The Anonymous attacks are interesting, however, because they were so relatively high-powered. "We've seen LOIC, we've figured out how much load it can put out on occasion, we've seen the crowd that they were able to attract for that attack that we tracked down, and it's consistent with most of the activities attributed to Anonymous over the years [which are] low-scale attacks," said Amichai Shulman, CTO of Imperva, in a meeting at the RSA conference in San Francisco last month. (The Anonymous attack that Imperva tracked down, according to news reports, was launched against a Vatican website.)
But something about the high-powered attacks in defense of Megaupload may not add up. "There are very few incidents in which Anonymous went after large targets and were able to actually produce very high traffic volumes," he said. "For example, take Operation Payback. They went after very large targets, and were able for a few minutes at least to produce enough bandwidth to at least somewhat affect those applications."
Producing that bandwidth required more than LOIC; it took botnets. But who paid for the botnets? Ditto for the intensive series of attacks launched as part of Operation Megaupload. "Who's funding that, and why on those occasions?" said Shulman.
In fact, some of the highest-profile Anonymous attacks look like the work of organizations or industries that stood to lose a substantial amount of money, be it through receiving donations, or selling cyberlocker service subscriptions. "Operation Payback, for example, wasn't a retaliation for [Julian] Assange's arrest. It was a retaliation for the fact that they stopped moving funds to WikiLeaks," Shulman said. "Megaupload was presumably an attack against freedom of the Internet and speech, but basically it was a takedown of a very profitable financial operation. The only question I'm asking is, is this coincidence?"
It's no longer a matter of if you get hacked, but when. In this special retrospective of news coverage, Monitoring Tools And Logs Make All The Difference, Dark Reading takes a look at ways to measure your security posture and the challenges that lie ahead with the emerging threat landscape. (Free registration required.)