8/11/11

How Anonymous Could Attack Facebook - If It Really Wants To



Should Facebook be afraid of Anonymous? A message purportedly from a member of the group has threatened an attack on the social networking site for Nov. 5. Tweets from another Anonymous channel claim attacking Facebook wouldn't be the group's style. But if someone really did want to wallop Facebook, could it be done? Possibly -- there are more ways to screw up a site than a DDoS blitz.



Could Facebook be the next target in hacker group Anonymous' crosshairs?
tweet from the Twitter handle "OP_Facebook" -- which is labeled "Anonymous" yet had only a single tweet in its history as of mid-day Wednesday -- urged readers to go to a Pirate Bay Web page or watch a YouTube video in which a threat is made to attack Facebook on Nov. 5.
It's perhaps worth noting that the tweet was originally posted nearly a month ago. News of the threat has only recently been widely circulated.
Whomever controls one of Anonymous' main public communication channels, however, doesn't seem to support the effort. The AnonOps Twitter feed later stated that the so-called OpFacebook plan to take down the social networking 6 Ways to Use Social Media for Business. Free Guide. site is being organized by some Anons, that not all of Anonymous agrees with it, and that attacking the messenger is not Anonymous' style.
Schisms aside, just out of curiosity, how might a group of hackers such as Anonymous attack Facebook?

Attacks Against Facebook

Back in 2009, Facebook, along with other social media sites including Twitter and LiveJournal, were hit by massive distributed denial of service (DDoS) attacks. Facebook reportedly said the target was a pro-Georgian blogger with the username "Cyxym." However, Facebook services weren't too badly disrupted, and its engineers have publicly stated that a successful DDoS attack against their site would require a botnet so large that it might be traceable. The social networking site has other protections in place. "One would imagine Facebook would have incredible redundancy and capacity to resist a denial of service attack," Chris Harget, senior product manager at ActivIdentity, told TechNewsWorld. While a full assault on Facebook's front door may prove extremely difficult, there are other ways in which attackers could try to hurt the social network. Facebook is a favorite of cybercriminals whose attacks include setting up fake accounts or accounts with links to malicious sites, and spoofing or hijacking the accounts of legitimate users and sending out emails with either embedded malicious links or requests for financial help. "I don't consider DDoS or spoofing an account a 'hack,'" Randy Abrams, an independent security consultant told TechNewsWorld.

Taking Down Facebook's Walls

There are three primary means of attack, Abrams said. One consists of spear phishing and planting malicious code that gains access to victims' accounts or computers. This has worked against Google (Nasdaq: GOOG) and other large organizations, and "I doubt that Facebook is immune," Abrams stated. The second is exploiting a zero-day vulnerability. The third is guessing a weak password. "We know from research into past data breaches that even some security experts don't use good passwords," Abrams said. A good password, by the way, is one that has a combination of at least six to eight letters and numbers randomly mixed. A weak password would be something that's easily guessed, such as someone's date of birth or marriage or their car license plate number, for example.


0 التعليقات:

Post a Comment

Related Posts Plugin for WordPress, Blogger...