You May Be Anonymous

According to a recent Norton study, cybercrime cost the global economy (in both direct damage and lost productivity time) $388 billion in 2011–significantly more than the global black market for marijuana, cocaine, and heroin combined.  Cybercrime in 2012, however, is off to an astonishing start that will dwarf the 2011 numbers.

One of the new trends among Anonymous, LulSec, AntiSec and the rest of the Hactivist and hacking community is getting YOU involved. You may ask yourself, ‘What could I possibly do to participate in this behavior?’  Anonymous has come up with some nefarious tactics that can get the general public to join in the DDoS attack traffic, without their knowledge.

One method is to target Websites with significant followings, such as Twitter.  When over a half-million Twitter users see something like this:

the tendency for users is to go to the website and see if it’s online, which adds a significant spike in the website’s traffic. (In the old days, this was known as “Slashdotting”, a reference to making headlines at Slashdot.org and having floods of users taking a website down.) Like a mosquito carrying the malaria virus, you may be hopping from host to victim, in this case to the website targeted by Anonymous and implanting the infected code.

This kind of tool that Anonymous and the Hactivists like to use is called LOIC, which stands for Low Orbit Ion Cannon.  There is an email making the rounds now containing a JavaScript version of LOIC.  All you have to do is open your web browser or render this java script and you are part of the attack.

The director of the FBI said that ignorance of being part of the attack does not give you plausible deniability. That means you could potentially be prosecuted for clicking on the wrong link. It also means that Anonymous is gaining in numbers, very quickly. Granted, I don’t believe we can afford to put most of the population in jail; however, it does mean prosecution is going to become a real challenge to find the real Anonymous members who are staging this. Get ready to watch 2012 dwarf 2011 from a hacking perspective.

I hope that the stock exchange mentioned in the Twitter example was not a case of a customer following a  “me too” marketing pitch from some load balancer company that in the end put them on the fast track to being  offline. You must be very careful when listening to newcomers to the space that are just trying to make cash while you crash and burn.  The choice is yours.  DefensePro® from Radware defends the majority of the major stock exchanges on the planet. Who is defending you?

Leave a Reply