The main Vatican website and several other church-related sites in Italy came under attack from Anonymous and were unavailable on Wednesday. The Vatican site is now back on line.
Most reports on this incident link the attack with the FBI’s indictments against Sabu, Topiary and other LulzSec members earlier this week, and the arrest of 25 Anonymous members last week. Anonymous itself makes no such connection in its announcement of the attack. Its statement reads more like a pure hacktivist protest against the behavior of the ‘Roman Apostolic Church’ itself, past and present.
Accusations include the historical Inquisition, “the enslavement of entire populations” under the pretext of evangelization, aiding Nazi war criminals, covering up child abuse, condemnation of contraception, and effectively being a profit-oriented corporation. The attackers hope that the Lateran Treaty (the treaty that recognizes the sovereignty of the Holy See) “will finally be revised in the near future”, and that ironically, “you are relegated to a relic.”
But “This is NOT intended to attack the true Christian religion and the faithful around the world, but to the corrupt Roman Apostolic Church and all its emanations.”
However, while this looks to be a simple hacktivist protest action, not everybody is in agreement. Corero research director Neil Roiter suggests that it may be “a response to a recently published analysis by security company Imperva, which assisted the Vatican in defending against an unsuccessful hacking campaign, including an ineffective DDoS attack, by Anonymous last summer. The fact that this attack achieved some success shows that Anonymous may have improved its techniques since then, and underscores the need for effective DDoS defense technologies and programs.”
The Imperva analysis shows that the first phase of the initial failed attack included unsuccessful attempts to break in to the Vatican site. Roiter suggests that this indicates data theft is the primary objective, and hacktivism and DDoS attacks are merely smokescreens – and he believes that the Imperva analysis supports this conclusion. “The primary aim of last summer's campaign was to steal confidential information,” he states. “DDoS attacks are commonly used as smokescreens to launch other attacks. This was the case in the Sony PlayStation Network attack in which some 77 million customer records were stolen.”