Anonymous War: We explain the Legion's weapons

14/01/15

It's war. Cyber ​​war between Isis / Al-Qaeda and the best hackers of Anonymous dropped to the forefront after the Paris massacre. About 500 would be the high-profile programmers of the world community who identify themselves under the initials of Anonymous who are hitting sites, channels or simple blogs linked directly or indirectly to terrorist organizations.

The sites Kavkazcenter.com and profetensummah.com were unhinged a few hours ago.

While the cyberattack against the Twitter profile of the US Central Command for the Middle Eastern region has been denied, there seems to be no defense against Anonymous against Anonymous.

The official website of the organization is constantly evolving: users from all over the world exchange information, details and procedures. Just the cyber attack consists of three stages. The first is the identification of the suspicious site. The second stage is the identification of the possible target and the connections. The third stage, ascertaining the affiliation to some terrorist theme, is the cyber attack that can be of different nature.

But how do Anonymous hackers work?

The engineer Francesco Benincasa, a programmer and expert in data processing with experience at some of the largest IT companies in the world, explains the cyber-war weapons.

The operation #OpCharlieHebdo

Internet - explains the engineer Benincasa - is a set of computers connected to each other (through network cables, satellite connections, wireless connections, ocean backbones, etc ... etc ...). Among these devices we find our computers: tablets and mobile phones. Then there are other computers that host the various websites, but also equipment whose sole purpose is to sort communications with other devices. Simplifying to the maximum: every device connected to the internet must have a unique identifier, called IP address (Internet Protocol).

The expert continues - “When, with our browser, we browse a site, such as www.difesaonline.it, the following things happen: our computer asks some known servers (the so-called DNS - Domain Name Service) the unique address of the computer hosting the site that interests us. Once the IP address of the server has been obtained, the request of the page we wish to see starts from our computer. The page request goes through various devices that indirectly connect our computer to the website server ". 

Among the tools of Anonymous - continues Benincasa - the DDOS, the SQLI and the DNS Hijacking.

The weapons of the Legion, the weapons of Anonymous

"DDOS stands for Distributed Denial of Service. The server that hosts the site that interests us can handle a certain number of requests per page per second. But what if thousands or tens of thousands of computers simultaneously try to request the same page for minutes, hours, days? The server would obviously no longer be able to respond and would stop responding. DDOS attacks are based on being able to control thousands of computers at the same time in order to "flood" the server being attacked ".

"Another type of attack is the SQLI attack, that is SQL Injection (SQL is the programming language used to work on the most widespread databases). Many websites are based on archives that are queried using criteria defined by a text that users can insert directly into web pages. If not properly checked, this text could however be used by a hacker to change the behavior of the program underlying the website.

Suppose we have a site that requires the inclusion of username and password to access certain areas of the site. An attack of SQLI type consists in writing instead of the text that defines the username or password, the commands in SQL language that if executed allow to pass the identification checks foreseen by the program ".

Among the most devastating effects - explains the programmer - that can be obtained with this type of attack we can certainly consider the theft of information and the so-called website defacement, or the replacement of the original pages of the site with other pages entered by the hacker.

"The last type of attack is DNS Hijacking. Our computer does not know the unique identifier of the computers that host the websites we want to visit. This function is delegated to servers managed by reliable organizations, such as Google. A DNS Hijacking attack replaces the DNS servers of trusted institutions with other fake DNS servers. This type of attack is based primarily on infecting the target computer with a computer virus to make hackers use DNS. "

Suppose - assumes Benincasa - that the unsuspecting user decides to connect to the site of his bank. The computer will believe to connect to the real site of the bank, but in reality the hacker's DNS servers hijack it on a site that completely emulates the appearance of the original site. At this point, the user, entering his username and password to access his site will have done nothing but provide the hacker his credentials.

The dark side of the network

"The Deep-web is that part of the internet that is not accessible by search engines. The most classic example of deep-web are those sites that require username and password. Search engines are not able to access and index them, precisely because they do not have access credentials. The Internet is based on a network of computers that talk to each other. It is not difficult to imagine that some government agency or institution may decide to "listen" to the main nodes of the network in order to intercept suspicious activities.

Darknets are networks created with the intention of protecting the identity of the people who access them. There are several darknets and among the most well-known ones we cannot fail to mention the one based on the Tor program.

The latter is a program that guarantees the anonymity of those who navigate thanks to encryption systems and mechanisms that prevent the interception of messages between two computers within the network.

This type of networks is used by users both for protection (perhaps under dictatorial regimes) and for carrying out illicit activities.

Franco Iacch