Anonymous Attacks Monsanto, Steals Employee Data

The hacking group Anonymous has struck again, this time releasing documents it said it stole from the network of giant biotechnology and agricultural seed company Monsanto in retribution for alleged corporate misconduct.

The hacking collective posted information it stole last month on 2,500 Monsanto employees and associates, the group announced. Anonymous also launched a distributed denial-of-service attack on Monsanto’s international Websites, forcing the company to shut down the sites for approximately three days.

Monsanto Laid Bare After Two Weeks

The group claimed it spent two months attacking the Monsanto network to access hundreds of pages of documents that it contends reveal “Monsanto’s corrupt, unethical, and downright evil business practices”.

In the process, the group accessed three mail servers and released sensitive personal information, including full names, addresses, phone numbers “and exactly where they work”, Anonymous wrote on text-sharing site Pastebin. The list also included contact details for media outlets as well as other agricultural companies.

The group also promised to post a wiki providing all the information, including articles and emails,  “in a more centralised and stable environment”, similar to what it did with HB Gary Federal emails on the AnonLeaks site earlier this year.

“Monsanto experienced a disruption to our Websites which appeared to be organised by a cyber-group,” said Tom Escher, the company’s director of corporate affairs, in an email to msnbc.com.

These types of activist attacks are not limited to the private sector as government agency Websites like the Central Intelligence Agency, private-public partnership sites affiliated with the Federal Bureau of Investigation, and consulting firm Booz Allen Hamilton have been hit recently, Senator John McCain wrote in a letter to the Senate leadership. He called these kinds of attacks threats to national security.

McCain wrote, “to renew [his] request that the Senate create a temporary Select Committee on Cyber-Security and Electronic Intelligence Leaks”. The committee could also develop a comprehensive cyber-security legislation based on disparate proposals currently in the Senate, he said.

“I truly believe the only way to ensure the protection of sensitive and valuable information from tampering or dissemination by unauthorised persons is a Select Committee,” McCain said.

Call For A Committee

In a letter to Senate majority leader Harry Reid and minority leader Mitch McConnell, McCain requested a committee be appointed to specifically look into the various cyber-attacks and data breaches on federal agencies and contractors.

The temporary Senate committee was necessary to “adequately address” the growing threat from hacking collectives, such as Anonymous and other malicious perpetrators, as well as the risk of losing more classified documents to whistleblowers, such as Wikileaks, McCain wrote.

It will not be an easy task to untangle the snarl of cyber-security-related legislation and proposals currently swirling around the US government. At least three committees have drafted proposed bills, and at least seven committees claim some jurisdiction over cyber-security, McCain said.

The White House has also put forward a legislative proposal outlining the Obama administration’s cyber-security goals in May. The Department of Energy released its own set of requirements and responsibilities for a cyber-security programme the same month.

The Department of Commerce is still taking comments on its June proposal to establish voluntary codes of behaviour for the private sector to improve cyber-security. To top it off, the Department of Defense released its strategy on how it will operate in cyber-space.

“With so many agencies and the White House moving forward with cyber-security proposals, we must provide congressional leadership on this pressing issue of national security,” McCain wrote in the letter.