Anonymous, LulzSec and other hacktivists aren't as anonymous as they might think. They're being watched. On this week's Patch Monday podcast, a watcher tells us what he sees.
Israeli information security researcher Tal Be'ery is the web security research team leader at Imperva's Application Defense Center (ADC), where he leads efforts to capture and analyse hacking data.
Hacktivism is all about public relations, Be'ery said. Hacktivists select targets of opportunity — sometimes even finding a vulnerable site and then adjusting their cause to provide a justification.
The hacktivists will try a "real" hack first — a data breach or website defacement — and if that doesn't work, they'll resort to a distributed denial-of-service (DDoS) attack.
"We can prove it, over specific cases we've seen, that only when the attackers were not successful in hacking the site using a web application vulnerability, then they went to the DDoS option, because ultimately DDoS doesn't need any vulnerability, really, in order to be successful," Be'ery said.
Be'ery won't explain precisely how his team has monitored Anonymous, except to say that the information was collected within the last 12 months via the defences they provide for their customers and their honey-pot networks.
In the podcast conversation, you'll also hear how hackers use Google Search to find vulnerable websites, how hacktivists themselves can become a target for hackers and how Anonymous' DDoS tool of choice, the Low Orbit Ion Cannon (LOIC), has been transformed by mobility and cloud computing.
We also touch upon the security of the PHP programming language, which powers around 80 per cent of the world's websites. Is it, as one programmer put it the other day, the hacker's API?
To leave an audio comment on the program, Skype to stilgherrian, or phone Sydney 02 8011 3733.
Tal Be'ery will be presenting his research at the AusCERT 2012 information security conference on the Gold coast next week.