How Anonymous attacked the VaticanImperva released a report that reveals details on an attack by hacktivist group "Anonymous" against a high-profile unnamed target - revealed as the Vatican and the church's World Youth Day site by the NYT - during a 25-day period in 2011. “Our research shows that Anonymous generally mimics the approach used by for-profit hackers, leveraging widely known methods – SQL injection and DDoS – to carry out their attack. We found that Anonymous, although it has developed some custom attack tools, generally uses inexpensive, off-the-shelf tools as opposed to developing complex attacks,” said Amichai Shulman, Co-Founder and CTO of Imperva. “Our research further shows that Anonymous will try to steal data first and, if that fails, attempt a DDoS attack.” Highlights from the study of the Anonymous attack include:
- The attack was made up of three distinct phases: recruitment and communication, reconnaissance and application layer attacks and, finally, a distributed denial of service (DDoS) attack.
- Social media channels, especially Twitter, Facebook and YouTube, were the predominant means for suggesting a target and justifying the attack, as well as recruiting volunteers to participate in the hacking campaign, during the first recruitment and communication phase.
- Sophisticated hackers made up only a small portion of the volunteers and were primarily active during the reconnaissance and application attack phase, tasked with probing for vulnerabilities and waging application attacks like SQL injection to attempt to steal data from the targets.
- Laypeople were leveraged only in the third phase - to help carry out a DDoS attack - since the attempt to steal data through application attacks failed.
- Anonymous has developed some custom attack tools – specifically the low orbit ion cannon (LOIC) and a tool to enable the launch of a DDoS attack from mobile browsers. However, the group also relies on widely available tools for finding and exploiting web application vulnerabilities during the reconnaissance and application attack phase.
- Unlike for profit hackers, Anonymous rarely relies on common hacking techniques such as botnets, malware, phishing or spear phishing.