Hacking no Longer the Domain of Geeks

Like us on Facebook   

While most people have heard of Anonymous and its attacks on a huge amount of government and commercial targets, no one has a clear idea of who they are and how they manage to carry out these attacks.

We spoke to Rob Rachwald, Director of Security Strategy at data security firm Imperva, who in a few short and easy steps was able to take us through exactly how a hacker would identify a website that was vulnerable and then attack it.

One hacker recently published a list of 5,000 websites that were vulnerable to data leaks. How did they do this? According to Rachwald all the person would have to do is search for what is known as a Google Dork.

A Google Dork is nothing but a simple search operator that is used to refine our searches such as ‘?’ or ‘ ‘. Searching for these operators within a website’s URL indicates a foot print that there is some information being produced by certain applications (such as php, jsp or shopping cart applications.)

While this significantly reduces the tens of millions of websites which may have data which is available, you still have a large selection of websites and you need to see which has data that is open to capture.

The next step therefore is to download a programme called a vulnerability scanner, and one of the most popular is Acunetix, produced by a UK-based company. This will scan an entire website or set of websites and check if there is a vulnerability. It does not however perform any penetration or attempt to steal the data. It is a legitimate tool used by web developers which has been utilised by hackers.

To take the next step and carry out an attack, you need to download another tool. The most common type of attack which is carried out by Anonymous and other hacktivists is called a SQL Injection. This is aimed at capturing information stored in a database on the website by introducing some SQL code (a programming language designed for managing data in a database).

One of the most popular tools used to perform this SQL injection is called Havij, which was developed in Iran and lets users simply copy and paste the address of the vulnerable website they have identified and a button to perform to injection. The interface is like any other windows programme and there is none of the complex lines of code many associate with carrying out an attack on a website.

Both these pieces of software are freely available and require minimal technical expertise. Rachwald said he showed his 11-year-old son how to perform such an attack and he was able to do it.

These simple few steps will allow you to get all the information stored on a website such as usernames, passwords, credit cards, addresses, phone numbers and anything else stored on a website’s database.

Both Acunetix and Havij are available as free downloads, though more powerful, paid-for versions of both are available. However as these applications are sold to hackers, the paid-for versions have been cracked and are freely distributed through the large online hacker forums.

Also available on these forums are full tutorials which set out exactly what you need to do in order to perform

Back in February, it was revealed that Imperva had been employeed by the Vatican to monitor and block an attack by Anonymous on its website. It gaveImperva a uniqe look at an Anonymous attack fromstart to finish and it was revealed that Anonymous hacktivists were using both Acunetix and Havij to attack the Vatican’s website.

However it was an earlier attack which Rachwald belioeves was more important: “Sony was the most sophisticated hactivist attack ever. After Sony, the modus operandi went from ‘Let’s DDoS a site, to ‘Let’s take their data.’ If they can’t take their data then we’ll DDoS them.”

DDoS stands for distributed denial of service attacks, which essentially involve sending huge amounts of traffic to a website to overwhelm the servers and crash the site.

And it turns out that DDoSing a website is no more difficult than carrying out a SQL Injection. The programme used is called Low-Orbit Ion Canon (LOIC) which was developed for web designers to stress test websites, but has been high-jacked by hackers to attack websites.

All you do is simply type in a URL, and it will then continuously attack it, with up to 200 requests per second being sent to the website. This software is even available on mobile devices, so Rachwald says that hacktivists could be carrying out these attacks while sitting on their couches using their BlackBerrys.

There are also indications that the number of these attacks is going to increase in number. In the past four months, downloads of the LOIC desktop programme have already hit the level downloaded in the whole of 2011.

While Rachwald says there are step that can be taken to protect these websites and their information, such as installing a web application firewall, companies are still not paying enough attention to the threat posed by attacks from the likes of Anonymous and anyone else with access to the internet.

To report problems or to leave feedback about this article, e-mail:
To contact the editor, e-mail:

. . . . . . . .