Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

'Anatomy of an Anonymous Attack' laid bare by Imperva

An attempted hack of the Vatican website has shed light on the hacktivist group's methods

Article comments

Security firm Imperva has published a detailed analysis of an attack by Anonymous on one of its customers, providing new insight into how the hacktivist group operates, and highlighting the need for better application layer security.

According to The New York Times, the target in question was the Vatican, although Imperva has declined to confirm the identity of the organisation.

The attack, which did not adversely affect the site or compromise any user data, consisted of three distinct phases:

  • The first, described as “recruitment and communication” involved drumming up support using social media sites such as Facebook, Twitter and YouTube, to suggest and justify an attack.
  • The second, dubbed “reconnaissance and application layer attacks,” involved a small number of professional hackers, using common vulnerability assessment tools to probe for security holes and launch application attacks, like SQL injection, to attempt to steal data from the targets.
  • When these data breach attempts failed, the skilled hackers elicited help from so-called “laypeople” to carry out a distributed denial of service (DDoS) attack.

According to Amichai Shulman, co-founder and CTO of Imperva, the attack by Anonymous mimics the approach used by for-profit hackers. The group of 10 to 15 professional hackers used off-the-shelf tools such as Havij, Acunetix and Nikto to check for vulnerabilities and attempt SQL injection attacks.

Shulman said it was clear that these were professional hackers, as they had knowledge of the hacking tools and also took care to disguise their identities using anonymity services.

When the hackers failed to find any vulnerabilities, the DDoS attack was carried out using a custom-built tool that allows users to attack sites with mobile browsers. Unlike more traditional network layer DDoS attacks, this targeted the application layer, with the aim of eating up server resources.

Anonymous created a web page containing a Javascript that iterates endlessly, as long as the page is open in the browser. This type of attack is commonly referred to as Mobile LOIC (low orbit ion cannon). All it took for a layperson to participate in the attack was for them to browse to the specific web page and leave it open.

Shulman said that if an organisation’s threat landscape includes Anonymous, then it should install application layer security as well as DDoS protection, because that had been the hackers' first choice. However, the real motivation for implementing this kind of security should be financial protection.

“If you look at what Anonymous has done in the past couple of years, it has been more of a nuisance than anything else,” he said. “However, Anonymous are using the same tools that financially-motivated criminal hackers are using, and this is what organisations should be worried about.”

Imperva constantly monitors some 40 customer applications, and Shulman claims that an application attack is launched once every two or three minutes. “This is a far greater threat than Anonymous hacking a website to make a political point,” he said.

Shulman added that, while most of Anonymous's attacks have targeted fairly small organisations using LOIC or Mobile LOIC attacks, occasionally the group launches a massive attack against an internet giant like American Express or the FBI.

“In Operation Payback they were using botnets,” said Shulman. “This kind of operation cannot be volunteer-based. It requires a very different tools. It requires horsepower, funding and planning. So who is behind it? And why are they taking the trouble to do it? That is still a mystery.”

He said that financial hackers are also increasingly launching SQL injection attacks using botnets, which is a much larger scale of problem, because it allows attackers to scale up much faster.

Imperva compiled the “Anatomy of an Anonymous Attack” report based on data from its Application Defense Center (ADC). A copy of the report can be downloaded here.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *