OperationLGBT


Anonymous has launched OpLGBT, a DDoS campaign targeting the state of North Carolina and its governmental institutes in response to controversial legislation passed by the state’s General Assembly - House Bill 2 (known as the “bathroom law”).

Download a Copy Now

Abstract

Anonymous has launched OpLGBT, a DDoS campaign targeting the state of North Carolina and its governmental institutes in response to controversial legislation passed by the state’s General Assembly - House Bill 2 (known as the “bathroom law”). The bill bans people from using public bathrooms that do not correspond to their biological sex and has sparked debate regarding LGBT (lesbian, gay, bisexual, transgender) rights.

To date, attackers have struck North Carolina’s website, IT network and cloud-hosted services (see Figure 1). The objective of OpLGBT is to target any government or group (see Figures 2 & 3) that are directly or indirectly related to anti-LGBT legislation or hate – a hint this cyber assault may turn into an ongoing operation that requires the additional preparation. Increasing traction amongst the hacktivist community could result in OpLGBT evolving in volume and sophistication, including DDoS bursts, web intrusion and data theft attempts, thus becoming a persistent attack

Attack Vectors

TCP Flood - This is one of the oldest and most popular Denial of Service (DoS) attacks. It involves sending numerous SYN packets to the victim. In many cases, attackers will spoof the SRC IP so the reply (SYN+ACK packet) will not return, thus overwhelming the session/connection tables of the targeted server or one of the network entities on the way (typically the firewall). Servers need to open a state for each SYN packet that arrives and they store this state in tables that have limited size. As big as this table may be, it is easy to send sufficient amount of SYN packets that will fill the table. Once this occurs, the server starts to drop a new request, including legitimate ones. Similar effects can happen on a firewall which also has to process and invest in each SYN packet. Unlike other TCP or application-level attacks, the attacker does not have to use a real IP - this is perhaps the biggest strength of the attack.

SQL Injection - Exploiting poor coding of web application where the inputs are not sanitized therefore exposing application vulnerabilities. SQL injection is the most common type of injection attack which also count LDAP or XML injections. It is by far the number one vulnerability listed in OWASP Top 10. The idea behind a SQL injection is to modify an application SQL (database language) query in order to access or modify unauthorized data or to run malicious programs. Most web applications rely on databases where the application data is stored and being accessed by SQL queries and modifications of these queries could mean taking control of the application.

Targets of Operation LGBT

North Carolina Government:

  • nc.gov
  • np.nc.gov
  • state.nc.us
  • northcarolina.gov

Supporters of House Bill 2:

Solution Criteria for Organizations Under Threat:

Protection from TCP Floods and other DDoS attacks:

  • A hybrid solution combining on-premise detection and mitigation with cloud-based protection for volumetric attacks. It facilitates quick detection, immediate mitigation and internet pipe saturation.
  • Solution must distinguish between legitimate and attack traffic, blocking it while protecting the SLA.
  • An integrated, synchronized solution that can protect from multi-vector attacks combining DDoS with web-based exploits such as website scraping, Brute Force and HTTP floods.
  • A cyber-security emergency response plan that includes a dedicated emergency response team and process in place. Identify areas where help is needed from a third party.

Protection from SQL injections and web application vulnerabilities:

  • IP-agnostic device fingerprinting – having the ability to detect attacks beyond source-IP using by developing a device fingerprint that enables precise activity tracking over time.
  • Automatic and real time generation of policies to protect from zero-day, unknown attacks.
  • Shortest time from deployment to a full coverage of OWASP Top-10.

Radware's hybrid attack mitigation solution provides a set of patented and integrated technologies designed to detect, mitigate and report the most advanced threats. Dedicated hardware and cloud solutions protect against attacks in real time and help ensure service availability.

Under Attack and in Need of Expert Emergency Assistance?

Radware offers a full range of solutions to help networks properly mitigate attacks similar to these. Our attack mitigation solutions provide a set of patented and integrated technologies designed to detect, mitigate and report todays most advanced DDoS attacks and cyber threats. With dedicated hardware, fully managed services and cloud solutions that protect against attacks, Radware can help ensure service availability. To understand how Radware's attack mitigation solutions can better protect your network contact us today.