February 26, 2012

 Cezanne
Paul Cezanne:  Still Life with Skull (Nature morte au crane)

You have seen our report featured in the New York Times article which details the people, process and technology used in a failed Anonymous attack.  This is the first time we’re aware of someone chronicling, from cradle to grave, a full Anonymous attack.  The report can be downloaded here (registration not required).

This is a fairly technical overview of an attack.  In this case, the Anonymous approach is to steal data first and, if that fails, bring down a target website with a great flood of traffic.  We detail the tools—such as Acunetix, Nikto and Havij—that were used by fairly savvy hackers. 

We also detail the attack sequence which is summarized in the graphic below which we posted here.

Anonymous hacking operation fell into three distinctive phases:

  1. Recruiting and communications phase (Day 1-18)—In this phase, Anonymous leverages social media to recruit members and promotes messages and campaigns.  In particular, they use Twitter, Facebook, and YouTube to suggest and justify an attack.  If a sufficient number of volunteers are persuaded to participate, the skilled hackers begin initial reconnaissance.
  2. Reconnaissance and application attack phase (Day 19-22)—During this phase, the skilled hackers carefully hide their true identity and place of operation.  They probe applications in an effort to identify weaknesses that could lead to a data breach.
  3. DDoS phase (Day 24-25)—If data breach attempts fail, the skilled hackers elicit help from the laypeople.  At this point, a large volume of individuals download attack software such as was done in Operation Payback or go to custom-built websites that perform DDoS attacks.

Disclaimer:  We are not certified sociologists, historians or psychologists.  For an interesting history and sociological analysis of Anonymous, read Gabriella Coleman’s essay here.

Share:
Share on LinkedIn

Posted by Imperva Blogger at 05:46:45 PM


Tags:

Comments

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.