.- An internet security firmâs report on an apparent anti-Catholic âhacktivismâ attack has renewed interest in an assault on World Youth Day computers in August 2011.
Rafael Rubio, communications director of World Youth Day, said Feb. 28 that the electronic assault that took place during the Aug. 17-21, 2011 event caused some disruptions but that they âsurvived the attack more or less,â
The hackersâ actions had an effect on days when the server crashed, but event organizers had set up a warning system and a social network system asking volunteers and others to report if they noticed the servers going down.
â(T)hanks to the early warning system we set up on the social networks, we were able to respond to the attacks in real time, and the site was only down for a few hours.â
Rubio said the consequences could have been serious.
âIn reality, any kind of attack like this not only could have brought down the website but the mail servers as well, and that really would have caused the collapse of the entire organization,â he said.
The California-based computer security company Imperva has reportedly analyzed the attack in a new report called âThe Anatomy of an Anonymous Attack.â
Robert Rachwald, Director of Security Strategies at Imperva, told CNA he would not confirm or deny that the World Youth Day site was the target examined in the report. The New York Times said two people briefed on the investigation confirmed that âthe Vaticanâ had been the target, meaning the World Youth Day website www.madrid11.com.
Yago de la Cierva, executive director of the World Youth Day Madrid organizing committee, said Feb. 28 that the attacks were âvery limitedâ in scope.
âThey mostly made life hard for accredited journalists, who had to wait longer for their registration and had to receive the translations of the Popeâs words in print, instead of in electronic format. But otherwise, there were no major effects and the pilgrims never noticed anything.â
In mid-2011, hackers posted a video on the World Youth Day website threatening some kind of attack. The eventâs web services provider Telefonica then organized several meetings to reinforce security and to ensure the website had enough capacity to respond to increased traffic.
Rubio was unsure whether Telefonica had contracted with Imperva, though Rachwald said the website examined in the report used an Imperva application firewall product that worked âbeautifully.â
The Imperva report found 25 consecutive days of hacker activity: 19 days of preparation, communications and recruitment; four days of reconnaissance and hacking tool attacks; and finally a two-day denial-of-service attack distributed across many computers.
In the recruitment and communications phase, the Anonymous branch created a website and used Twitter and Facebook to publicize it. YouTube videos also ârationalized the attack by denigrating the target and exposing perceived transgressions,â Imperva said. One such promotional video received over 72,000 views.
The Anonymous campaign âOperation Phariseeâ specifically targeted World Youth Day, citing clergy sex abuse as a motive for protest. One of the campaignâs recruitment videos used a computer-generated voice and stock video of a man in a Guy Fawkes mask. It called Pope Benedict XVI a âPharisee.â
âItâs outrageous seeing how many young people march like sheep to the Vaticanâs orgy that will take place in Madrid,â the English-language video said.
âItâs humiliating seeing all the crowd in ecstasy, loving Benedict XVI like a god,â it continued, showing a video of cheerful Catholics at a youth event.
The video cited several Bible verses. It attacked the sacrament of confession for encouraging âdependency of souls,â saying that people should confess directly to God. The video also charged that the Catholic Church is using Jesusâ image to get rich and that it is hypocritical for the Pope to wear ornate liturgical dress while condemning vanity.
âPrepare your weapons, my dear brother, for this Aug. 17-21,â the video concluded. âWe will drop the anger over the Vatican.â
Eighteen days into the attack, a group of âsavvy hackersâ then evaluated the security of the targeted website, the Imperva report says. They used hacking tools and anonymity services to disguise their identity. They kept a âlow profile,â but still created relatively high internet traffic compared to normal days.
The hackers failed to find vulnerabilities in the websiteâs applications and fell back on a distributed denial-of-service attack intended to flood the targetâs web server with crippling levels of traffic. This tactic used recruited individuals to run programs on their computers and mobile devices. Many of these recruits did not use anonymity services.
About 500,000 denial-of-service attacks happened on the first day of this phase, while almost 600,000 happened the following day. One PC can generate up to 200 attacks per second.
The Imperva report advised potential targetsâ internet security staff to monitor social media for hints of coming attacks.
âHacktivism is loud by definition,â the report said.
Rachwald said the use of social media is âthe only thing thatâs really unique about this attack.â
âTypically an attack is not pre-announced,â he explained.
âThe big difference with hacktivism in general is they need to recruit and they need to announce âWeâre going after target X.ââ
Such hackers are typically after user data, he explained. In one instance, hackers under the banner of Anonymous stole user data from Sony and exposed information on 100,000 credit cards, causing customer outrage and a drop in stock prices. They also exposed police officer data from the San Francisco mass transit system.
âIf you steal and expose data, then you can really hurt an organization,â he said. âWhat theyâre looking for is vulnerabilities around data exposure.â
Traditional defenses such as network firewalls, anti-virus programs and intrusion protection cannot be the sole defense, he advised. A proper application security program is necessary for websites that transact user information and for e-commerce sites where goods and services are sold.
âWhoever was in charge of security in this case had the foresight to recognize that data would be a target,â Rachwald said. âI think that recognition is really, really important.â
Vatican spokesman Fr. Federico Lombardi reported Feb. 27 that there were âno problemsâ in the Vatican from the hacker attack because the World Youth Day website systems were âtotally independent.â
World Youth Day communicationâs director Rubio characterized the attack as âa waste of timeâ and âdisrespectful.â
He saw the targeting of World Youth Day as âan obvious sign of the worldwide impact that World Youth Day was having at that moment.â
âWe never really understood, because the video wasnât clear either, what they hoped to gain by attacking World Youth Day. I think the only thing they wanted was attention.â
Additional reporting by Walter Sanchez Silva in Lima and David Kerr in Rome.
Tags: World Youth Day