[ISN] Dissecting a Hacktivist Attack

http://www.bankinfosecurity.com/interviews.php?interviewID=1446

By Eric Chabrow
Bank Info Security
March 5, 2012

Imperva would neither confirm nor deny it helped defend the Vatican 
website from an hacktivist assault last year, but the IT security 
provider's director of security, Rob Rachwald, explains how such an 
attack was constructed and defended.

Rachwald, in an interview with Information Security Media Group, 
discusses a 25-day assault by the hacktivist collective Anonymous in 
2011, revealing the processes hackers used to pick victims, recruit 
members and conduct reconnaissance. Published reports identify the 
Vatican as the target of an failed digital assault Imperva details in 
its study. "We [neither] confirm nor deny that this was the Vatican or 
any other company for that matter," Rachwald says.

When compared with other, more insidious attacks such as those from 
nation states or criminal cybergangs, the Anonymous hacks are more akin 
to a thorn in the neck, causing significantly less damage to the 
victimized enterprise. But, Rachwald says, "thorns can be painful if 
you're not ready."

The hack Imperva dissected involved a few sophisticated hackers, with a 
team of less skilled followers, some recruited through social media 
sites. And, that lack of sophistication enabled the Anonymous attack to 
be repelled. The attack Imperva describes and the one on the Vatican 
website were not successful. "In general, this is not terribly difficult 
to stop," Rachwald says in the interview that took place at the RSA 
Conference 2012 security conclave. "It's just a matter of: Are you 
prepared?"

In the interview, Rachwald also discusses the:

[...]


______________________________________________________________________________
Certified Ethical Hacker and CISSP training with Expanding Security gives
the best training and support.  Get a free live class invite weekly.  Best
program, best price. http://www.ExpandingSecurity.com/PainPill