Anonymous’ World Cup Hacktivism Is Just Getting Started

Anonymous Brasil are DDoSing government and World Cup sponsor sites, and likely have plans to do more damage.

Jun 12 2014, 2:40pm
Screenshot: Youtube/Anonymous Brasil

Coming good on its promise, hacktivist collective Anonymous has knocked out a number of websites belonging to World Cup 2014 sponsors and Brazilian government over the last two days, in protest at the epic funds spent on the competition. And that could just be the start of the hacks.

According to multiple sources, a slew of sites, including Hyundai, the Emirates Group, the Brazilian Intelligence Agency and the host country’s Department of Justice, were yesterday taken out by Distributed Denial of Service (DDoS) attacks, where networks are flooded with traffic by attackers.

Hacker News Bulletin highlighted further sites targeted today by Anonymous Brazil, which is running the campaign, called OpHacking Cup. They include the Brazilian government’s official World Cup page and the Ministry of Sport, with some apparent success in disrupting those services.

Adrian Crawley, regional director for the UK and Ireland for DDoS protection firm Radware, said he’d seen FIFA websites taken down and believes broadcasters and media outlets could also be attacked imminently. The coverage starts in a matter of hours across the globe.

Anonymous is irate at the Brazilian government for spending hundreds of millions on stadiums and infrastructure for the World Cup, rather than funnelling funds into the poorest parts of the country. It’s launching digital attacks to coincide with the street protests that erupted across the South American country this week, which have highlighted the abject poverty and governmental abuse of citizens in Brazilian cities and favelas.

A representative of the collective told Reuters they planned to launch attacks on other big-name sponsors, including Adidas, Budweiser, Coca-Cola and Sony, yet they seem to have had limited success with those large organisations so far. That’s likely because they’re used to DDoS attacks and have the resources to fend them off. DDoS threats can be dealt with by various techniques. One method is to use “scrubbing,” where massive influxes of data are split between data centres to ease the pain. Another is to use DDoS detection technology, which picks up on huge surges of traffic and allows the user to quickly block connections from offending IP addresses.

Yet even the biggest corporations might not be able to shrug off attacks if Anonymous can generate enough traffic from their botnetsmalicious networks of infected machines that can be pooled to fire data at target networks. 

Crawley said it might also be possible Anonymous is doing reconnaissance around those firms, and determining which bits of their networks are vulnerable. “We know that Anonymous use test attacks before launching a full scale assault, so they may have already carried out the ground work on other major sponsors and an attack could happen at any time,” he added. 

“The World Cup lasts for over a month, giving hackers time to plan an attack which will create the most disruption. We are advising companies to scan their networks as often as possible and investigate every attack.”

But Anonymous isn’t just using DDoS to cause trouble. It’s claimed to have breached two official organisations and leaked data: the Brazilian Foreign Ministry and the Regional Electoral Court of Amazonas. The former has already admitted 55 of its email accounts were recently hacked, though Anonymous said it had compromised 333. 

As for the latter, Anonymous leaked what appears to be usernames of employees names and email addresses on Pastebin. It’s not yet clear whether that leak is genuine or whether the hackers really have access to the email accounts.

The hacking crew has also been busy defacing websites, either by hacking them directly or taking over the Domain Name Systems used by those websites. DNS servers translate names, such as, into numbers, acting like an internet phone book. Take over that phone book and you can redirect people to another site, even if the URL has remained the same. In the case of Anonymous Brazil, they’re diverting people to videos about their World Cup campaign, as seen above.

Whatever their tactics, it’s going to be a hectic month for all security pros whose employers have anything to do with the biggest sporting event on the planet.