We published a review of Parmy's book here. One of our researchers, Nitzan, also read the book and summarized his key takeaways:
Some interesting security-related takeaways:
- At least in the first successful Anonymous DDoS attacks, it is estimated that 80-90% of the malicious traffic was generated using 1-2 big botnets, and just 10-20% of the traffic was generated by Anonymous “volunteers” using LOIC. The non-technical “volunteers” were not aware that their participation exposed their IPs, and Anonymous organizers often deliberately misled them about this.
- Attacks were initiated for various (and sometimes conflicting) reasons, including hacktivism (e.g. the struggle for Democracy in Middle-Eastern countries); AntiSec (anti WhiteHat security firms); Fun (i.e. Lulz); Opportunities (found exploits); Ego wars (between hacker groups, and between hackers and security/media people); etc.
- Attacks by LulzSec, as opposed to Anonymous, were more coordinated and more harmful, as a result of the group’s structure: a small core of skilled and closely-cooperating leaders. Each participant contributed according to his skills set: vulnerability scanning; vulnerability exploitation; analysis of extracted emails & DB contents; PR; communication with supporters and hacking community.
- The most successful attacks were those in which a vulnerability was exploited undetected for a long period. The hackers could get deeper and deeper into the organizations data, get more and more information, and publicly announce the attacks only when they already extracted a massive data set and had found information that would draw a lot of attention from hackers & media.
- Interactions with other hackers were a major factor to the success (and eventual failure) of LulzSec. Often, exploits were sourced-out for verification; data was sourced-out for analysis; money contributions could be received and used for purchasing resources. Sometimes the entire attack was carried out by an outsider hacker, who just contributed its results for publication via LulzSec.