Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Anonymous Leaves Clues In Failed Vatican Attack

From: InfoSec News <alerts () infosecnews org>
Date: Thu, 1 Mar 2012 03:35:19 -0600 (CST)
http://www.informationweek.com/news/security/attacks/232601726

By Mathew J. Schwartz
InformationWeek
February 29, 2012
How do hacktivists launch attacks? A new report details an online assault launched in August by the hacktivist collective Anonymous that lasted for 25 days, and which was designed to disrupt a specific event.
The research, released Sunday by data security vendor Imperva on the eve of this week's RSA conference in San Francisco, offers a rare glimpse into the specific strategies, tools, and tactics used by Anonymous in its attempts to infiltrate or take down websites.
While officials at Imperva declined to identify the attacked organization, according to news reports, the attack was launched against a Vatican website. The Vatican likewise declined to confirm the attack, but according to news reports, a church official accidentally sent an email--intended for a colleague--to a journalist that read, "I do not think it is convenient to respond to journalists on real or potential attacks," and that "the more we are silent in this area the better."
The Anonymous attack was launched under the banner of Operation Pharisee, which began with attacks in South America and Mexico. This particular attack, however, was designed to disrupt a planned visit by Pope Benedict XVI to Madrid as part of World Youth Day 2011. But the attempt to scuttle the Vatican's related website failed, despite the launch of a distributed-denial-of-service (DDoS) attack that saw traffic volumes spike to 34 times their normal level.
Researchers at Imperva had advance warning of the attack, meaning they were able to watch it closely as it unfolded. "The thing that distinguishes hacktivism from financially motivated attackers is that they're loud and they preannounce," said Amichai Shulman, CTO of Imperva, in a meeting at the RSA conference. 

[...]


______________________________________________________________________________
CISSP and CEH training with Expanding Security is the fastest, easiest way
to grock the relevant data you need now.   A free class invite is in every
PainPill.  Sign up for the free weekly PainPill.  It's that easy.
http://www.expandingsecurity.com/PainPill
Previous By Date Next
Previous By Thread Next

Current thread: