Forgot your password?
typodupeerror
Security IT

Vatican Attack Provides Insight Into Anonymous 355

Posted by samzenpus
from the casting-the-first-e-stone dept.
Hugh Pickens writes "John Markoff writes that an unsuccessful campaign against the Vatican by Anonymous, which did not receive wide attention at the time, provides a rare glimpse into the recruiting, reconnaissance, and warfare tactics used by the shadowy hacking collective and may be the first end-to-end record of a full Anonymous attack. The attack, called Operation Pharisee in a reference to the sect that Jesus called hypocrites, was initially organized by hackers in South America and Mexico and was designed to disrupt Pope Benedict XVI's visit to Madrid in August 2011 for World Youth Day and draw attention to child sexual abuse by priests. First the hackers spent weeks spreading their message through their own website and social sites like Twitter and Flickr calling on volunteers to download free attack software and imploring them to 'stop child abuse' by joining the cause. It took the hackers 18 days to recruit enough people, then a core group of roughly a dozen skilled hackers spent three days poking around the church's World Youth Day site looking for common security holes that could let them inside. In this case, the scanning software failed to turn up any gaps so the hackers turned to a brute-force approach of a distributed denial-of-service, On the first day, the denial-of-service attack resulted in 28 times the normal traffic to the church site, rising to 34 times the next day but did not crash the site. 'Anonymous is a handful of geniuses surrounded by a legion of idiots,' says Cole Stryker, an author who has researched the movement. 'You have four or five guys who really know what they're doing and are able to pull off some of the more serious hacks, and then thousands of people spreading the word, or turning their computers over to participate in a DDoS attack.'"
This discussion has been archived. No new comments can be posted.

Vatican Attack Provides Insight Into Anonymous

Comments Filter:
  • by Anonymous Coward on Monday February 27, 2012 @02:16PM (#39174947)

    A new inquisition to capture and torture these basement dwelling monsters

  • by Anonymous Coward on Monday February 27, 2012 @02:17PM (#39174963)

    The organization they were attacking.

    • I wonder that myself.
    • by artor3 (1344997)

      Given the fact that the bishops in America have been making a fuss about the prospect of their non-religious employees having access to birth control from a third party, while frequently cited statistics claim that ~98% of Catholics use birth control, I'd say the inverse is true. The Catholic Church is presently a relative handful of idiots surrounded by a billion normal people.

  • Geniuses? (Score:5, Insightful)

    by Hentes (2461350) on Monday February 27, 2012 @02:26PM (#39175079)

    'Anonymous is a handful of geniuses surrounded by a legion of idiots,' says Cole Stryker, an author who has researched the movement. 'You have four or five guys who really know what they're doing and are able to pull off some of the more serious hacks, and then thousands of people spreading the word, or turning their computers over to participate in a DDoS attack.'"

    Calling the core trolls geniuses is an overstatement. Most of them are just scriptkiddies whose most sophisticated attacks are correctly guessing when the password is 12345. The strategy of Anonymous is to try hacking against easy targets and DDoS against well-secured ones. And while DDoS is relatively easy to implement, the LOIC those "geniuses" came up with is a crappy tool.

    • by weszz (710261)

      12345? That's amazing! I have the same combination on my luggage!

    • the LOIC those "geniuses" came up with is a crappy tool.

      dude, if you think you can do better you can do better [sourceforge.net]. Unless your kvetching about underlying design or strategy flaws.

      • This isn't hacking, there's no skill, it is just having more bandwidth available than your target and being a dick. Of course that only works if you actually can have more bandwidth. As they found out Amazon didn't even blink, Amazon has WAY more resources than some dumbass script kiddies.

    • The report says that attacking browsers (yes, browsers, not PCs) were all targeted at the same URL with a few randomized URL values thrown in to force the server to treat them as separate requests. The key to defeating a DDOS, as I understand it, is to be able to separate legal requests from illegal, and route them to different places. If every attacker attacks with almost the exact same URL signature, doesn't that make it trivially easy to defeat? Am I missing something?

  • Mostly idiots? (Score:5, Insightful)

    by Darkmane (767114) <slashdot01.10.alcides@spamgourmet.com> on Monday February 27, 2012 @02:29PM (#39175127)

    "Anonymous is a handful of geniuses surrounded by a legion of idiots,"

    You can probably say this about most organizations in the world.

  • On the first day, the denial-of-service attack resulted in 28 times the normal traffic to the church site, rising to 34 times the next day but did not crash the site.

