[ISN] Anonymous Leaves Clues In Failed Vatican Attack

From: InfoSec News <alerts_at_private>
Date: Thu, 1 Mar 2012 03:35:19 -0600 (CST)
http://www.informationweek.com/news/security/attacks/232601726

By Mathew J. Schwartz
InformationWeek
February 29, 2012

How do hacktivists launch attacks? A new report details an online 
assault launched in August by the hacktivist collective Anonymous that 
lasted for 25 days, and which was designed to disrupt a specific event.

The research, released Sunday by data security vendor Imperva on the eve 
of this week's RSA conference in San Francisco, offers a rare glimpse 
into the specific strategies, tools, and tactics used by Anonymous in 
its attempts to infiltrate or take down websites.

While officials at Imperva declined to identify the attacked 
organization, according to news reports, the attack was launched against 
a Vatican website. The Vatican likewise declined to confirm the attack, 
but according to news reports, a church official accidentally sent an 
email--intended for a colleague--to a journalist that read, "I do not 
think it is convenient to respond to journalists on real or potential 
attacks," and that "the more we are silent in this area the better."

The Anonymous attack was launched under the banner of Operation 
Pharisee, which began with attacks in South America and Mexico. This 
particular attack, however, was designed to disrupt a planned visit by 
Pope Benedict XVI to Madrid as part of World Youth Day 2011. But the 
attempt to scuttle the Vatican's related website failed, despite the 
launch of a distributed-denial-of-service (DDoS) attack that saw traffic 
volumes spike to 34 times their normal level.

Researchers at Imperva had advance warning of the attack, meaning they 
were able to watch it closely as it unfolded. "The thing that 
distinguishes hacktivism from financially motivated attackers is that 
they're loud and they preannounce," said Amichai Shulman, CTO of 
Imperva, in a meeting at the RSA conference.

[...]


______________________________________________________________________________
CISSP and CEH training with Expanding Security is the fastest, easiest way
to grock the relevant data you need now.   A free class invite is in every
PainPill.  Sign up for the free weekly PainPill.  It's that easy.
http://www.expandingsecurity.com/PainPill
Received on Thu Mar 01 2012 - 01:35:19 PST

This archive was generated by hypermail 2.2.0 : Thu Mar 01 2012 - 01:32:40 PST