Despite all the great and powerful past targets of Anonymous, like Sony, the Church of Scientology, the FBI website, and several Brazilian banks, there is one target they have failed to get at: The Vatican. Reportedly several hundred members of Anonymous attacked the Vatican website but were unable to break into their system. Unable to breach their security, they instead used a “denial of service” attack rendering the website unusable for a short time. The hacktivist group announced on YouTube, Twitter and Facebook that they intended to expose internal documents to show sexual abuse of children that has been covered up by the church.

According to a New York Times article, the Vatican website is protected by a company called Imperva, a security company based in Redwood City, California. Not long after this attack Imperva intends to release a full report on how it believes Anonymous operates during an attack. The report doesn’t mention the Vatican in it as the attack they analyzed, but it is hard to imagine it isn’t given the timing of its release. This is the first glimpse many will have into how the the group operates. There’s no doubt in my mind that this document is intended to show other internet vulnerable businesses and organizations how to best defend themselves. No doubt picking up a few security contracts along the way.

Imperva claims to have figured out how an Anonymous operation functions and details it in a report that is available online. A link to that report is provided in the description. This is how the New York Times described their attack:

“Then the reconnaissance began. A core group of roughly a dozen skilled hackers spent three days poking around the church’s World Youth Day site looking for common security holes that could let them inside, the report says. Probing for such loopholes used to be tedious and slow, but the advent of automated tools made it possible for hackers to do this while they slept.

In this case, the scanning software failed to turn up any gaps. So the hackers turned to a brute-force approach — a so-called distributed denial-of-service, or DDoS, attack that involves clogging a site with data requests until it crashes. Even unskilled supporters could take part in this from their computers or smartphones.”

An author on the subject of Anonymous Cole Stryker claims that the group is made up of only a handful of very capable and technically skilled individuals backed up by a “legion of idiots”, to use his own words. He claims that only a few people actually carry out the attacks and then hundreds of far less skilled individuals participate in a denial of service attack.

Regardless of what any organization or individual thinks of Anonymous, they are a successful and powerful force to be reckoned with. It would be foolish to believe that Anonymous will have been slowed down after or even quit after this set back as some have suggested. An organization such as Anonymous can not be defeated so easily. As they themselves say, “Anonymous is an idea.” And as we all know, ideas are bullet proof.

Security Report: http://www.imperva.com/download.asp?id=312