    The only way that evil can win is if good people fail to act. If the Catholic Church is the Body of Christ started by a divine Jesus Christ, then obviously wicked men practicing their pedophaelia or hackers targeting it's website cannot destroy the Church. Metaphorically speaking, they can load the pistol and pull the

  • Why? (Score:5, Insightful)

    by afabbro (33948) on Monday February 27, 2012 @02:47PM (#39175343) Homepage

    Attacking the Catholic Church in 2012 over the priest abuse scandal is like attacking Britain over John Major's policies.

    The abuse scandal was a pattern of abuse and cover-up that exploded into the media spotlight in the late 80s/early 90s. The Church did wrong, but since then, they've done a lot of right - there's a zero-tolerance policies, lots of priests have been defrocked, billions in settlements have been paid, hundreds were jailed, etc. There will always be sexual abuse in any large organization with access to children - schools, Boy/Girl scouts, the YMCA, the Mendocino Physics Club, Gencon, whatever. So yes, there may be some that goes on today on a small scale...but what has changed is the organizational response. In 1970, a Bishop might have shuffled a pedophile priest to a different parish. Today, there's zero tolerance, formal processes, and a much greater awareness.

    So...why attack in 2012? What is the point? If this was 1990, it'd be more understandable.

    I think "anonymous" (aka a half-dozen bored kids) is just desperate to remain in the spotlight. The attention-getting is more important than any "cause". In fact, attention-getting is the cause.

    • Yeah, we can talk again when my daughter can get the top job!
    • by jdev (227251)

      Today, there's zero tolerance, formal processes, and a much greater awareness.

      That may be true in the U.S. thanks to our court system actively pursuing abusers, but that's not what I have seen around the world. Irelend [irishcentral.com] has supposedly not received cooperation for criminal investigations and cover-ups [ajc.com] may still be going on in Asia.

      • by Dcnjoe60 (682885)

        Today, there's zero tolerance, formal processes, and a much greater awareness.

        That may be true in the U.S. thanks to our court system actively pursuing abusers, but that's not what I have seen around the world. Irelend [irishcentral.com] has supposedly not received cooperation for criminal investigations and cover-ups [ajc.com] may still be going on in Asia.

        I believe the Vatican is making the changes that were made in the US the norm for all diocese. As for Ireland, it was church officials who reported it to the authorities and a number of bishops actually resigned over it.

        The problem with other parts of the world deal with social norms. When young boys and girls are getting married at the age of 14, sometimes to a significantly older spouse, is that abuse or not. By western standards, it is abuse, but it is not seen that way locally. Granted this occurs m

    • Re:Why? (Score:5, Informative)

      by maestroX (1061960) on Monday February 27, 2012 @03:37PM (#39176199)

      So...why attack in 2012? What is the point? If this was 1990, it'd be more understandable.

      You missed the scandals in Europe lately, lots of abuses cases (read: *thousands* in NL, BE, FR, I repeat thousands, not one) emerged *after* the deadline for criminal prosecution. Lots of victims bear memories of youth without any compensation and meager acknowledgement; even a priest who manages to say 'Ich habe es nicht gewusst'.
      Considering the scale and impact of the abuse, it's in no way comparable to the actions of a single man; you're downplaying the issue, your comparison is moot and insensitive, it is a structural issue (sexual repression) with no single offender, but LOTS of offenders, more than any other organization in existence.
      *Any* other organization having this trackrecord of abusing children would be declared illegal immediately.
      Ignorant prick.

    • If you've got a rock to throw, big windows provide the most tempting target. I think it's no more complicated than that.

      An Anonymous DDOS is just an infantile temper tantrum writ large and the Church is an easy target.

    • The abuse scandal was a pattern of abuse and cover-up that exploded into the media spotlight in the late 80s/early 90s. The Church did wrong, but since then, they've done a lot of right

      It depends on which country. Check in with Ireland. There is at least one other African country that I can think of off the top of my head that still has issues. They only do a lot right when the media pressure and legal battles becomes too high to just sweep it under the rug.

  • You have four or five guys who really know what they're doing

    You may have a thousand people that can port scan, but out of the thousand maybe 2 would know what to do to get into a system.

  • Anonymous is, in effect, practicing an eclectic combination of bits of espionage, sabotage and warfare. (For that matter, so is WikiLeaks.) Eventually, they will run up against people who don't think that should be confined to the online world when it has real world consequences. I really wonder if they've considered what happens then.
  • If I choose to post a comment and not have my name attached to it (Anonymous) does that make me a member of Anonymous or just another willing pawn?
  • and may be the first end-to-end record of a full Anonymous attack.

    They act as if tracking Anonymous is any difficultly at all. The group is highly transparent. Finding them and following them on specific issues or OPS is not difficult at all. All you need is an strong interest in the subject matter, plenty of time on your hands, and a huge bucket of popcorn.

It's time to boot, do your boot ROMs know where your disk controllers are?

Working...