By BEN TINSLEY
THREE RIVERS, Texas — The Three Rivers Chamber of Commerce’s website and domain name had to be transferred to a new server recently after the previous system was hacked and defaced with virtual graffiti by someone claiming to represent the international online activist movement “Anonymous.”
Authorities, however, are skeptical these hackers have any actual ties to that collective. Anonymous is famous for cyber attacks and pilfering information from government and corporate websites.
“I really don’t think it was those guys,” emphasized Billy Williams, the IT official contracted by the city of Three Rivers. “I am going to say the hackers that did this were amateurs at best. If the servers they affected had not had security flaws that were vulnerable — meaning their patches were out of date — what they did probably wouldn’t have had any effect at all.”
Officials say this attack was not confined to the Three Rivers Chamber site. More than 30 sites across the United States with connections to the same server were apparently defaced with similar graffiti and messages in early July.
In addition to Anonymous, the graffiti message also contained the names “4Ri3 60ndr0n9” and the “XXX-Hacker Team.” The message also contained the slogan, “We are Anonymous. We are legion. We do not forgive. We do not forget. Expect us!”
Three Rivers officials emphasized no crucial city or chamber information was compromised by this hack — which was the first of its kind in 15 years. In the wake of the attack, all vital emails and related functions have been secured, they said.
“It’s important to remember that they didn’t hack the chamber site because they were after the chamber,” Williams said. “The fact of the matter is they hacked the server the chamber site was on and the chamber simply got caught up in the fallout of that.”
Williams anticipates ultimately moving all Three Rivers city websites and the Three Rivers Police Department’s website to the secure server. He said every effort is being made to protect the site against further intrusion. For instance, Williams said, the chamber’s IP address has already been changed.
Another area IT expert agrees the hackers in question probably aren’t even close to the same league as Anonymous.
“The thing about it is, Anonymous is not really big on defacing,” explained Tom DeSot, executive vice president and chief information officer of Digital Defense, Inc. out of San Antonio. “They are much more into hacking to get information. If you’ve seen or read news about the actual Anonymous attacks, most of them were associated with some kind of security breach – be it the Church of Scientology or some defense contractor.”
Anonymous’ reputation is as a network of activities and “hacktivists” famous for cyber attacks on government and corporate websites. They have been described as “Internet gathering” with a very loose and decentralized command structure. They have pulled off some very well-publicized publicity stunts and distributed denial-of-service attacks on government, religious and corporate websites.
Questions to Anonymous members asking if they were responsible for accessing the Three Rivers site were submitted by a reporter to sites identified as having connections to the group — http://knowledge-is-free.tumblr.com and https://www.facebook.com/Gospel.Of.Mark.5.9.
There were no responses.
DeSot said Anonymous gears its efforts towards capturing and publicly releasing information to forums such as Facebook or WikiLeaks.
“Just defacing a website and putting their banner up like they did seems like pretty low-level,” he said.
The hackers were able to affect the Three Rivers chamber site by penetrating the Corpus Christi web service (titled Fisk Affordable Communication) that had been hosting the chamber for several years, officials said.
“We could not reach that company to discuss what had happened,” Williams said. “Their phones have been disconnected. This website had been up for years and no one knew what the password was. We could not retrieve our information. So, after speaking with the Cyber Crimes division of the FBI and working diligently over the past few days we got the domain moved to a secure server. If you go on our site it doesn’t show up as ‘hacked’ anymore.”
Murrell Foster, executive director of the chamber and a Three Rivers city councilman, said the attack took place a few weeks ago. But the defaced site was frozen up until less than a week ago.
“We have been working diligently with our webmaster in Beeville and our computer consult in San Antonio to get it corrected,” Foster said. “The FBI was contacted about it and are involved in trying to track down the criminals who did it.”
Calls to the Federal Bureau of Investigation about the incident were deferred to Shauna A. Dunlap, media coordinator for the FBI out of Houston. Dunlap said she was not at liberty to discuss the issue.
“Department of Justice policy dictates that we cannot confirm, nor deny, the existence of our investigations,” Dunlap replied in an email. “We certainly wouldn’t be able to comment on any of your specific questions.”
In his position with Digital Defense Inc., DeSot is familiar with providing managed security assessments, education and intelligence. The company helps organizations around the world safeguard their companies from malicious attacks by identifying vulnerabilities before they become threats.
DeSot said it is common for low-level hackers to claim to be part of larger groups such as Anonymous to lend greater credence to their actions. But ultimately the skill sets of Anonymous are far above what was displayed in the Three Rivers attack, he said.
“Breaking into a corporate network is so much more sophisticated and takes such a different degree of talent,” DeSot said. “Whoever did this, it seems their claim to fame is simply defacing websites. If they had gone in and retrieved protected information, that might make me think they were more closely tied to Anonymous.”
Ben Tinsley is a reporter for The Progress newspaper in Three Rivers. He can be contacted by email at email@example.com or by phone at 361-786-3022. Tinsley can also be followed on Twitter at http://www.twitter.com/BenTinsley, Google at http://plus.google.com/+BenTinsley or on Facebook at http://www.facebook.com/ben.tinsley.12.