Most of these Anons use one or two methods, along with TOR.
One method is a tool called LOIC, or Low Orbit Ion Cannon, a reference to a space ship bombarding the surface of the earth from low orbit. Actually it is just a Denial of Service attack, DoS, in which a target server is hit with so many ACK (acknowledge me!) requests that its Internet Protocol stack hangs up trying to service the requests. They don't run the LOIC from their machine. They upload an email with a virus or Trojan payload to a porn or gambling site, or a poorly admin'd Windows forum, and within a few days they'll have an LIOC Trojan on tens of thousands of Windows boxes. Those captured Windows computers are called Zombies, and the collection of zombies is a called a Bot Farm. Some WIndows bot farms were as big as 30,000,000. From their own computers the Anon runs TOR (The Onion Ring), which connects to a series of server in a sequential chain, with their own IP address being replaced with a fake one, that fake one being replaced with another fake on at the next TOR server, until five or more servers later the packets are sent to their destination, a command & control computer which has a list of the IP addresses of all the Zombies. That C&C sends out the instruction received from the TOR chain, which usually includes the IP address of the target server, and the type of attack to initiate. When each of the Anons, with different TOR chains and different bot farms target the same server they can usually bring it, and every other server on that IP address down. In the current IPv4 protocol a server can use the same IP address to host more than one site. w.x.y.z:1, w.x.y.z:2, etc ... usually up to 256 sites.
Copies of the LOIC are usually obtained from what are known as Warez sites. The problem, however, is that the FEDs have put out honeypots that contain LOIC copies that have back doors they control, which they can use to instantly shut down a bot. They have done the same with copies of TOR. They are catching the ignorant script kiddies but the pro Anons usually start from the LOIC source code and scrub it clean before they compile it. That also assumes that they are compiling with a compiler that they also scrubbed the source on because an infected compiler can leave back doors in binaries compiled from clean source code. Otherwise, they have to use a converter (or do it manually) to convert the source code into assembler, from there into binary. There aren't one in a million coders who can do that. And, just like an author of a book, code writers leave their own pattern, which is identifiable. It's a very risky game to play and not get caught, eventually.
Sometime, through a TOR chain, they will manually attack an unpatched security hole in a Windows OS to break into a server or workstation. This is really tricky to do and not set off alarms. But, it is very difficult to secure a Windows box, which is why I've been using Linux since 1998. When they claim they have downloaded files from government or private computers it is usually because they manually broke into the computer by using a security hole in Windows Explorer, Word, or some ActiveX or .NET component of Windows.
I would NEVER do online banking or put my financial or private information on a Windows box and surf the web with it. It has been estimated that 95% of all the Windows zombies found on bot farms were running active AV software. How could that be? Before Symantec or Norton or Microsoft can add the signature of a new virus to a vaccine dat file they first have to find one in the wild. That means that one of you running Windows has to get infected, figure out what has happened, and report it to an AV house or Microsoft. By then it is too late for you. If you never figure out that your Internet slowness or some of the strange behavior is because someone has turned your computer into a zombie then everything you have put on it will be exposed, sooner or later. Even if you discover it you have to wait until Microsoft, at its pleasure and financial willingness, decides to create a patch to fix the hole the virus or Anon took advantage of AND add the signature of the virus to the next dat file so folks can download it and update their AV subscription. The "signature" is the first block of hex bytes at the beginning of an EXE, which is what most malware is. Each is unique. But, even a script kiddie can change the signature by moving some strings around, varying the wording a bit, or changing the order of some logic tests without changing the logic, then recompile. Viola! A "new" virus EXE that escapes detection by the latest dat file! That's why there are around 2 million "new" viruses or Trojans released against Windows every year.
Until MS releases that vaccine dat file or patch then you are just hanging in the winds of adversity hoping a bad guy doesn't come knocking on your port. How long will you hang. Microsoft always announces their patches as "zero day", which means they are claiming that they are releasing the patch and dat file the same day they discovered it. The truth is that a "zero day" patch is rare. Their usual practice is weeks and months. Sometimes years, sometimes never. They'll always suggest that you "upgrade" to avoid the security hole. Nice for their bottom line, not for yours.
From my observation, Anons are not the real danger on the Internet. The real Internet thugs are the professional hackers employed by governments and their military, and those employed by wealthy crooks. The first set are after industrial and military secrets and to do what the US did with Stuxnet ... sabotage. Because we are rapidly becoming the only country on earth to continue to use Windows in critical infrastructure our country is the most vulnerable to the first class of hackers. Our middle class citizens, the richest on the planet, are the targets of the second class of thugs. They are why I run Linux.
