He's not so anonymous anymore. The FBI on Tuesday arrested Kevin George Poe, an alleged member of the underground "hacktivist" group Anonymous.
Poe allegedly launched a distributed denial of service, or DDoS, attack against GeneSimmons.com, a Web site operated by none other than the lead singer for the 1970s rock band KISS. Although Simmons removed his face paint long ago by choice, this suspected 24-year-old anonymous hacker is being exposed by force.
Poe used the screen name spydr101. But he will stand before a federal court judge in Los Angeles as just plain Poe at a court date yet to be scheduled. Poe, who hails from Hartford, Conn., was released on $10,000 bond. If convicted, he could serve as long as 15 years in prison.
Simmons Stand May Have Raised Hackles
The international hacking group anonymous gained fame for its high-profile attacks in 2011, including PlayStation, MasterCard, Visa and groups that battle online piracy. Those groups include the Recording Industry Association of America and the Motion Picture Association. Simmons' comments at a media conference in Cannes, France, last year may have drawn the ire of Anonymous.
"The music industry was asleep at the wheel," Simmons says in a YouTube video that features a panel discussion rom the conference. "It didn't have the balls to go and sue every fresh-faced, freckle-faced college kid who downloaded material, and so now we're left with hundreds of thousands of people without jobs. There's no industry."
Simmons went on to say that people need to sue everybody who infringes on their band.
"Take their homes, their cars," he said. "Don't let anybody cross that line."
Non-Traditional DDoS Attacks
Mike Paquette, chief strategy officer at Corero Network Security, said the arrest once again sheds light on the increasing number of DDoS attacks by criminals and hacktivists that are either out for financial gain or just looking to make a political or ideological statement.
"Traditionally, DDoS attacks have consisted of massive floods of network packets that overwhelm a company's bandwidth, routers, firewalls, switches and servers," Paquette said. "In 2012, blue chip corporations, retailers, banks and government agencies can expect more sophisticated application-layer attacks that cause a denial of service without filling up all of the available bandwidth."
Put another way, Paquette is saying that attackers no longer need a large volume
of traffic to make their plot work. Essentially, the attackers use this strategy: first profile a company's Web applications, then build botnet scripts that use heavyweight application transactions to overload backend databases and other servers. Attacks using these scripts cause the targeted application to become unreachable, making the DDoS attack successful, Paquette said.
A 2012 Warning
"In 2012, IT administrators should update their business continuity plans and improve their overall security posture in preparation. The negative impact of business and productivity losses makes it essential to be diligent in preparation," Paquette said.
"When working with technology providers, organizations should make sure their DDoS defense solutions are flexible, improving the likelihood they are able to accommodate future variations of DDoS attack techniques. Being prepared, vigilant and ready to act fast will go a long way in thwarting the DDoS attacks of tomorrow."