In a an extremely detailed report to be delivered to the computer security conference, Imperva, an IT security consulting company describes how the hacker Anonymous group launched Operation Pharisee to bring down the Vatican web site. The report is to be presented and webcast at the Morgan Stanley Conference on Technology, Media and Telecom in San Francisco on March 1 at 11:45 PST.
The presentation will describe how defying the entire world of IT security and law enforcement, the Anonymous attack was coordinated online, via YouTube and social media. It was meant to disrupt the site set up to popularize the Youth World Day, organized in 2011 in Madrid. The hackers planned to replace the messages on the site with anti-catholic propaganda.
The report, which is part of a Hacker Intelligence Initiative, details how massive sql injection and denial of service attacks were used in waves to crash the Vatican site. The attack, however, failed. The most important lessons learned were:
Anonymous Flag Image via Wikipedia
› Monitor social media – Hacktivism is loud by definition. Hacktivists use all of the channels the Web offers – Twitter, Facebook, YouTube, blogspot, pastebin etc. One should proactively scan the Web for hints of coming attacks (Google alerts, for example). The data obtained should be used to accommodate the attack as the data disclosed specifies attack date, means, etc.
› Protect applications – Exposing data transacted by applications can have a damaging impact. A strong application security program consisting of Web application firewalls, vulnerability assessments and code reviews can help mitigate the risk of a breach.
› DDoS is the hacker’s last resort – Attackers prefer small scale, effective campaigns that do not require massive recruitment of willing participants. Therefore, possible attack victims should make it their priority to mitigate application vulnerabilities, even before mitigating DDoS attacks.
› Analyze the alert messages generated by your security devices – the DDoS attack was preceded by a few-days-long phase of reconnaissance. By examining these alerts, one can strengthen the security policy and be better prepared for the attack. Daily analysis of alert information may help better prepare for tomorrow’s attack.
› IP reputation is very valuable – IP reputation is a very powerful tool, especially in high-volume attacks. Using IP reputation, most of the reconnaissance traffic could have been blocked. However, like any PoW they should be interrogated – scrutinizing the content may yield important insights on the purpose of the attackers
The YouTube message that mobilized the hacker world to attack the Vatican declares Pope Benedict XIV for behaving like a God and attacks the church hierarchy for its privileges. Other attacks, reminding of the Reformation, declare the priesthood illegitimate and claim the right of the faithful to minister to themselves. Embracing a liberation theology message, it also claims that only fight for “social justice” can redeem the church.
Anonymous has been using social media with great success over the past years, calling its members, the “Illuminati” to start a Civil War in 2012, as the following video suggests.