Key Security Take Aways From We Are Anonymous

June 25, 2012

We published a review of Parmy's book here. One of our researchers, Nitzan, also read the book and summarized his key takeaways:

Some interesting security-related takeaways:

At least in the first successful Anonymous DDoS attacks, it is estimated that 80-90% of the malicious traffic was generated using 1-2 big botnets, and just 10-20% of the traffic was generated by Anonymous “volunteers” using LOIC. The non-technical “volunteers” were not aware that their participation exposed their IPs, and Anonymous organizers often deliberately misled them about this.
Attacks were initiated for various (and sometimes conflicting) reasons, including hacktivism (e.g. the struggle for Democracy in Middle-Eastern countries); AntiSec (anti WhiteHat security firms); Fun (i.e. Lulz); Opportunities (found exploits); Ego wars (between hacker groups, and between hackers and security/media people); etc.
Attacks by LulzSec, as opposed to Anonymous, were more coordinated and more harmful, as a result of the group’s structure: a small core of skilled and closely-cooperating leaders. Each participant contributed according to his skills set: vulnerability scanning; vulnerability exploitation; analysis of extracted emails & DB contents; PR; communication with supporters and hacking community.
The most successful attacks were those in which a vulnerability was exploited undetected for a long period. The hackers could get deeper and deeper into the organizations data, get more and more information, and publicly announce the attacks only when they already extracted a massive data set and had found information that would draw a lot of attention from hackers & media.
Interactions with other hackers were a major factor to the success (and eventual failure) of LulzSec. Often, exploits were sourced-out for verification; data was sourced-out for analysis; money contributions could be received and used for purchasing resources. Sometimes the entire attack was carried out by an outsider hacker, who just contributed its results for publication via LulzSec.

Posted by Imperva Blogger at 12:00:00 AM | Rob Rachwald

Comments

Verify your Comment

Previewing your Comment

Posted by: |

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:

Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.