Analysts reluctantly blame someone other than Anonymous for Facebook porn storm

It's just easier to blame everything on nameless, faceless 'anarchists'; makes everything more efficient

High-profile hacking victim theorizes Anonymous may not be only suspect

The "coordinated spam attack" Facebook blamed for flooding the site with pornographic and violent images was not the work of Anonymous, a security researcher said yesterday, no matter how easy it is to blame every significant attack, defacing, spear-phising or consumer-fleecing cybercrime on the high-profile hacktivist group.

Security vendor BitDefender has accused Anonymous members of having created a worm called the "Fawkes Virus," to attack Facebook on Guy Fawkes Day, Nov. 5.

The threat was made in a YouTube video by people who appear to be members of Anonymous, but were either making empty threats, or were unable to gather enough support from within the leaderless Anonymous to put together an attack.

"We told you many times DDOSing Facebook was a fake operation," one message posted two days before the attack was supposedly due.

"We don't kill the messenger. That's not our style," reads another.

Researchers at BitDefender found copies of the Fawkes worm Nov. 12, barely a day before Facebook was flooded with porn Nov. 14 and 15.

That prompted some analysts and media types to finger Anonymous for the porn pics.

"These are ordinary scams and we believe Anonymous would use something more sophisticated," according to a Computerworld interview with BitDefender analyst George Petre. "We expect the Fawkes virus to be something related to malware, and to have complex mechanisms."

Facebook itself announced the attack took advantage of a weakness in cross-site scripting (XSS) – an attack technique in which a Web site will be embedded with malicious code designed to run on a user's machine – usually within the browser.

Users that hit pages infected with the malicious code have their own machines infected, and often pass the infection along to the next site they hit.

The most recent Facebook attack did not rely on that technique, BitDefender told Computerworld.

It relied on good old spam – sent in masses to Facebook members – with instructions for them to paste a string of JavaScript into their browser address bars. Doing so launches a JavaScript process that uses a bug to grab the username and password, take over the Facebook account and post images in the feeds of victims and their Friends, according to Computerworld.

It's an effective technique, but it's also routinely used by identity thieves and organized crime groups with larceny on their minds, according to BitDefender.

That's not to say Anonymous members couldn't have been involved, or that the group overall would turn up its collective nose at JavaScript malware used for remote-access-without-permission.

The threat was to launch a DDOS attack as Anonymous did in almost every case in which it has attacked the public sites of large organizations such as MasterCard, Visa and PayPal, for their opposition to support of WikiLeaks.

Most cases in which Anonymous members attacked law-enforcement sites to steal private data of officers or departments, they did so using SQL injection attacks, or small-scale penetrations they used to deface official sites with their own taunts and satire.

They don't typically use porn bombs as a weapon; given how many got their start in hactivism from the porn-heavy 4Chan site, many Anonymii would probably consider flooding other users with porn as a gift, anyway, rather than an attack.

Even so, voices acknowledged as leaders among the leaderless were shouting down rumors of the attack with their distaste for its target and methods, weeks before it was supposed to take place.

Hacktivism may be morally defensible, many argued, but hitting ordinary consumers for either fun or profit is sabotage against those who don't deserve it. It's not a tactic for an organization building its rep as an international player with campaigns against the enemies of WikiLeaks and oppressive governments like those that fell in Egypt and Libya.

Here are a few of the clearer statements, from early August:

anonops AnonOps

Dont be silly. Important things are happening in the world to deal with quirks like #OpFacebook. Lets keep our style & moral #Anonymous

AnonyOps Anonymous

We absolutely disown #OpFacebook ... We're supposed to fight for the users, not against them. Don't violate private citizen privacy please.

nancy_iskander Nancy

(BTW, #opfacebook has been denied by anon j.mp/oRaRj0 - Doesn't make me any less disgusted with the reaction the rumor got though)

Facebook spokesgeeks did point out that the attack was similar to the XSS attacks it suffered immediately after the raid that killed Osama Bin Laden, with spam promising to take viewers to a page showing video of Bin Laden's death.

That attack was from a known source of spam, using a weakness in Facebook's spam filters that has now been reinforced, according to an announcement Facebook distributed by email without mentioning the irony of having done so.

Security companies don't have "solid information or screenshots" of the images or JavaScript that launched them, Computerworld reports.

Nevertheless, the chances the attackers were from Anonymous are small compared to other potential culprits, BitDefender reports.

Insider: How the basic tech behind the Internet works
Join the discussion
Be the first to comment on this article. Our Commenting Policies