Anonymous’ Hacking Tactics – Revealed In The Attack On Vatican

The Los Angeles Times reported that Father Leonard Boyle was working to put the Vatican’s Library on the World Wide Web through a site funded by IBM. “Bringing the computer to the Middle Ages and the Vatican library to the world.” Boyle computerized the library’s catalog and placed manuscripts and paintings on the website, which was in part funded by IBM. Today, thousands of manuscripts and incunabula have been digitized and are publicly available on the Vatican Library website. A number of other offerings are available, which include images and descriptions of the Vatican’s extensive numismatic collection that dates back to Roman times.

The Vatican’s digital presence soon caught the hacker’s attention and in August 2011, when by the elusive hacker movement known as Anonymous launched a cyber-attack against it.  Although the Vatican has seen its fair share of digital attacks over the years, what makes this particular one special is the fact that this was the first Anonymous attack to be identified and tracked from start to finish by security researchers, providing a rare glimpse into the recruiting, reconnaissance and warfare tactics used by the shadowy hacking collective.

 

The campaign against the Vatican, which has not received wide attention at the time, involved hundreds of people, some with hacking skills and some without. A core group of participants openly drummed up support for the attack using YouTube, Twitter and Facebook. Others searched for vulnerabilities on a Vatican Web site and, when that failed, enlisted amateur recruits to flood the site with traffic, hoping it would crash.

 

Anonymous, which first gained widespread notice with an attack on the Church of Scientology in 2008, has since carried out hundreds of increasingly bold strikes, taking aim at perceived enemies including law enforcement agencies, Internet security companies and opponents of the whistle-blower site WikiLeaks.

 

The group’s attack on the Vatican was confirmed by the hackers and it may be the first end-to-end record of a full Anonymous attack.

The attack was called “Operation Pharisee” in a reference to the sect that Jesus called hypocrites. It was initially organized by hackers in South America and Mexico before spreading to other countries, and it was timed to coincide with Pope Benedict XVI’s visit to Madrid in August 2011 for World Youth Day, an annual  international event that regularly attracts more than a million young Catholics.

 

Hackers initially tried to take down a website set up by the church to promote the event, handle registrations and sell merchandise. Their goal – according to YouTube messages delivered by an Anonymous figure in a Guy Fawkes mask – was to disrupt the event and draw attention.

 

The hackers spent weeks spreading their message through their own website and social media channels like Twitter and Flickr. Their Facebook page encouraged volunteers to download free attack software so that they might join the attack.

It took the hackers 18 days to recruit enough people. Then the reconnaissance began. A core group of roughly a dozen skilled hackers spent three days poking around the church’s World Youth Day site looking for common security holes that could let them inside. Probing for such loopholes used to be tedious and slow, but the advent of automated tools made it possible for hackers to do this around the clock.

 

In this case, the scanning software failed to turn up any gaps. So, the hackers turned to a brute-force approach – a DDoS attack. Even unskilled supporters could take part in this from their computers or smartphones.

Over the course of the campaign’s final two days, Anonymous enlisted as many as a thousand people to download attack software, or directed them to custom-built websites that let them participate using their cellphones. Visiting a particular web address caused the phones to instantly start flooding the target website with hundreds of data requests each second, with no special software required.

 

On the first day, the denial-of-service attack resulted in 28 times the normal traffic to the church site, rising to 34 times the next day. Hackers involved in the attack, who did not identify themselves, said, through a Twitter account associated with the campaign, that the two-day effort succeeded in slowing the site’s performance and making the page unavailable “in several countries”.

Anonymous moved on to other targets, including an unofficial site about the pope, which the hackers were briefly able to deface.

 

In the end, the Vatican’s defenses held up because, unlike other hacker targets, it invested in the infrastructure needed to repel both break-ins and full-scale assaults, using some of the best cybersecurity technology available at the time.

Researchers who have followed Anonymous say that despite its lack of success in this and other campaigns, their attacks show the movement is still evolving and, if anything, emboldened.