Details of Failed Anonymous Attack on the Vatican Bring Security Issues to Light
Back in August 2011, Anonymous announced an op known as Operation Pharisee, which was aimed squarely at bringing down several of the Vatican's websites and disrupting a planned papal visit to Spain. Though much of the hacktivist group's tactics are shrouded in mystery, InformationWeek has unveiled a new report by data security vendor Imperva that brings new insight into the planning that goes into these hacks, how they are executed, and most importantly, what we can learn from patterns in Anonymous' behavior.
In case you aren't familiar, the group's most infamous hack is a brute force DDoS (distributed denial-of-service) attack that floods websites with traffic so that servers crumble under the pressure. They recruit both volunteer and unknowing participants to perpetrate these attacks, and they often use malware or malicious links to accomplish their ends. Last August, these tactics didn't exactly pay off.
Like most "ops," Pharisee began with a 25-day plan . During the first phase, Anonymous was in reconnaissance mode and looked for vulnerabilities they could exploit within the web application data that could potentially be used to access servers. Using freely available tools, including several international scanners, cross-site scripting bugs, and outdated server software, Anonymous was able to find several areas that were ripe for a breach, but nothing that could lead to a full-on attack.
It was at this point that Anonymous turned to its loyal Internet fanbase. Using social media sites like Facebook and Twitter, Anonymous actively recruited members to click on links that would initialize the Low Orbit Ion Cannon (LOIC) DDoS tool. Once selected, this link would use the host computer's resources to hammer the site with visits. However, the recruitment process didn't go as well as Anonymous thought it would, and the lack of interest eventually proved to be the nail in the proverbial coffin for this particular "op."
Knowing when and how Anonymous plans their attacks can help us understand how to prevent them and why they go about attacking certain sites in the first place. The recent attack on the FBI website was a DDoS attack, which baited unsuspecting Internet surfers with a link that then used the surfer's computer's resources (without his knowledge) to attack the website. However, we know from this previous example that DDoS attacks are only used when security vulnerabilities are not found with the original site. Perhaps the phishing-style links were employed because, as was the case with the Vatican operation, the attack on the FBI proved to be fairly unpopular with Anonymous members and fans.
Though Anonymous is the most popular "hacktivist" group, several other imitators have sprung up in recent months; imitation groups are forming all the time and may go after midsize groups at the local level. Knowing how these groups operate is an important step in fighting the war on hacking and will go a long way in helping IT professionals prepare for any potential battles they may face from this growing threat.
This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet.