Shooting From Behind the Fence
Can You Stay Anonymous While Participating in a DDoS Attack?
Taking part in a Hacktivist group is completely different than being part of a Botnet. In a Botnet, case participants are unknowingly “recruited” to an attack. In the Hacktivist group, case members take part in attack activities on their own accord.
Just this past month, Anonymous hackers in London were jailed for a series of DDoS attacks on PayPal and other payment services such as Visa and MasterCard.
While few DDoS participants are caught and arrested, others manage to keep their anonymity. Typically, it is the attack leaders who are more knowledgeable about internet security and anonymity than their followers, who are typically the ones to be caught. We recently wrote a research paper which explores the different means and methods leveraged by attackers to keep their anonymity.
In this paper we examine the various options in launching a DDoS attack while keeping the attacker anonymous. The key findings are:
- Attackers need to choose between effective DDoS attack and remaining anonymous
- Only the top hackers can truly hide themselves during attacks
- The crowd that follows guidance from Anonymous on techniques of anonymity believes that they hide themselves, but in reality they cannot hide completely. In turn, they find themselves facing prosecution.
DDoS attack leaders often publish anonymous guides on the Internet providing instructions to their followers on how to maintain anonymity. For example, a video on YouTube titled “How to Stay Anonymous” instructs users on how to launch a DDoS attack behind “The Onion Router,” commonly known as TOR.
Like TOR, attackers are adopting different solutions (VPN for example) in order to increase their anonymity. These solutions are often combined together in order to achieve a higher level of anonymity by adding another layer of encryption one on top of the other.
Our research paper shows how over the past few years, attackers are adopting TOR as a solution for anonymity, giving a good indication of increased awareness in anonymity across Hacktivist groups.
Last but not least the paper shows the drawbacks of using some of these services while performing DDoS attacks. These vulnerabilities can be easily used by defenders to aid DDoS attacks mitigations.
You can access the full research paper by clicking here.