[1 / 0 / ?]
Quoted By:
Types of attacks
• Website defacement: Hacker changes the appearance of a Web page, typically done by breaking into a Web server and replacing the hosted Web page with another one. Cross-site scripting is a form of defacement.
This form of electronic graffiti is done to spread messages by cyber protesters or hacktivists. But it can sometimes be used as a cover-up for sinister actions such as uploading spying malware or deleting essential files from the server.
• Distributed Denial of Service (DDoS) attack: Attacker creates a network using thousands of infected computers worldwide, which are then made to overwhelm a targeted site with a huge spike in traffic. While such attacks may cause inconveniences by slowing down website access for users, they do not usually result in a loss of data or information.
• Domain name system (DNS) spoofing or DNS poisoning: Attacker introduces wrong routing information into an organisation's DNS server, which translates a human readable domain name (such as example.com) into a numerical IP address for website access.
The wrong routing information stored in the DNS server may lead to wrong IP address translation, causing Internet traffic to be diverted to another website, often the attacker's. This may then lead to Web users unknowingly downloading malicious programs that steal passwords.
• Password cracking: Computer programs can be automated to run permutations to crack the easy-to-guess passwords of a user or system administrator to gain unauthorised access to personal accounts or networks.
Amorphous, unpredictable and Anonymous
WHEN the hacker known as "the Messiah" identified himself as part of the global cyber activism group Anonymous, he raised the stakes.
After all, the amorphous and unpredictable group of cyber vigilantes has, in the last few years, succeeded in bringing down global credit card websites, defeating an anti-online piracy Bill in the US, and unearthing evidence to convict rapists.
In the process, the self-described "legion" that organises itself through Internet Relay Chat (IRC) has become a little less anonymous: Several of its members have been arrested and jailed in the United States, the United Kingdom and Ireland for hacking.
Judges in these countries have treated Anonymous's hacking activities as purely criminal, noted McGill University's expert Gabriella Coleman, rather than "entertaining the idea that the actions may have been principled dissent".
But members of Anonymous view the distinction as crucial to their raison d'etre. What they do, they have said, is to campaign for a cause in a disruptive and dramatic fashion designed to bring media and public attention to an issue.
It is worlds apart from cyber terrorism, their defenders believe, which is hacking with the intention of causing grave harm such as the loss of life or severe economic damage.
But it has extracted its share of human cost and ruined many lives in the process. Anonymous specialises in circulating private data and photos of chosen targets whose only crimes were to provoke the hacktivists. Sometimes this was in being a "symbol" of censorship, other times, it was just by publicly questioning the technological know-how of Anonymous.
Its first-known "operation", a full-fledged pranking campaign against the Church of Scientology, encapsulated its founding goal of irreverent disruption in the name of freedom of information.
In 2008, in response to the Church's legal attempts to get websites to remove an internal recruitment video that had gone viral, Anonymous faxed images of nude body parts to the Church's offices, ordered unpaid pizzas and escorts to be delivered, and tied up its hotline with phone calls. It also launched Distributed Denial of Service (DDoS) attacks to take down its website.
In early 2010, another DDoS campaign aimed at Paypal, MasterCard and Visa - reprisal for their refusal to accept donations for WikiLeaks chief Julian Assange - catapulted the group to a new level of notoriety.
Since then, Anonymous has gone after targets as disparate as the San Francisco transit system (for blocking phone service to thwart the organisation of street protests), and some high school students in a small US town for raping their classmate.
The group itself is not formalised or organised; there are many, constantly changing factions and splinter groups among Anonymous, with operations usually sparked almost accidentally. Someone issues a virtual "call to arms" and others respond, or not.
In fact, some major factions of Anonymous reject the use of hacking and DDoS attacks in their campaigns, preferring to stick to classic trolling tactics such as jamming phone lines.
As one of its taglines goes: "Anonymous is not unanimous."
Still, members have made it clear that their aim is always to target the symbols of corporations, rather than the corporations themselves - in the WikiLeaks reprisal attacks, for example, the firms' websites went down but not their internal processes, databases and ability to conduct business.
Anonymous has also roundly dismissed reports that it could - or would - hack into the US power grid or worse, as some fear.
That would be cyber terrorism, its members say, and would hurt ordinary citizens, the very people whose interests it wants to defend against the onslaught of fat cat corporations and greedy governments.
It remains to be seen whether the Messiah can really summon this fearsome and capricious band of hacktivists to his cause.
There is no Anonymous head honcho or headquarters to verify if the Messiah is indeed one of them. This sort of hierarchy and barriers to entry seen in mainstream organisation are anathema to the cyber anarchists.
Rather, as Ms Coleman writes, "to be part of Anonymous, one simply needs to self-identify as Anonymous".
