Question About Anonymous' Attacks

So I read about all these sites getting taken down because of Anonymous attacking them. However, most people say it's just simple DDoS attacks. I have an understanding of what a DDoS attack is. Basically they tell all the computers on a botnet to go to or ping the website they want to attack. The server can't handle all the requests and so crashes.

But how do they end up with passwords and user data, etc?

 

Some of them know SQL injection attacks. Social engineering too.

 

When they're going for passwords/ user data they aren't DDoS'ing. Typically they're exploiting the SQL databases using SQL Injection.

SQL injection is incredibly easy to pull off and takes advantage of most websites really not bothering to do the absolute simplest amount of work to secure themselves. You basically send some bad data to a website and the website gives you everything - it's a bit more difficult than that but not by much.

Most attacks you see are using simple SQL injection.

Some attacks are actually a lot more clever than that.

 

So do you believe most are just script-kiddies like the people commenting on Anonymous stories claim?

Also, how are so many of these high-profile sites getting "hacked"? Are their IT staff just completely inept or what?

 

Most aren't even that. They install LOIC, and point it where they're told. Most of them don't even know enough to hide their IP address. Some are script kiddies. A few are highly skilled.

The main problem is low-budget web design. Even experts who should know better sometimes let idiots create their websites, because idiots don't charge very much. Idiots use code that doesn't adequately sanitize input for SQL queries.

 

Yes, it's just script-kiddies. Take a trip over to /b/ and you'll see "Download this, run it, type in this IP, hit go" - this is the definition of a script kiddie.

And yes, it's mostly novice web designers behind these servers that get hacked.

 

In some ways, it's no different than what you see here. The unskilled "members" use premade tools. The more advanced members attempt to do more than just deny service. As for the "IT" part of the question, it's a combination of things including, incompetence, laziness, interference from management preventing them from using more secure methods, employees with too much system access and not enough training or interest to use it securely, flaws in the software, reliance on outdated apps, and on and on.

 

The Ddos is nothing. Its the blacklisting of your site by the ISP if you suffer such a attack. Its quiet a hassle to get it going again

 

For thread continuity, this would probably help, timeline of events involving Anonymous Not forgetting there are LulzSec and others.

 

Anonymous and Lulzsec and the like are quickly being promoted as the scary terrorists on the internet. But these shadowy groups with no official agenda or set of policies could be absolutely anybody. CIA, FBI, MI6, the whole worlds secret police could be using these groups as a convenient cover for their own dirty deeds - aiding a more worrying agenda to control the internet in these troubling times. Just think about it ... nearly every cyber crime these days gets tagged to the same few names. Don't get sucked in.

Don't fall for the hype. Exploits have been going on since day one of the inernet - they're just being reported differently - blamed on a few so-called internet hacking groups - can the media prove it was who they're saying did it? NO. There is nothing scarier happening now than before - I believe - the only scary thing is the agenda of the Government's to create a scary internet Al Qaeda. And, yes, I've come to my own conclusions through reading/listening to a lot of alternative media outlets. Unfortunately today you have to look at the alternative media to realise the excessive mainstream media's promotion of these 'anonymous' groups. This promotion just builds the myth that will eventually bring about big brother style policing of the internet. Yeah I know that is going to set off the nutcase siren mentioning Orwell.

Just saying.

 

And remember One in four US hackers 'is an FBI informer'

If you believe mainstream media.

 

The entire idea behind Anonymous is that if you say you're Anonymous you are Anonymous.

It's been speculated plenty that governments have acted under the name. Anyone can.

Obviously the media is hyping it. The best way to make money is to hype. That's the problem with the media ~ ala Chomsky.

But no, these attacks haven't been the same. They've increased quite a lot with the creations of LOIC and RefRef putting weapons in the hands of would-be skiddies.

 

I'm still baffled as to how the FBI and Department of Justice went down. You would think...

 

Very true, Hungry Man. In fact - by definition - Anonymous is Anonymous is anonymous is AnOnoMouS.

 

It's all a matter of bandwidth. That's the best defense against a flood DDoS attack.

 

Right, and they are not popular sites, so they were easy to take down.