Anonymous codes a digital weapon

Anonymous is reportedly coding a JavaScript-powered weapon that exploits SQL vulnerabilities to create a “devastating impact” on targeted servers.

Dubbed RefRef, the new software could replace the ubiquitous Low Orbit Ion Canon (LOIC) fielded by cyber activists waging various DDoS campaigns.

RefRef – which is slated to debut in September – works by turning a server’s own processing power against itself.

According to the Tech Herald, the targeted server eventually “succumbs” to resource exhaustion. 



Although such an attack vector has existed for a while, cyber activists have traditionally preferred the brute force of a DDoS attack generated by bots or LOICs.



Nevertheless, Anonymous recently tested the new weapon and managed to down Pastebin for a total of 42 minutes.

“Imagine giving a large beast a simple carrot, [and then] watching the best choke itself to death,” an Anon promoting RefRef told the Herald.

Another Anon explained that the tool “only makes you vulnerable” if systems remain unpatched and outdated. 

“This is how Sony got caught with it’s pants down. It axed huge swathes of it’s IT security a little while before it got pwned. Basically, [Sony] decided that basic maintenance wasn’t good ROI… It’s companies like Sony – making idiotic decisions like that – which will be vulnerable to this tool. Proper companies staying on top of things won’t be vulnerable after the fifth or sixth attack, at which point patches will be out.”



Despite its possible shortcomings, RefRef does appear to be a fairly potent tool, as it can be used on any platform that supports JavaScript, including smartphones and even consoles. 
The versatile nature of the weapon will likely create multiple command points manned by activists from public wifi hotspots such as libraries and Internet cafés.