To help companies safeguard their precious data, Imperva released an analysis of the methods used by hackers to shut down websites and steal information
Social media platforms are used by hacktivist groups like Anonymous to plan and coordinate attacks against high profile companies, according to new research into the methods deployed by hackers.
Just as it was revealed that Stratfor, a US intelligence company, was the latest victim of a hack, Imperva, a data security company, released a report examining the malicious tools and strategies used by Anonymous, one of the most famous ‘hacktivist’ groups.
Imperva’s research examined the hacking methods used by Anonymous as well as the way it exploits social media to recruit participants and coordinate its attacks. The report analysed the methods used against “a high-profile unnamed target during a 25 day period in 2011”.
The analysis showed that social media channels, like Twitter, Facebook and YouTube, are the predominant tools used for suggesting a target and planning attacks. Anonymous uses YouTube videos (like this one) to promote and help rationalise attacks.
Social media also acts as means to recruit volunteers to participate in the malicious campaign. Networks like Anonymous are normally loosely coordinated groups consisting of members who’s only qualifications are a knowledge of hacking and a will to participate.
The high orbit ion cannon is a threat to any business with a presence online
Neal Quinn, VP of operations, Prolexic
Following recruitment, the next stage of the attack, as indicated by Imperva, involves “application layer” assaults (which attack the specific applications that a website runs), finally, a distributed denial of service (DDoS) attack may be launched.
For the final phase Anonymous uses customised tools, such as a low orbit ion cannon (a DDoS weapon developed to break down servers by overloading them with fake visitors until they crash).
Anonymous recently upgraded its weapons arsenal with an even stronger application, the high orbit ion cannon that can target up to 256 web addresses simultaneously.
Neal Quinn, VP of Operations at DDoS mitigation provider Prolexic warned: “The ability to hit up to multiple targets simultaneously (instead of just one with a low orbit cannon), and the use of randomisation to evade detection, makes the high orbit ion cannon a threat to any business with a presence online. Businesses should take steps now to protect themselves.”
Tools like the HOIC are widely distributed via file sharing sites and easy to use. As Imperva pointed out, Anonymous rarely relies on common hacking techniques such as botnets, malware, phishing or spear phishing, like “for-profit” hackers regularly do.
“Our research shows that Anonymous generally mimics the approach used by for-profit hackers, leveraging widely known methods – SQL injection and DDoS – to carry out their attack. We found that Anonymous, although it has developed some custom attack tools, generally uses inexpensive, off-the-shelf tools as opposed to developing complex attacks,” said Amichai Shulman, Co-Founder and CTO of Imperva.