Ethical Hack
Páginas: 23 (5524 palabras)
Publicado: 20 de junio de 2012
White Paper
Imperva’s Hacker Intelligence Summary Report
The Anatomy of an Anonymous Attack
The Anatomy of an Anonymous Attack
Executive Summary
During 2011, Imperva witnessed an assault by the hacktivist group ‘Anonymous’ that lasted 25 days. Our observations give insightful information on Anonymous, including a detailed analysis of hacking methods, as well as an examination of howsocial media provides a communications platform for recruitment and attack coordination. Hacktivism has grown dramatically in the past year and has become a priority for security organizations worldwide. Understanding Anonymous’ attack methods will help organizations prepare if they are ever a target. Our observation of an Anonymous campaign reveals: › The process used by Anonymous to pick victimsas well as recruit and use needed hacking talent. › How Anonymous leverages social networks to recruit members and promotes hack campaigns. › The specific cyber reconnaissance and attack methods used by Anonymous’ hackers. We detail and sequence the steps Anonymous hackers deploy that cause data breaches and bring down websites. Finally, we recommend key mitigation steps that organizations need tohelp protect against attacks.
Methodology
This report is based on an Anonymous attack observed by the Imperva Application Defense Center. The target organization of the attack had a Web application firewall deployed which recorded and repelled the attacks. By analyzing traffic logs, we analyzed the attacks on these applications and categorized them according to the attack method, as well asidentified patterns and trends within these attacks. We also analyzed Anonymous social media communications in the days leading up to and after the attack. We believe this is the first end-to-end record of a full Anonymous attack. The attack took place in 2011. However, to protect against another Anonymous attack of this organization, we want the organization that was attacked – sorry, pununavoidable – to remain anonymous.
The Plot
In 2011, Anonymous made headlines worldwide as it grew globally. Anonymous attacked organizations in numerous countries worldwide. Attacks fell into two categories: › Reactive: In this case, some incident inspired the members of Anonymous to attack a target. For example, when MasterCard, Visa and others stopped allowing payments to Wikileaks, Anonymous beganOperation Payback intended to bring down websites with excessive traffic. When BART police blocked the use of cell phones in certain stations, Anonymous hacked into BART computers, exposing the data of dozens of employees. › Proactive: In this case, Anonymous announces an intention to attack a target. Significantly less common, there have only been a few incidents. For example, threats againstFacebook and Mexican drug lords were made, but attacks either fizzled or never even materialized. It is difficult to estimate how many proactive attacks have occurred since, like terrorist attacks; only successful campaigns become public. The attack Imperva witnessed during 2011 was the proactive variety. In this case, Anonymous hoped to disrupt an event that would take place on a specific date. Awebsite designed to support the event enabled e-commerce and information dissemination would become Anonymous’ target. Though we cannot identify the target, it is a large, well-known organization. The attack occurred over a period of 25 days in three phases. The first phase, recruiting and communications, a small group of instigators elicited support and recruit for an attack, as members ofAnonymous created a website rationalizing an attack on their target. Twitter and Facebook promoted traffic to this site. Additionally, YouTube videos were produced to help rationalize attacks. Once a critical mass was achieved, the second phase, reconnaissance and application attack, could begin. During this phase, around 10 to 15 skilled hackers probed the website’s applications in an effort to...
Imperva’s Hacker Intelligence Summary Report
The Anatomy of an Anonymous Attack
The Anatomy of an Anonymous Attack
Executive Summary
During 2011, Imperva witnessed an assault by the hacktivist group ‘Anonymous’ that lasted 25 days. Our observations give insightful information on Anonymous, including a detailed analysis of hacking methods, as well as an examination of howsocial media provides a communications platform for recruitment and attack coordination. Hacktivism has grown dramatically in the past year and has become a priority for security organizations worldwide. Understanding Anonymous’ attack methods will help organizations prepare if they are ever a target. Our observation of an Anonymous campaign reveals: › The process used by Anonymous to pick victimsas well as recruit and use needed hacking talent. › How Anonymous leverages social networks to recruit members and promotes hack campaigns. › The specific cyber reconnaissance and attack methods used by Anonymous’ hackers. We detail and sequence the steps Anonymous hackers deploy that cause data breaches and bring down websites. Finally, we recommend key mitigation steps that organizations need tohelp protect against attacks.
Methodology
This report is based on an Anonymous attack observed by the Imperva Application Defense Center. The target organization of the attack had a Web application firewall deployed which recorded and repelled the attacks. By analyzing traffic logs, we analyzed the attacks on these applications and categorized them according to the attack method, as well asidentified patterns and trends within these attacks. We also analyzed Anonymous social media communications in the days leading up to and after the attack. We believe this is the first end-to-end record of a full Anonymous attack. The attack took place in 2011. However, to protect against another Anonymous attack of this organization, we want the organization that was attacked – sorry, pununavoidable – to remain anonymous.
The Plot
In 2011, Anonymous made headlines worldwide as it grew globally. Anonymous attacked organizations in numerous countries worldwide. Attacks fell into two categories: › Reactive: In this case, some incident inspired the members of Anonymous to attack a target. For example, when MasterCard, Visa and others stopped allowing payments to Wikileaks, Anonymous beganOperation Payback intended to bring down websites with excessive traffic. When BART police blocked the use of cell phones in certain stations, Anonymous hacked into BART computers, exposing the data of dozens of employees. › Proactive: In this case, Anonymous announces an intention to attack a target. Significantly less common, there have only been a few incidents. For example, threats againstFacebook and Mexican drug lords were made, but attacks either fizzled or never even materialized. It is difficult to estimate how many proactive attacks have occurred since, like terrorist attacks; only successful campaigns become public. The attack Imperva witnessed during 2011 was the proactive variety. In this case, Anonymous hoped to disrupt an event that would take place on a specific date. Awebsite designed to support the event enabled e-commerce and information dissemination would become Anonymous’ target. Though we cannot identify the target, it is a large, well-known organization. The attack occurred over a period of 25 days in three phases. The first phase, recruiting and communications, a small group of instigators elicited support and recruit for an attack, as members ofAnonymous created a website rationalizing an attack on their target. Twitter and Facebook promoted traffic to this site. Additionally, YouTube videos were produced to help rationalize attacks. Once a critical mass was achieved, the second phase, reconnaissance and application attack, could begin. During this phase, around 10 to 15 skilled hackers probed the website’s applications in an effort to...
Leer documento completo
Regístrate para leer el documento completo.