You have seen our report featured in the New York Times article which details the people, process and technology used in a failed Anonymous attack. This is the first time we’re aware of someone chronicling, from cradle to grave, a full Anonymous attack. The report can be downloaded here (registration not required).
This is a fairly technical overview of an attack. In this case, the Anonymous approach is to steal data first and, if that fails, bring down a target website with a great flood of traffic. We detail the tools—such as Acunetix, Nikto and Havij—that were used by fairly savvy hackers.
We also detail the attack sequence which is summarized in the graphic below which we posted here.
Anonymous hacking operation fell into three distinctive phases:
- Recruiting and communications phase (Day 1-18)—In this phase, Anonymous leverages social media to recruit members and promotes messages and campaigns. In particular, they use Twitter, Facebook, and YouTube to suggest and justify an attack. If a sufficient number of volunteers are persuaded to participate, the skilled hackers begin initial reconnaissance.
- Reconnaissance and application attack phase (Day 19-22)—During this phase, the skilled hackers carefully hide their true identity and place of operation. They probe applications in an effort to identify weaknesses that could lead to a data breach.
- DDoS phase (Day 24-25)—If data breach attempts fail, the skilled hackers elicit help from the laypeople. At this point, a large volume of individuals download attack software such as was done in Operation Payback or go to custom-built websites that perform DDoS attacks.
Disclaimer: We are not certified sociologists, historians or psychologists. For an interesting history and sociological analysis of Anonymous, read Gabriella Coleman’s essay here.