What’s happening on the battlefield
Over the past 18 months, Anonymous began a new age of hacktivism. Although the results are well known – publicly exposed data and interrupted web services – the methods are much less clear. Our findings show:
› Anonymous hackers are real people with real techniques – but they use conventional black hat methods and technologies. In fact, Anonymous’ hacking methods very much mirror what profiteering hackers do daily. For example, Anonymous hackers use many of the same tools for hacking, such as Havij, a SQL injection tool (probably invented in Iran) designed to penetrate applications and steal data. In other words, they are able to take advantage of common application vulnerabilities found in many websites, the same thing that fuels today’s black market, data-driven cyber crime economy. The main innovation seen from Anonymous is the creation of many websites that perform denial of service attacks.
› Anonymous will try to steal data first and, if that fails, attempt a DDoS attack. The first major attack by Anonymous in December 2010, Operation Payback, was a DDoS attack targeting PayPal, Visa, MasterCard and others. Though the attack attracted a lot of attention, it failed to disrupt these companies’ operations. Other attacks, such as Sony (and whether that was the work of Anonymous is not clear), succeeded because data was exposed. The impact? Sony suffered a public relations debacle in the period following the data exposure. The lesson was not lost on Anonymous who continued with data-centric attacks on PBS, BART, and other organizations.
› The Anonymous hackers are comprised of two types of volunteers:
• Skilled hackers – In this campaign, we witnessed a small group of skilled hackers. In total, this group numbered no more than 10 to 15 individuals. Given their display of hacking skills, one can surmise that they have genuine hacking experience and are quite savvy.
• Laypeople – This group can be quite large, ranging from a few dozen to a few hundred volunteers. Directed by the skilled hackers, their role is primarily to conduct DDoS attacks by either downloading and using special software or visiting websites designed to flood victims with excessive traffic. The technical skills required range from very low to modest.