Question About Anonymous' Attacks

Discussion in 'other security issues & news' started by Brandonn2010, Jan 20, 2012.

Thread Status:
Not open for further replies.
  1. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    So I read about all these sites getting taken down because of Anonymous attacking them. However, most people say it's just simple DDoS attacks. I have an understanding of what a DDoS attack is. Basically they tell all the computers on a botnet to go to or ping the website they want to attack. The server can't handle all the requests and so crashes.

    But how do they end up with passwords and user data, etc?
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Some of them know SQL injection attacks. Social engineering too.
     
  3. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    When they're going for passwords/ user data they aren't DDoS'ing. Typically they're exploiting the SQL databases using SQL Injection.

    SQL injection is incredibly easy to pull off and takes advantage of most websites really not bothering to do the absolute simplest amount of work to secure themselves. You basically send some bad data to a website and the website gives you everything - it's a bit more difficult than that but not by much.

    Most attacks you see are using simple SQL injection.

    Some attacks are actually a lot more clever than that.
     
  4. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    So do you believe most are just script-kiddies like the people commenting on Anonymous stories claim?

    Also, how are so many of these high-profile sites getting "hacked"? Are their IT staff just completely inept or what?
     
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Most aren't even that. They install LOIC, and point it where they're told. Most of them don't even know enough to hide their IP address. Some are script kiddies. A few are highly skilled.

    The main problem is low-budget web design. Even experts who should know better sometimes let idiots create their websites, because idiots don't charge very much. Idiots use code that doesn't adequately sanitize input for SQL queries.
     
  6. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Yes, it's just script-kiddies. Take a trip over to /b/ and you'll see "Download this, run it, type in this IP, hit go" - this is the definition of a script kiddie.

    And yes, it's mostly novice web designers behind these servers that get hacked.
     
  7. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    In some ways, it's no different than what you see here. The unskilled "members" use premade tools. The more advanced members attempt to do more than just deny service. As for the "IT" part of the question, it's a combination of things including, incompetence, laziness, interference from management preventing them from using more secure methods, employees with too much system access and not enough training or interest to use it securely, flaws in the software, reliance on outdated apps, and on and on.
     
  8. Spooony

    Spooony Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    514
    The Ddos is nothing. Its the blacklisting of your site by the ISP if you suffer such a attack. Its quiet a hassle to get it going again
     
  9. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  10. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    Anonymous and Lulzsec and the like are quickly being promoted as the scary terrorists on the internet. But these shadowy groups with no official agenda or set of policies could be absolutely anybody. CIA, FBI, MI6, the whole worlds secret police could be using these groups as a convenient cover for their own dirty deeds - aiding a more worrying agenda to control the internet in these troubling times. Just think about it ... nearly every cyber crime these days gets tagged to the same few names. Don't get sucked in.

    Don't fall for the hype. Exploits have been going on since day one of the inernet - they're just being reported differently - blamed on a few so-called internet hacking groups - can the media prove it was who they're saying did it? NO. There is nothing scarier happening now than before - I believe - the only scary thing is the agenda of the Government's to create a scary internet Al Qaeda. And, yes, I've come to my own conclusions through reading/listening to a lot of alternative media outlets. Unfortunately today you have to look at the alternative media to realise the excessive mainstream media's promotion of these 'anonymous' groups. This promotion just builds the myth that will eventually bring about big brother style policing of the internet. Yeah I know that is going to set off the nutcase siren mentioning Orwell.

    Just saying. :)
     
  11. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
  12. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    The entire idea behind Anonymous is that if you say you're Anonymous you are Anonymous.

    It's been speculated plenty that governments have acted under the name. Anyone can.

    Obviously the media is hyping it. The best way to make money is to hype. That's the problem with the media ~ ala Chomsky.

    But no, these attacks haven't been the same. They've increased quite a lot with the creations of LOIC and RefRef putting weapons in the hands of would-be skiddies.
     
  13. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    I'm still baffled as to how the FBI and Department of Justice went down. You would think...
     
  14. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Very true, Hungry Man. In fact - by definition - Anonymous is Anonymous is anonymous is AnOnoMouS.
     
  15. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    It's all a matter of bandwidth. That's the best defense against a flood DDoS attack.
     
  16. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Right, and they are not popular sites, so they were easy to take down.
     
Loading...
Thread Status:
Not open for further replies.