27001 Right for (Y)our Organization?


Thinking about ISO 27001 Certification? View our free On-Demand ISO 27001 Webinar

  • How to deal with increasing threats
  • How to manage multiple regulatory requirements
  • How to handle client requests for attestation
  • To validate that significant changes did not have unanticipated results

Free Download: A Best Practices Guide to Database Security

database security roadmap

Because data is only as secure as the systems & processes it relies on – a holistic approach to data security is essential. This roadmap is not meant to be exhaustive but rather to stimulate the necessary thought process to put you on the path to good data security.

Free Download: ISO 27001 Implementation Roadmap

ISO 27001 RoadmapHave no fear – our “roadmap” will guide you, step by step, through the entire ISO 27001 process.

Getting to ISO 27001 certification is a process made up of things you already know – and things you may already be doing!

Best Practices for Firing A Network Security Administrator

Firing A Network Security AdministratorWant to know how to fire a Network Admin? Need to know what precautions to take? Firing any employee can be a stressful event. Firing one who has significant knowledge of and privileged access to your Information Technology/Security infrastructure is even more stressful, as the risks are so notable.

Download: Information Security Attestation Guide

Information Security GuideA Best-Practices Guide to Information Security Attestation

Download our proven Information Security Guide to simplify the process of protecting your data, proving you’re secure and growing your business.

Free Whitepaper: Stop Wasting Money on Penetration Testing


Penetration Testing is most frequently performed to:

  • Substantiate the net effectiveness of a mature control environment
  • Prove to a third party that an environment is secure/trustworthy
  • Quickly assess the security of a less mature control environment (in a sense a technical risk assessment)
  • To validate that significant changes did not have unanticipated results

Free Download: ISO 27001 Vendor Selection Toolkit

“ISOOur ISO 27001 Toolkit will help you to select an ISO 27001 consulting firm.
  • Review the Issues Critical to Your Environment
  • "Vet" Vendor Qualifications
  • Compare the Top 3 Vendors
  • Sample RFP Included

About the Author:

Marketing at Pivot Point Security

Add a Comment

Share This