March 1, 2012
Failed Anonymous Attack On Vatican Analyzed By Security Firm
Imperva, a data-protection firm, claims it was able to use Anonymous' failed Vatican attack to unveil the structure behind the hacktivist group's methods.
Researchers at the firm had advance warning of the attack, so they were able to watch it closely as the group began to attempt to take down their target."The thing that distinguishes hacktivism from financially motivated attackers is that they're loud and they preannounce," Amichai Shulman, CTO of Imperva, said in a meeting at a recent RSA conference.
Imperva said during the first phase of the attack, the hackers conducted reconnaissance of the Vatican website.
The group was looking for any Web application vulnerabilities they could exploit to access servers and steal data. Software helped them with this phase, scouring servers for signs of vulnerabilities.
Shulman said the first part of the operation is "carried out by a small group of professionals" because of their understanding of the intricacies of Web applications and related vulnerabilities.
Imperva said that the tools were unable to show any weaknesses in the Vatican website that Anonymous could exploit.
Once they found no vulnerabilities, Anonymous began a recruitment campaign through Facebook, Twitter, and YouTube to bring down the World Youth Day 2011 website by using the Low Orbit Ion Cannon (LOIC) DDoS tool.
Most of the time during the 25-day attack was spent conducting reconnaissance, or recruiting DDoS participants.
"Days 19 to 25 were the actual attack phase, split between application attacks and then DDoS attacks," Rob Rachwald, director of security strategy at Imperva, said.
Schulman said one of the most interesting findings from Imperva's analysis of the attack was finding how Anonymous conducts reconnaissance.
He said that this could mean that many Anonymous DDoS attacks are only launched after-and in cases when the group fails to find vulnerabilities on the website.
"Our research ... shows that Anonymous will try to steal data first and, if that fails, attempt a DDoS attack," he said at the conference.
The report also shows that because the reconnaissance phase is conducted by this small group of sophisticated hackers, the core group of Anonymous is a relatively small number of people.
"Anonymous is a handful of geniuses surrounded by a legion of idiots," Cole Stryker, an expert who's researched Anonymous, told the New York Times. "You have four or five guys who really know what they're doing and are able to pull off some of the more serious hacks, and then thousands of people spreading the word, or turning their computers over to participate in a DDoS attack."
On the Net: