Earlier we learned a French retailer, E-Flicker, has sought to register both Anonymous’s well-known question-mark/empty suit logo and the activist collective’s tagline, “We are anonymous. We are Legion. We do not forgive. We do not forget. Expect us.”
Anonymous responded with the video below but in poking around Pastebin.com we found a few pages intended to assist Anons in their next move against E-Flicker. One examined server vulnerabilities behind one of the company’s websites and the paster’s conclusion is that E-Flicker, in trying to monetize Anonymous–in the collective’s words, make it “the whore of the world”–is vulnerable to at least one particular kind of hack attack:
The URL: http://www.eflicker.fr/contact.php is vulnerable to cross site request forgery. It allows the attacker to exchange the method from POST to GET when sending data to the server.
“Cross site request” forgeries can, in the words of CodingHorror blogger Jeff Atwood, let attackers “initiate any arbitrary action they like on a target website.”
A deeper look at recent Pastebin posts indicates Anons–or those sympathetic to Anonymous–are digging up other vulnerabilities as well. One page purports to identify SQL injection vulnerabilities for eflicker.fr. An SQL injection can give a hacker the ability to attack databases and glean fun stuff like credit card numbers and user passwords.
A third Pastebin page appears to offer code meant to assist a HOIC DDoS attack on eflicker.fr and related subdomains. The High Orbit Ion Cannon is a different flavor of the Anon-beloved LOIC (Low Orbit Ion Cannon). Spiderlabs.com reported in January that HOIC makes it hard for a targeted website to determine if it is actually being DDoSed or not, using “randomization techniques” to “evade detection.”
But a wrathful Anonymous may not stop with cross site request forgeries, SQL injections or the tried and true DDoS attack. E-Flicker head Apollinaire Auffret has already been “doxed”–his personal info including phone numbers and email addresses published for all to see–in multiple locations on Pastebin and elsewhere.
Mr. Auffret, it goes without saying, should have expected this.
Follow Steve Huff via RSS. firstname.lastname@example.org