Anonymous' Vatican Cyberattack Revealed by Researchers
CREDIT: Warner Bros. Pictures
Last August, the prolific hackers working worldwide under the Anonymous banner attempted to take down a Vatican-run website to protest sexual abuse by priests. The Vatican, with the help of the security firm Imperva, was able to fend off the attacks, and now Imperva is detailing exactly what went into Anonymous' digital barrage.
The cyberattack lasted 25 days and occurred over three distinct phases, Imperva explained in "The Anatomy of an Anonymous Attack," a paper the company is scheduled to present at this week's RSA security conference in San Francisco. It is possibly the first complete, end-to-end report of a how an Anonymous cyberattack is carried out.
Imperva's report outlines "Operation Pharisee" — a reference to the sect that Jesus called hypocrites, the New York Times reported— which began with a small group of Anonymous hackers drumming up public support for their cause. After choosing a specific date to disrupt the Vatican site, Anonymous began the 18-day recruiting and communications phase, promoting the campaign on Twitter, Facebook, blogs and in YouTube videos "produced to help rationalize attacks," Imperva wrote in the paper.
(Anonymous' attacks are either proactive or reactive, Imperva explained. This one was proactive, whereas Anonymous' attacks on MasterCard, Visa and PayPal in response for the companies' refusal to process payments to WikiLeaks were reactive.)
Following the first phase, a skilled and select group of 10 to 15 hackers spent days 19 through 22 attempting to identify exploitable vulnerabilities in the Vatican website. This elite group did not employ any malware, but instead used several off-the-shelf penetration-testing tools, including the Havij, Acunetix and Nikto scanning programs. Seventy-five percent of the traffic in phase two came from users who anonymized their IP addresses, Imperva said.
After two more days of reconnaissance, on the 24th day, Anonymous aimed and fired the weapons they'd been loading with ammunition for nearly a month. For two days, the hackers, aided by supporters in four different countries volunteering their computers to the cause, began flooding the Vatican website with traffic, a distributed denial of service (DDoS) attack that forced the site to handle between 28 and 34 times its normal traffic. (Imperva said despite the hackers' DDoS efforts, the Vatican site was not disrupted.)
Though many cyberattacks only make headlines in the DDoS phase, Imperva said this is Anonymous' last resort; the hacking collective's skilled members prefer "small scale, effective campaigns that do not require massive recruitment of willing participants."
Imperva recommended companies pay attention to Anonymous' regular blogs and social media channels and proactively secure their networks before Anonymous gets to them.