In Forbes, an article recently appeared, Anonymous is winning its war on Internet infrastructure. By contrast, our report on Anonymous put forward something a little more hopeful, highlighting a breach attempt that wasn’t successful using a web application firewall.

Down below in this blog you’ll find a partial list of Anonymous victims--some successful, some not.  It’s a long list. How many of these organizations have anti-virus, IPS and so-called Next Generations Firewalls (NGFW)?   Why are the attacks successful when these technologies claim to prevent them?  It is probably a safe bet to assume that many of the companies listed below had IPS, NGFW and anti-virus.  So why did these defenses fail?

First, anti-virus is completely useless.  As mentioned in our report, Anonymous mimics for-profit methods of hacking.  But there are some key exceptions, notably there was no reliance on malware as well as no phishing or spear phishing.  This means anti-virus is totally irrelevant.

Second, what about IPS and NGFW vendors who claim to protect applications?  Fundamentally, network-based technologies can’t be effective when it comes to protecting an application.  Don’t confuse “application aware” with actual application protection.  Application aware simply means "I know we are using Application X."  But it knows nothing about how the application works to put in place effective defense.  Here’s one (important) illustration:  how do you protect web applications that contain thousands of URLs each with dozens or hundreds of input parameters?  IPS may require an equal number of mitigation rules or policies when integrating with scanners, making their management very cumbersome if not impossible. Web applications firewalls (like ours) offer a simpler built-in protection of the entire application through the combined use of positive and negative security models. Through learning of application usage, WAFs know what characters are allowed and supported in every parameter and URL across the application. The impact:  A very high number of false negatives. 

Recently, some IPS/NGFW vendors claim that by integrating with vulnerability scanners (like Nikto), you’re left sitting pretty.  Not so.  Why?  By integrating the two technologies has several issues:

• You only protect vulnerabilities you know about which leaves out anything the scanner did not know about.
• You are not aware of attacks accumulating in parts of the application that were not found to be vulnerable.
• You are not protected against attacks published after the scan.
• You are not protecting resources introduced (or changed) after the scan.

Once again, you’re left holding a big basket of false negatives.

Partial List of Anonymous Targets

Amazon

AU Department of Communications

AU House of Parliament

Austria Federal Chancellor

Austria Ministry of Economy

Austria Ministry of Internal Affairs

Austria Ministry of Justice

Banco de Brazil

Bay Area Rapid Transit

BMI

Caixa

Catholic Diocese of Orlando

Church of Scientology

CIA

Citibank

Egyptian Government

Egyptian National Democratic Party

FBI

Fine Gael

French Presidential Site

Greek Department of Justice

HADOPI

HBGary Federal

Irish Department of Finance

Irish Department of Justice

Itau

Malaysian Government

Mastercard

Mexican Chamber of Deputies

Mexican Interior Ministry

Mexican Senate

MPAA

Muslim Brotherhood

New Zealand Parliament

Office of the AU Prime Minister

Orlando Chamber of Commerce

PayPal

Polish Government

Polish Internal Security Agency

Polish Ministry of Culture

Polish Ministry of Foreign Affairs

Polish Police

Polish President

Polish Prime Minister

RIAA

Rotary Club or Orlando

Slovenia NLB

SOHH

Sony

Spanish Police

Swiss bank PostFinance

Syrian Central Bank

Syrian Defense Ministry

Syrian Ministry of Presidential Affairs

Tunisia Government

UMG

US Copyright Office

US Department of Justice

US Senate

Various Pornography sites

Visa

Warner Brothers

Zimbabwe Government