You May Be Anonymous


According to a recent Norton study, cybercrime cost the global economy (in both direct damage and lost productivity time) $388 billion in 2011–significantly more than the global black market for marijuana, cocaine, and heroin combined.  Cybercrime in 2012, however, is off to an astonishing start that will dwarf the 2011 numbers.

One of the new trends among Anonymous, LulSec, AntiSec and the rest of the Hactivist and hacking community is getting YOU involved. You may ask yourself, ‘What could I possibly do to participate in this behavior?’  Anonymous has come up with some nefarious tactics that can get the general public to join in the DDoS attack traffic, without their knowledge.

One method is to target Websites with significant followings, such as Twitter.  When over a half-million Twitter users see something like this:

the tendency for users is to go to the website and see if it’s online, which adds a significant spike in the website’s traffic. (In the old days, this was known as “Slashdotting”, a reference to making headlines at Slashdot.org and having floods of users taking a website down.) Like a mosquito carrying the malaria virus, you may be hopping from host to victim, in this case to the website targeted by Anonymous and implanting the infected code.

This kind of tool that Anonymous and the Hactivists like to use is called LOIC, which stands for Low Orbit Ion Cannon.  There is an email making the rounds now containing a JavaScript version of LOIC.  All you have to do is open your web browser or render this java script and you are part of the attack.

The director of the FBI said that ignorance of being part of the attack does not give you plausible deniability. That means you could potentially be prosecuted for clicking on the wrong link. It also means that Anonymous is gaining in numbers, very quickly. Granted, I don’t believe we can afford to put most of the population in jail; however, it does mean prosecution is going to become a real challenge to find the real Anonymous members who are staging this. Get ready to watch 2012 dwarf 2011 from a hacking perspective.

I hope that the stock exchange mentioned in the Twitter example was not a case of a customer following a  “me too” marketing pitch from some load balancer company that in the end put them on the fast track to being  offline. You must be very careful when listening to newcomers to the space that are just trying to make cash while you crash and burn.  The choice is yours.  DefensePro® from Radware defends the majority of the major stock exchanges on the planet. Who is defending you?

David Hobbs

As Director of Security Solutions, David Hobbs is responsible for developing, managing, and increasing the company’s security practice in APAC. Before joining Radware, David was at one of the leading Breach Investigation Firms in the US. David has worked in the Security and Engineering arena for over 20 years and during this time has helped various government agencies and world governments in various cyber security issues across all sectors.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

CyberPedia

An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

CyberPedia
What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Blog
Security Research Center