Sunday, August 14, 2011

Preparing for an Anonymous Attack

The Fullerton Police have now been targeted by Anonymous:


http://t.co/qLaN0eX


When you are targeted, I strongly recommend these actions:


1. List all the websites that use your logo with permission, and that store data about your users. Anonymous will not limit their attack to your main site--they will just try to harm and humiliate you and your employees, customers, and the people you work with, by any means necessary. Here are examples of their indirect targeting:


In OpOrlando, Anonymous targeted a site which had nothing to do with the government of Orlando, simply because it had "Orlando" in its name:


http://www.huffingtonpost.com/2011/06/28/anonymous-orlando_n_885893.html


The data from 70 law enforcement agencies was taken from an online school, not from the agencies themselves:



http://www.darkreading.com/database-security/167901020/security/privacy/231400015/antisec-s-dump-of-law-enforcement-data-includes-personal-data-of-thousands.html?itc=edit_stub


The FBI-related data Anonymous revealed was taken from a branch of Infragard, not from fbi.gov:


http://www.pcmag.com/article2/0,2817,2386411,00.asp


The BART data they dumped was from MyBart.org, not bart.gov:



http://edition.cnn.com/2011/US/08/14/california.transit.hack/


2. For your main site, and EVERY other site that holds data relevant to you, ensure that they have DDoS proection AND a Web Application Firewall to block SQL Injection attacks. You can add both these security features to your site in 5 minutes using CloudFlare.com; or use more expensive appliances from many other vendors.


If you fail to do these things, you will face public ridicule and great expense and effort spent trying to clean up the mess after your passwords and email logs are published on the Internet.


EDIT:


@Awinee pointed out some additional measures to take, which I think should be performed after the attack is over, or if you have some time to prepare.


Make sure passwords are stored in a salted and hashed form, not as plaintext.


Force users to change passwords regularly.


Run vulnerability scanners on your sites and fix all the SQL Injection and other serious vulnerabilities you find.

7 comments:

  1. You sir are not only an internet hero, you also define what it is to be a "moron".

    ReplyDelete
  2. Do you honestly think WAFs stop hackers? Really? Perhaps they will stop most automated tools, but not a hacker.

    ReplyDelete
  3. "Do you honestly think WAFs stop hackers? Really? Perhaps they will stop most automated tools, but not a hacker."

    They will stop anonymous since they aren't real hackers.

    ReplyDelete
  4. LoL, ddos protection to block sqli first time i have heard that moron.
    you my friend are a even bigger noob than your mother, go die bitch

    ReplyDelete
  5. I sincerely hope that Anonymous, Lulzsec, and others do not give you what you knowingly or unknowingly seek, which is to become a Martyr.

    They as the pitbulls of the world should realize (and I am sure that they do) that you are nothing more than a little yippie chihuahua.

    ReplyDelete
  6. This comment has been removed by a blog administrator.

    ReplyDelete
  7. Sam, you need to encrypted passwords BEFORE they get in. Also, given Cloudflare's unfailing loyalty to the Lulzboat I find it hard to believe that you would endorse their service.

    meh

    ReplyDelete