Friday, 12 August 2011

Anonymous Logo 150

Can Anonymous Really 'Kill' Facebook?

Why You Can't DDoS a Facebook
"Whether [Operation Facebook] is even a credible threat is one question," Wisniewski said. "The other question is, if it is a credible threat, do they have the resources to take down a Facebook? And the answer to that, certainly through DDoS, is that it's very unlikely. Amazon, Microsoft, Google, Facebook, these guys have globally distributed, massively redundant resources available to them."
Such websites "will either have that spare capacity themselves" to handle even a massive DDoS attack without going offline, he added, "or have relationships with the back haul carriers to get it if they need it."
One intriguing development, however, is Anonymous' recent announcement that the collective plans to retire its "Low Orbit Ion Cannon" DDoS tool in favor of a new, more sophisticated tool called RefRef that supposedly uses an SQL exploit to conduct website take-downs.
The Low Orbit Ion Cannon, or LOIC, is essentially a voluntary botnet that leverages the power of a large amount of "infected" PCs belonging to Anonymous members to launch massive DDoS attacks against targeted sites.
The LOIC's replacement could "have an enormous impact," according to Wisniewski, "if they're not full of crap."
"To begin with, LOIC is the least sophisticated possible thing you can do," the Sophos security adviser said. "Without taking [RefRef] apart, it's really difficult to know what it does. But what they're saying [with the new tool] is that there is a weakness or a flaw in a lot of websites that, by sending a specially crafted Web request, you can cache some Java Script on the Web server itself, and get the Web server to do the DoS'ing [of its own website] for you."
Another security firm, Imperva, may well have identified the RefRef tool in an analysis of the methods used by LulzSec to pull of their nearly two-month spree of high-profile Internet attacks.
Imperva found that the group turned a relatively little known intrusion tool called an RFI attack into a new way to conduct a DDoS attack.
"In other words, LulzSec used an often overlooked vulnerability to help ambush their targets," Imperva director of security strategy Rob Rachwald told PCMag in June. "An RFI attack inserts some nasty code into a Web application server. What does the code do? Usually, RFI is used to take over the Web application and steal data. In the case of LulzSec, they used it to conduct DDoS attacks."
But even if RefRef turns out to be a better tool than the LOIC, it's not likely to work with Facebook, Wisniewski said.
"From the standpoint of Facebook, a RefRef attack shouldn't be possible as very little SQL is in use at Facebook and what is in use is heavily abstracted from the internet."
Another possibility, of course, is that the Anons running Operation Facebook aren't planning a DDoS attack at all. In addition to website shutdowns, the hacking collective has also pulled off or had a hand in network intrusions, some showcasing fairly clever attack vectors, according to Imperva.
Perhaps Operation Facebook has less to do with simply taking the site offline than everybody thinks.

No comments:

Post a Comment