Analysts reluctantly blame someone other than Anonymous for Facebook porn storm
It's just easier to blame everything on nameless, faceless 'anarchists'; makes everything more efficient
High-profile hacking victim theorizes Anonymous may not be only suspect
The "coordinated spam attack" Facebook blamed for flooding the site with pornographic and violent images was not the work of Anonymous, a security researcher said yesterday, no matter how easy it is to blame every significant attack, defacing, spear-phising or consumer-fleecing cybercrime on the high-profile hacktivist group.
Security vendor BitDefender has accused Anonymous members of having created a worm called the "Fawkes Virus," to attack Facebook on Guy Fawkes Day, Nov. 5.
The threat was made in a YouTube video by people who appear to be members of Anonymous, but were either making empty threats, or were unable to gather enough support from within the leaderless Anonymous to put together an attack.
"We told you many times DDOSing Facebook was a fake operation," one message posted two days before the attack was supposedly due.
"We don't kill the messenger. That's not our style," reads another.
Researchers at BitDefender found copies of the Fawkes worm Nov. 12, barely a day before Facebook was flooded with porn Nov. 14 and 15.
That prompted some analysts and media types to finger Anonymous for the porn pics.
"These are ordinary scams and we believe Anonymous would use something more sophisticated," according to a Computerworld interview with BitDefender analyst George Petre. "We expect the Fawkes virus to be something related to malware, and to have complex mechanisms."
Facebook itself announced the attack took advantage of a weakness in cross-site scripting (XSS) – an attack technique in which a Web site will be embedded with malicious code designed to run on a user's machine – usually within the browser.
Users that hit pages infected with the malicious code have their own machines infected, and often pass the infection along to the next site they hit.
The most recent Facebook attack did not rely on that technique, BitDefender told Computerworld.
It's an effective technique, but it's also routinely used by identity thieves and organized crime groups with larceny on their minds, according to BitDefender.
The threat was to launch a DDOS attack as Anonymous did in almost every case in which it has attacked the public sites of large organizations such as MasterCard, Visa and PayPal, for their opposition to support of WikiLeaks.
Most cases in which Anonymous members attacked law-enforcement sites to steal private data of officers or departments, they did so using SQL injection attacks, or small-scale penetrations they used to deface official sites with their own taunts and satire.
They don't typically use porn bombs as a weapon; given how many got their start in hactivism from the porn-heavy 4Chan site, many Anonymii would probably consider flooding other users with porn as a gift, anyway, rather than an attack.
Even so, voices acknowledged as leaders among the leaderless were shouting down rumors of the attack with their distaste for its target and methods, weeks before it was supposed to take place.
Hacktivism may be morally defensible, many argued, but hitting ordinary consumers for either fun or profit is sabotage against those who don't deserve it. It's not a tactic for an organization building its rep as an international player with campaigns against the enemies of WikiLeaks and oppressive governments like those that fell in Egypt and Libya.
Here are a few of the clearer statements, from early August:
Facebook spokesgeeks did point out that the attack was similar to the XSS attacks it suffered immediately after the raid that killed Osama Bin Laden, with spam promising to take viewers to a page showing video of Bin Laden's death.
That attack was from a known source of spam, using a weakness in Facebook's spam filters that has now been reinforced, according to an announcement Facebook distributed by email without mentioning the irony of having done so.
Nevertheless, the chances the attackers were from Anonymous are small compared to other potential culprits, BitDefender reports.