• Website defacement: Hacker changes the appearance of a Web page, typically done by breaking into a Web server and replacing the hosted Web page with another one. Cross-site scripting is a form of defacement.
This form of electronic graffiti is done to spread messages by cyber protesters or hacktivists. But it can sometimes be used as a cover-up for sinister actions such as uploading spying malware or deleting essential files from the server.
• Distributed Denial of Service (DDoS) attack: Attacker creates a network using thousands of infected computers worldwide, which are then made to overwhelm a targeted site with a huge spike in traffic. While such attacks may cause inconveniences by slowing down website access for users, they do not usually result in a loss of data or information.
• Domain name system (DNS) spoofing or DNS poisoning: Attacker introduces wrong routing information into an organisation's DNS server, which translates a human readable domain name (such as example.com) into a numerical IP address for website access.
The wrong routing information stored in the DNS server may lead to wrong IP address translation, causing Internet traffic to be diverted to another website, often the attacker's. This may then lead to Web users unknowingly downloading malicious programs that steal passwords.
• Password cracking: Computer programs can be automated to run permutations to crack the easy-to-guess passwords of a user or system administrator to gain unauthorised access to personal accounts or networks.
Amorphous, unpredictable and Anonymous
WHEN the hacker known as "the Messiah" identified himself as part of the global cyber activism group Anonymous, he raised the stakes.
After all, the amorphous and unpredictable group of cyber vigilantes has, in the last few years, succeeded in bringing down global credit card websites, defeating an anti-online piracy Bill in the US, and unearthing evidence to convict rapists.
In the process, the self-described "legion" that organises itself through Internet Relay Chat (IRC) has become a little less anonymous: Several of its members have been arrested and jailed in the United States, the United Kingdom and Ireland for hacking.
Judges in these countries have treated Anonymous's hacking activities as purely criminal, noted McGill University's expert Gabriella Coleman, rather than "entertaining the idea that the actions may have been principled dissent".
But members of Anonymous view the distinction as crucial to their raison d'etre. What they do, they have said, is to campaign for a cause in a disruptive and dramatic fashion designed to bring media and public attention to an issue.
It is worlds apart from cyber terrorism, their defenders believe, which is hacking with the intention of causing grave harm such as the loss of life or severe economic damage.
But it has extracted its share of human cost and ruined many lives in the process. Anonymous specialises in circulating private data and photos of chosen targets whose only crimes were to provoke the hacktivists. Sometimes this was in being a "symbol" of censorship, other times, it was just by publicly questioning the technological know-how of Anonymous.
Its first-known "operation", a full-fledged pranking campaign against the Church of Scientology, encapsulated its founding goal of irreverent disruption in the name of freedom of information.
In 2008, in response to the Church's legal attempts to get websites to remove an internal recruitment video that had gone viral, Anonymous faxed images of nude body parts to the Church's offices, ordered unpaid pizzas and escorts to be delivered, and tied up its hotline with phone calls. It also launched Distributed Denial of Service (DDoS) attacks to take down its website.
In early 2010, another DDoS campaign aimed at Paypal, MasterCard and Visa - reprisal for their refusal to accept donations for WikiLeaks chief Julian Assange - catapulted the group to a new level of notoriety.
Since then, Anonymous has gone after targets as disparate as the San Francisco transit system (for blocking phone service to thwart the organisation of street protests), and some high school students in a small US town for raping their classmate.
The group itself is not formalised or organised; there are many, constantly changing factions and splinter groups among Anonymous, with operations usually sparked almost accidentally. Someone issues a virtual "call to arms" and others respond, or not.
In fact, some major factions of Anonymous reject the use of hacking and DDoS attacks in their campaigns, preferring to stick to classic trolling tactics such as jamming phone lines.
As one of its taglines goes: "Anonymous is not unanimous."
Still, members have made it clear that their aim is always to target the symbols of corporations, rather than the corporations themselves - in the WikiLeaks reprisal attacks, for example, the firms' websites went down but not their internal processes, databases and ability to conduct business.
Anonymous has also roundly dismissed reports that it could - or would - hack into the US power grid or worse, as some fear.
That would be cyber terrorism, its members say, and would hurt ordinary citizens, the very people whose interests it wants to defend against the onslaught of fat cat corporations and greedy governments.
It remains to be seen whether the Messiah can really summon this fearsome and capricious band of hacktivists to his cause.
There is no Anonymous head honcho or headquarters to verify if the Messiah is indeed one of them. This sort of hierarchy and barriers to entry seen in mainstream organisation are anathema to the cyber anarchists.
Rather, as Ms Coleman writes, "to be part of Anonymous, one simply needs to self-identify as Anonymous".
