Security outfit Imperva has published a report that purportedly reveals
a number of strategic details behind an Anonymous attack against the Vatican during a 25-day period in 2011.
"Our research shows that Anonymous generally mimics the approach used by for-profit hackers, leveraging widely known methods - SQL injection and DDoS - to carry out their attack," explained Imperva CTO Amichai Shulman.
"We found that Anonymous, although it has developed some custom attack tools, generally uses inexpensive, off-the-shelf tools as opposed to developing complex attacks. Our research further shows that Anonymous will try to [extract] data first and, if that fails, attempt a DDoS attack."
According to Shulman, the Vatican campaign comprised three distinct phases: recruitment and communication, reconnaissance and application layer attacks and, finally, a distributed denial of service (DDoS) attack.
Unsurprisingly, social media channels - such as Twitter, Facebook and YouTube - were the predominant means for suggesting a target and justifying the attack, as well as recruiting volunteers to participate in the hacking campaign.
Interestingly enough, sophisticated hackers made up only a small portion of the volunteers and were primarily active during the reconnaissance and application attack phase, tasked with probing for vulnerabilities and waging application attacks like SQL injection to attempt to lift data from targets.
Masses of Anonymous supporters were called in during the third phase to help execute a coordinated DDoS attack, in the wake of attempt to extract data via application attacks - which allegedly failed.
"Anonymous can
"Our research shows that Anonymous generally mimics the approach used by for-profit hackers, leveraging widely known methods - SQL injection and DDoS - to carry out their attack," explained Imperva CTO Amichai Shulman.
"We found that Anonymous, although it has developed some custom attack tools, generally uses inexpensive, off-the-shelf tools as opposed to developing complex attacks. Our research further shows that Anonymous will try to [extract] data first and, if that fails, attempt a DDoS attack."
According to Shulman, the Vatican campaign comprised three distinct phases: recruitment and communication, reconnaissance and application layer attacks and, finally, a distributed denial of service (DDoS) attack.
Unsurprisingly, social media channels - such as Twitter, Facebook and YouTube - were the predominant means for suggesting a target and justifying the attack, as well as recruiting volunteers to participate in the hacking campaign.
Interestingly enough, sophisticated hackers made up only a small portion of the volunteers and were primarily active during the reconnaissance and application attack phase, tasked with probing for vulnerabilities and waging application attacks like SQL injection to attempt to lift data from targets.
Masses of Anonymous supporters were called in during the third phase to help execute a coordinated DDoS attack, in the wake of attempt to extract data via application attacks - which allegedly failed.
"Anonymous can