This information security week has offered many interesting points: the brand new CRIME attack against SSL/TLS, the release of BlackHole Exploit Kit 2.0 that promises new stealth vectors of Drive-By download infections, the takedown of the emerging Nitol botnet by Microsoft, and, last but not least, the first (?) known example of a new generation of a C&C Server leveraging the anonymization granted by Tor Service.
The latter is in my opinion the news with the most important consequences for the Information Security community, since delineates the next step of Botnets’ evolution, after the common, consolidated, C&C communication schema, and its natural evolution consisting in Peer-to-Peer (P2P) communication.
The first (I wonder if it is really the first) discovery of a Botnet command server hidden in Tor, using IRC protocol to communicates with its zombies, has been announced in a blog post by G-Data. Of course the advantages of such a similar communication schema are quite simple: the Botnet may use the anonymity granted by the Deep Web to prevent the identification and the likely takedown of the server, and the encryption of the Tor protocol to make traffic identification harder by traditional layers of defense. Two advantages that greatly exceed the Tor latency which represents the weakness of this communication schema.
Maybe it was only a matter of time, in any case it is not a coincidence that in the same weeks researchers have discovered BlackHole 2.0 and the first (maybe) C&C infrastructure hidden inside the Deep Web: Cyber Criminals are continuously developing increasingly sophisticated methods to elude law enforcement agencies and to evade the security controls of the traditional bastions, and the botnets are confirming more than ever to be the modern biblical plague for the Web…
And even if every now and then good guys are able to obtain a victory (as the Nitol takedown), the war is far from over.
There are really few doubts, this is the most (in)famous hacking collective. There is no new day without a new resounding action. They are Anonymous. They are Legion. They do not forgive. They do not forget. Expect Them.
B like Barrett Brown
Considered one of the early members, Barrett Brown is the alleged spokesperson of Anonymous.
C like Chanology (AKA Project Chanology, AKA Operation Chanology)
A protest movement against the practices of the Church of Scientology by Anonymous. The project (or Operation) was started in response to the Church of Scientology’s attempts to remove material from a highly publicized interview with Scientologist Tom Cruise from the Internet in January 2008 and was followed by DDoS attacks and other actions such as black faxes and prunk calls.
D like DDoS
Distributed Denial of Service (abbreviated DDoS) is the preferred weapon by Hackitivsts, since it does not need particular hacking skills and may also be centrally controlled (with a hive mind who define the target). The preferred tool for perpetrating DDoS attacks is LOIC, although next-gen tools are under development.
E like Encyclopædia Dramatica
A satirical open wiki, launched on December 10, 2004 and defunct on April 14 2011. It is considered one of the sources of inspiration for The Anonymous.
F like Fawkes Guy AKA Fawkes Guido
Guy Fawkes (13 April 1570 – 31 January 1606), also known as Guido Fawkes, belonged to a group of provincial English Catholics who planned the failed Gunpowder Plot, a failed assassination attempt against King James I of England. His stylised mask designed by illustrator David Lloyd and used as a major plot element in the “V for Vendetta“ Comic Book, is the symbol for the Anonymous. The failure of the Gunpowder plot has been commemorated in England since 5 November 1605.