Eventually, attackers spotted a specific URL that was later used in the attack itself," the report said. Such resources involve actions which are time and resource consuming, and might lead to exhaustion of the server resources. "Only when failing to find such vulnerabilities, the attackers resorted to searching a resource suitable for DDoS.
#CURSE CLIENT DOWNLOAD FAILED SOFTWARE#
These products were Havij, an automated SQL-injection tool Acunetix Scanner, an automated scanner that was used to look for remote file-inclusion vulnerabilities and Nikto Scanner, which looks for outdated server software and tests for dangerous scripts.
According to Imperva's report, a small group of attackers of no more than 10 to 15 individuals scanned the target for web-application vulnerabilities, such as cross-site scripting, SQL injection and directory-traversal vulnerabilities, but they were unable to identify any opportunities for a more effective attack.īy examining the victim's firewall logs, Imperva identified that the attackers used at least three off-the-shelf products rather than software specifically created for the attack. Imperva's analysis of the attackers indicates that Anonymous had knowledge of hacking tools, used anonymity services to hide its members' tracks and kept a low profile to avoid being detected. The second phase of the operation was a quick reconnaissance and application attack, aimed at surveying the target's state of security and identifying any vulnerabilities ahead of the scheduled attack that might aid in increasing the effectiveness of an attack. This communication phase lasted about 18 days. Promotional material was also used to set the date and convey target details for a future distributed denial-of-service (DDoS) attack. Imperva said that Twitter and Facebook were used to bring attention to the cause, and the video was used to rationalise the attack. "The raison d'être of hacktivism is to attract attention to a cause, so this phase is critical."
"This is really the essence of all hacktivism campaigns," the report said. In the attack, Anonymous uploaded a video to YouTube and used Facebook and Twitter to further promote it. The report (PDF) covers the three phases that it believes Anonymous uses over its 25-day hacking period, as well as the expected structure of the group, the tools that Anonymous members are suspected of using and the techniques used in the attack.Īccording to Imperva, the first phase of this attack was to begin recruitment and communications. Ukrainian developers share stories from the war zoneĭata-protection firm Imperva has undertaken an analysis of an Anonymous attack, claiming that it was able to witness a failed 25-day assault by the group and use its surveillance to map out Anonymous' attack methods. Linux distros for beginners: You can do this! Got questions about crypto? Ask the Coachįor Mom: The best flower delivery services How ransomware attacks threaten our food supply