Security firm Imperva has released a detailed report into the anatomy of an Anonymous attack, revealing exactly what happens when the hacktivism group decides to take aim at a particular target.
The victim in this case has not been revealed by the company, but The New York Times says it was the Vatican. The August 2011 attack did not receive a huge amount of attention at the time but was thought to have been timed to coincide with Pope Benedict XVI’s visit to Madrid. The New York Times suggests the Vatican was targeted over reports of sexual abuse of children by priests.
Imperva started to follow alleged Anonymous members as they used Twitter, Facebook and YouTube to drum up support for the attack. This represented the first phase of the attack: recruitment and communication.
According to Imperva the attack then moved to its second phase: reconnaissance and application layer attacks. This is the only time during the process when a sophisticated line of attack was used. Highly-skilled people were used to find vulnerabilities in the targets defences and to launch SQL injection to attempt to steal data from the targets.
In this particular case, that line failed, so Anonymous fell back to its most famous form of attack – a distributed denial of service (DDoS) attack, where ‘laypeople’ (meaning those without really sophisticated hacking techniques) were used to flood the site with traffic in an attempt to bring it down.
The entire process, from the first recruitment stages to when the attacks finished, lasted 25 days.
So what do the attacks tell us? There is not a huge amount of new information there; Anonymous’ recruitment methods and attack vectors have been known (or at least guessed at by security experts) for a while, but it is still fascinating to see how an attack unfolds.
The below infographic shows how it all develops:
The full report can be downloaded here.
