Anonymous is a rather strange organization in term that it is not really organized. Of course, it is internationally recognized as hack activist group involved in the protests around the world and penetrates into websites and databases of corporations and government agencies.
Unity of its members are not yet clear, some members call for operation and later they decline the whole operation (the case of #opFacebook), some groups from certain country launch attacks on media while the main group say that they do not target media. But here there is another prominent group of hacker that is called LulzSec.
New interview has been released with @SparkyBlaze a previous member with Anonymous by Jason Lackey the person behind popular account @CiscoSecurity Twitter feed. The interview clarifies many things about Anonymous:
JL: Can you tell us a little bit about your background?
SparkyBlaze: Well, I am from Manchester. I went through school not caring… my teachers always said I knew the stuff but I couldn’t be bothered to do anything. They were right, as nothing interested me. I am only hard-working if I am passionate about something, like computers. I went through my childhood bored as hell till I found computers. I love things like Defcon and hacker conferences and talking to other hackers. I love managing servers (and making sure they are secure).
I am white, in my 20′s and planning on moving to America to study computing and ethical hacking (I think it is best if they don’t know about me and anon ;D). I plan to live there as I have always wanted to. I love guns also, but it is mostly illegal in Britain and there are no ranges to shoot on.
JL: So what sort of advice would you give enterprises and other organizations out there as they grapple with security-related issues?
SparkyBlaze: Here’s the advice I would give to companies:
- Deploy defense-in-depth
- Use a strict information security policy
- Have regular audits of your security by an outside firm
- Use IDS or IPS
- Teach your staff about information security
- Teach your staff about social engineering
- Keep your software and hardware up to date
- Watch security sites for news on computer security and learn what the new attacks are
- Let your sysadmins go to defcon ;D
- Get good sysadmins who understand security
- Encrypt your data (something like AES-256)
- Use spam filters
- Keep an eye on what information you are letting out into the public domain
- Use good physical security. What good is all the [security] software if someone could just walk in and take [your “secure” systems]?
I recommend that companies apply all security recommendation as they help to reduce being hacked while you can read the complete post with very interesting Q&A from here.