Anonymous – Anatomy of anonymous attacks

Posted: September 6, 2012 in Articles
Tags: , ,

AnonymousAmerican company Imperva, which develops solutions for data protection, published its 17-page report on the study of a certain of hackers group Anonymous. We can not say that the report reveals the terrible conspiracy attacks, but, nevertheless, as a systematic picture of it is very convenient.

So, according to the report, Anonymous – this is not a group of hackers capable of in a few hours or days to hack any server and steal any information. Although there were precedents for the successful attack on such a reputable organization as StratFor and others, the success of an attack due more to carelessness resource managers, not any super engineering attacks. So the researchers believe that while Anonymous and have some specific techniques, however, the group prefers well-known techniques – first of all, this SQL-injection and DDOS-attack, and, Anonymous, usually first try to steal data, and then if it is not crowned with success, organize DDOS victim to the resource.

Anonymous Group

Group itself, researchers are divided into two unequal parts: a skilled hacker (Skilled hackers) and volunteers (Laypeople). The first is a group of experts, the number of which does not exceed 10-15 people with a very high level of knowledge in various fields of IT and the real experience of breaking complex systems. Volunteers – much larger group, the number of participants is estimated from a few dozen to a few hundred people, skills and knowledge are most likely to average or below average, and are guided by the instructions of the first group – skilled hackers.

Anonymous typical attack on the victim resource researchers are divided into three parts:

Anonymous attack(Days 1-18) were enrolled, and their coordination. At this stage, taking advantage of social networking, the group leaders are going to future team and organizes it to coordination.

(Days 19-22) Exploration and actually attack. During this period, a group of skilled hackers, carefully concealing the traces of their activity, looking for weaknesses in the resource were subjected to cracking, using tools like Acunetix and (or) Havij. If the gaps in security found a group of attackers exploiting and steals the requested data, outputting attacked resource fails, if it considers it necessary (so, StratFor not worked for about two weeks after the theft of correspondence).

(Days 24-25) DDOS-attack. At this stage, which should normally be for that data theft failed, Anonymous volunteers with tools such as the Low Orbit Ion Cannon (LOIC) is carried out, in fact, DDOS-attack, using, in particular, and mobile browsers.

What instruments uses a qualified part of the intruders?

  • Havij Scanner – a tool to automate the SQL-injection, is credited with the authorship of Iranian hackers.
  • Acunetix scanner – Vulnerability Scanner (SQL-injection, XSS, etc.) in web-applications.
  • Nikto Web Scanner – Open Source-tool for finding vulnerabilities web-servers.

Curiously, after analyzing the attacks Anonymous company-author of the report describes ways to protect against data theft, DDOS, and the important role played by tools Imperva, which, however, to be expected.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s