By Dr. Guy Bunker.
This week the hactivist group Anonymous were threatening to carry out ‘Operation PORNSTORM’. Participants were being encouraged to flood several hundred Government and County Council email addresses with their “favourite porn films or images”. Anonymous stated their operation was in response to proposed Government plans to introduce legislation which would compel service providers to block pornographic content by default and to filter the results returned from certain search terms.
The intent of their operation was to cause a denial of service at the email servers by overwhelming them with a large volume of traffic such that they are unable to send or receive legitimate emails. To date, there has been little impact from this type of attack. However we did receive enquiries from Government organisations asking if any additional measures should be put in place that would help deal with the attack should it occur. It is unfortunate that it takes situations such as this, in an attempt to halt organisations daily activities to highlight the absolute necessity of having a comprehensive security plan in place. From our perspective, our SECURE Email Gateways are equipped with a number of different features to help mitigate the impact of such an attack these include:
- The SECURE Email Gateway provides a number of connection based checks, primarily to block spam, but also beneficial in attempting to block non-valid senders. Including TRUSTmanager reputation based IP block list, sender domain validation and greylisting
- A policy can also be set-up using the ImageLogic functionality which can be used to detect unacceptable images and prevent them from being received.
- An additional connection based barrier can be configured to define an acceptable message size to be accepted. This will prevent the email from being accepted if it exceeds the configured threshold, for example preventing videos from being received.
- Further measures can be taken to quarantine all messages containing images, or images over a certain size, to allow for the content to be double checked. The Personal Message Manager (PMM) feature can be used significantly reducing the potential administration overhead.
Finally it is a good practice to ensure that the systems themselves are well specified, running the latest product release with sufficient disk space and processing headroom to allow for an increase in mail volume should the attack occur.
So while we have yet to see any impact from the PORNSTORM threat, having the warning should be enough for organizations to immediately revisit their security policies and ensure that should an attack occur they will have minimised the effect it has.