Tweet
Respuesta: Anonymous contraataca
Boletin de Seguridad ISS ( Internet Security System )
In Friday's assessment, we touched on the denial of service attacks being staged by the Anonymous collective which cited the Megaupload shuttering and proposed SOPA legislation as the cause. While reports suggest the attacks have abated, there are a few things learned from the attacks that are worth taking note of. Firstly, the main tool used in the attacks was reported to be the Low Orbit Ion Cannon (LOIC) which those who wish to participate in an attack can simply download and execute to become an attacker. A media report tracked the number of downloads of the tool from Sourceforge from the twelfth of January through to the twentieth. The number of downloads per day is relatively stable from the twelfth to the eighteenth, hovering around a thousand downloads per day, until the nineteenth, where downloads jump to almost six thousand. But, on the twentieth, the number of downloads jumps to almost twenty thousand for the day. While it's impossible to know how many of these downloaded LOIC clients were used in the attacks, it would seem difficult to consider the huge upsurge in the number of downloads is unrelated to the Anonymous attacks considering the time frame. We noted reports in our Friday assessment that said that over fifty-five thousand people were involved in the attack, some reports now say that around twenty-seven thousand computers took part in the attacks. These numbers are significant and tend to suggest that given a cause that resonates with the collective members and possibly a wider general audience, Anonymous can motivate significant numbers of people to its agenda.
In what appears to be a first for Anonymous, a more sinister method of getting people to attack sites targeted by Anonymous has been reported. This method involves what is effectively a malicious web page which implements Javascript that will cause the victims browser to issue HTTP requests (reportedly thousands) to the target of the malicious web page. If enough victims could be convinced to visit such a malicious page (think SEO campaign for example) enough HTTP requests could potentially be generated to provide a significant contribution to an attack. It is not stated on how many sites the malicious web pages were hosted. A screenshot provided with the report shows a malicious web page triggering browser requests to a US Department of Justice website, one of the sites that were targeted by Anonymous. Mitigation to avoid being victimized by such malicious web pages is as simple as turning off Javascript, or for Firefox users, perhaps running the NoScript plugin, which allows the user to permission the execution of Javascript in the browser on a per host basis.
Activism and hactivism have very much found a home on the Internet. Activism is generally not malicious, hactivism is virtually always malicious. The differences can be seen in the blackout staged by a number of sites in protest at the proposed legislation, which is non malicious, versus the denial of service attacks attributed to Anonymous. While the drivers behind the current attacks have caused widespread controversy and are unusual in the amount of emotion they have raised, we do suggest that organizations take the time to review their preparedness for such situations. Please do make sure that systems or processes used to mitigate denial of service attacks, business continuity and disaster recovery plans, are in place. And that personnel involved are practiced at deploying whatever steps are used to mitigate attacks. We don't see hactivism going away anytime soon.
---------- Post added at 22:37 ---------- Previous post was at 22:36 ----------
aca tienen mas info.
http://www.securityweek.com/download...nline-protests
Anonymous's new weapon - The H Security: News and Features
Boletin de Seguridad ISS ( Internet Security System )
In Friday's assessment, we touched on the denial of service attacks being staged by the Anonymous collective which cited the Megaupload shuttering and proposed SOPA legislation as the cause. While reports suggest the attacks have abated, there are a few things learned from the attacks that are worth taking note of. Firstly, the main tool used in the attacks was reported to be the Low Orbit Ion Cannon (LOIC) which those who wish to participate in an attack can simply download and execute to become an attacker. A media report tracked the number of downloads of the tool from Sourceforge from the twelfth of January through to the twentieth. The number of downloads per day is relatively stable from the twelfth to the eighteenth, hovering around a thousand downloads per day, until the nineteenth, where downloads jump to almost six thousand. But, on the twentieth, the number of downloads jumps to almost twenty thousand for the day. While it's impossible to know how many of these downloaded LOIC clients were used in the attacks, it would seem difficult to consider the huge upsurge in the number of downloads is unrelated to the Anonymous attacks considering the time frame. We noted reports in our Friday assessment that said that over fifty-five thousand people were involved in the attack, some reports now say that around twenty-seven thousand computers took part in the attacks. These numbers are significant and tend to suggest that given a cause that resonates with the collective members and possibly a wider general audience, Anonymous can motivate significant numbers of people to its agenda.
In what appears to be a first for Anonymous, a more sinister method of getting people to attack sites targeted by Anonymous has been reported. This method involves what is effectively a malicious web page which implements Javascript that will cause the victims browser to issue HTTP requests (reportedly thousands) to the target of the malicious web page. If enough victims could be convinced to visit such a malicious page (think SEO campaign for example) enough HTTP requests could potentially be generated to provide a significant contribution to an attack. It is not stated on how many sites the malicious web pages were hosted. A screenshot provided with the report shows a malicious web page triggering browser requests to a US Department of Justice website, one of the sites that were targeted by Anonymous. Mitigation to avoid being victimized by such malicious web pages is as simple as turning off Javascript, or for Firefox users, perhaps running the NoScript plugin, which allows the user to permission the execution of Javascript in the browser on a per host basis.
Activism and hactivism have very much found a home on the Internet. Activism is generally not malicious, hactivism is virtually always malicious. The differences can be seen in the blackout staged by a number of sites in protest at the proposed legislation, which is non malicious, versus the denial of service attacks attributed to Anonymous. While the drivers behind the current attacks have caused widespread controversy and are unusual in the amount of emotion they have raised, we do suggest that organizations take the time to review their preparedness for such situations. Please do make sure that systems or processes used to mitigate denial of service attacks, business continuity and disaster recovery plans, are in place. And that personnel involved are practiced at deploying whatever steps are used to mitigate attacks. We don't see hactivism going away anytime soon.
---------- Post added at 22:37 ---------- Previous post was at 22:36 ----------
aca tienen mas info.
http://www.securityweek.com/download...nline-protests
Anonymous's new weapon - The H Security: News and Features
Comment