Not too long ago the announcement about an
Internet Sponsorship Law, SOPA, basically caused the Internet to blow up
with people voting, supporting,
and showing how much they disliked this proposed bill. The way the
“Internet Community” came together is a lesson in mass influence itself,
but we are going to focus on a different aspect of this drama.
The hacktivist group Anonymous reared its head in this debate to show
it’s disdain for any law that would censor or prohibit the use of the
Internet, and they do so using a form of social engineering.
One of the less influence based forms of social engineering involves
drawing people to a website that is either loaded with malicious
software/code or has downloads that are dangerous or infected.
Apparently, Anonymous used this form of social engineering to create, in
essence, one of the world’s largest botnets full of unsuspecting
participants.
How?
Anonymous used its legions of faithful supporters to spread shortened links that drew interested parties to certain links. Since a user can’t possibly know what to expect when they load a URL, Anonymous capitalized on this to create it’s botnet.
As users went to the list of URL’s, their browsers were hijacked and
then some code was executed. Once executed it causes the users browser
to make a massive amount of requests to the targets websites (in this
case DOJ and FBI). When you get hundreds or thousands or even more
people hitting these malicious URL’s so much traffic is sent that it
DDoS’ the sites in question.
What are the implications of this type of attack? This form of social
engineering is pretty malicious. Even simple curiosity can make the
site visitor an unwilling participant in an act that could be considered
terrorism. This, of course, is a very serious matter as traffic from
home or work users becomes inundated with this malicious traffic.
In the age of shortened URL’s, this kind of a story just makes it
ever more clear that the user needs to take responsibility before
clicking a link. These types of attacks are how people’s computers get
hacked and how accounts are compromised. Now, it’s how massive botnets
are created.
