Home Anatomy of an Anonymous Attack on the Vatican

Anatomy of an Anonymous Attack on the Vatican

In the middle of last year, the hacking group Anonymous tried but failed to attack various Vatican Internet servers. A report that was just released by Imperva shows the extent of their prowess, and is a blueprint for other corporate security managers who want to try to protect their own networks in the future from miscreants. While the report itself doesn’t divulge the destination of the attack, it has been widely reported by the New York Times and other news outlets that it was the Vatican.

Of course, it helps that the Vatican used the Imperva Web applications firewall to protect itself and that the logs could be analyzed to see the sequence of events. They state, and we also believe, that this is the first end-to-end attack analysis of this magnitude.

Imperva found that the attack happened over a period of a month in three different phases: recruitment, reconnaissance for an application attack, and a distributed denial of service (DDOS) attack. Various individuals and computers were involved in each phase, including a core group of skilled hackers that Imperva estimates to be no more than 15 people, and a large collection of volunteers to conduct the DDOS attacks from their own computers and smartphones. Anonymous cleverly uses an array of social media accounts for the recruitment phase to find these volunteers. However, this recruitment means that Anonymous is limited in how quickly it can deploy its resources. But it also means that an observant security officer can see whom they are targeting next by watching the forums and social media discussions.

Here is a summary infographic of these phases.

Some of what was observed include the following:

  • Anonymous uses the same hacking tools that others use, such as SQL injection and vulnerability assessors, to exploit common website and Web server vulnerabilities. There is no secret sauce. They use off the shelf and cheap tools that are easy to use and don’t require any financial investment. No surprise there. As the graphic here indicates, they used four common attacks.
  • They have developed custom attack software. “This allows users to attack sites with mobile browsers. However, their mobile tool, though innovative, is not complicated. In fact, it is probably just a few hundred lines of Javascript code. All it takes for an attacker to participate in the attack is to browse to the specific Web page and leave the page open.”
  • Anonymous will try to steal data first and, if that fails, attempt a DDoS attack,” says the report. 
  • Even while being under a DDOS attack, “there’s an opportunity for security team to assess the attack details and, if needed, fine tune the rules in order to detect and block the entire attack more precisely.” This is perhaps the best news to date. Coordinating the various volunteers from around the world takes some effort, and a security manager still has an opportunity to step in even while the attack is underway.
  • Analyze your alert logs carefully.“The DDoS attack was preceded by a few-days-long phase of reconnaissance. Daily analysis of alert information may help better prepare for tomorrow’s attack”.
  • Use IP reputation scoring as part of your toolset. In these high-volume attacks, having the reputation of the originating IP address is helpful to screen and block any harmful traffic and understand the intended purpose of the attackers. 

You can download the full Imperva report here.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Anatomy of an Anonymous Attack on the Vatican

In the middle of last year, the hacking group Anonymous tried but failed to attack various Vatican Internet servers. A report that was just released by Imperva shows the extent of their prowess, and is a blueprint for other corporate security managers who want to try to protect their own networks in the future from miscreants. While the report itself doesn’t divulge the destination of the attack, it has been widely reported by the New York Times and other news outlets that it was the Vatican.

Of course, it helps that the Vatican used the Imperva Web applications firewall to protect itself and that the logs could be analyzed to see the sequence of events. They state, and we also believe, that this is the first end-to-end attack analysis of this magnitude.

Imperva found that the attack happened over a period of a month in three different phases: recruitment, reconnaissance for an application attack, and a distributed denial of service (DDOS) attack. Various individuals and computers were involved in each phase, including a core group of skilled hackers that Imperva estimates to be no more than 15 people, and a large collection of volunteers to conduct the DDOS attacks from their own computers and smartphones. Anonymous cleverly uses an array of social media accounts for the recruitment phase to find these volunteers. However, this recruitment means that Anonymous is limited in how quickly it can deploy its resources. But it also means that an observant security officer can see whom they are targeting next by watching the forums and social media discussions.

Here is a summary infographic of these phases.

Some of what was observed include the following:

  • Anonymous uses the same hacking tools that others use, such as SQL injection and vulnerability assessors, to exploit common website and Web server vulnerabilities. There is no secret sauce. They use off the shelf and cheap tools that are easy to use and don’t require any financial investment. No surprise there. As the graphic here indicates, they used four common attacks.
  • They have developed custom attack software. “This allows users to attack sites with mobile browsers. However, their mobile tool, though innovative, is not complicated. In fact, it is probably just a few hundred lines of Javascript code. All it takes for an attacker to participate in the attack is to browse to the specific Web page and leave the page open.”
  • Anonymous will try to steal data first and, if that fails, attempt a DDoS attack,” says the report. 
  • Even while being under a DDOS attack, “there’s an opportunity for security team to assess the attack details and, if needed, fine tune the rules in order to detect and block the entire attack more precisely.” This is perhaps the best news to date. Coordinating the various volunteers from around the world takes some effort, and a security manager still has an opportunity to step in even while the attack is underway.
  • Analyze your alert logs carefully.“The DDoS attack was preceded by a few-days-long phase of reconnaissance. Daily analysis of alert information may help better prepare for tomorrow’s attack”.
  • Use IP reputation scoring as part of your toolset. In these high-volume attacks, having the reputation of the originating IP address is helpful to screen and block any harmful traffic and understand the intended purpose of the attackers. 

You can download the full Imperva report here.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.