• X
  • Listen in to our latest podcast!

    December 9, 2010

    Operation: Avenge Assange is about more than “Childish Cybercrimes”

    You might have read the guest post by Jason Adriaan over the Anon’s “childish” cybercrimes against major websites which they believe are against the freedom of information. I just thought I would give my opinion as well. Here is the statement from Anonomous:

    “œWhile we don‘t have much of an affiliation with WikiLeaks, we fight for the same: we want transparency (in our case in copyright) and we counter censorship. The attempts to silence WikiLeaks are long strides closer to a world where we can not say what we think and not  express how we feel. We can not let this happen, that is why we will find out who is attacking WikiLeaks and with that find out who tries to  control our world. What we are going to do when we found them? Except for the usual DDoSing, word will be spread that whoever tries to silence or discourage WikiLeaks, favors world domination rather than freedom and democracy.“

    I reckon they are pretty upfront about their reasons. Clearly these Denial of Service attacks are about making a statement – and not about giving “wedgies” to sites. We should not forget that Wikileaks itself was attacked using DDoS methods before finally being taken down by Amazon and EveryDNS. The initial wikileaks hacker (called “th3j35t3r”) explained his attacks on Wikileaks by stating that they are “attempting to endanger the lives of our troops, “˜other assets‘ & foreign relations”.

    The main targets of the attacks: Mastercard, Visa and Paypal are essentially the backbone of  electronic payments, and anything that can take them down is clearly not a force to be taken lightly. Same goes for PostFinance, who shut down Julian Assange’s defense fund, which have also been taken down. Yes, they are sites that will probably be up and running soon enough as if nothing happened, but remember these are sites that drum up a lot of business from their public facing sites which account to millions, but most off all, their reputation is their biggest asset.

    So while Mastercard and VISA transactions might be ongoing, public perception is key. The typical person who sees this might ask “Can I trust my money with some company that can be attacked by some hackers?” (excuse the ignorance in that statement, but this is the way uninformed people might interpret this). Never mind the legality of DDoS, this is a modern form of strike or boycotting. Even though the common man cannot take down Mastercard / VISA transactions, at least we can make them (and their customers) take note, and potentially hamper their business.

    Also, I just thought I would also just tell you how DDoS are orchestrated, and why the apparently low number of “600 people” is irrelevant. These attackers sign up to Low Orbit Ion Canon (LOIC) which are installed on their machines. All of these machines form a hivemind which coordinates TCP, UDP packets and HTTP requests. The Hive Mind is controlled by an IRC channel operator, forming a voluntary botnet. So while 600 people might not sound a lot, LOIC was designed to stress test (and potentially kill) networks and services from a single client using hundreds of pings every minute. Now if LOIC is used in group, and is orchestrated properly, it is indeed a very powerful form of attack. Oh and by the way, that number has now increased to more than a 1000, growing continually…

    At present, Anon is attacking the following sites:

    Mastercard, VISA, Postfinance, Paypal blog and Paypal main site, http://aklagare.se (Swedish prosecutors), EveryDNS, Senator Lieberman’s site (the first government site targeted by Operation Avenge Assange), Sarah Palin’s site (she said Assange should be hunted like a terrorist), PandaLabs (ran a DDoS report page),

    These attacks are orchestrated through the anonops.net website, which is also being targeted by anti-wikileaks supporters.

    While I am not choosing sides in this whole Wikileaks story, I really think these DDoS attacks are not simply fooling around. If the internet is becoming the modern playfield for actvism, we have something very dangerous on our hands. Dont underestimate these “teenage guys”. This is not kiddie stuff – they are holding a lot of power.

    Listen in to our latest podcast!

    • Sascha Welter

      Judging from the post on PandaLabs, I would say that PandaLabs themselves do not suspect their own DDoS to be coming from the “Anon” guys.

      (BTW, Disqus use of cookies requires enabling off-site cookies, which is inherently insecure and privacy problematic.)

    • If these kids were more tactical in their attacks and didn’t suffer from a chronic case of adhd then maybe these attacks would have a bigger impact. As it stands all they are doing is causing a little PR problem for these companies they attack. If that was their goal then I guess “Mission Accomplished”. The worst part about these Anon attacks will only be realized later on when we realize that the proliferation of ddos software from this campaign will leave us all without interwebz to speak of.

      • ” The worst part about these Anon attacks will only be realized later on when we realize that the proliferation of ddos software from this campaign will leave us all without interwebz to speak of.”

        Yeah, because this is the first time a DDoS has occurred, right?

        • To most people in the mainstream, this is the first time they have ever heard of it and will no doubt result in lots of converts.

          • [citation needed]

            Really, are you serious? I mean, the notion is absurd, so I think you’re just taking the piss out of us at this point. You really believe that Joe Average (you know, from The Mainstream) is going to read an article about faceless attackers launching a DDoS against large websites, and think to himself: “Boy gollygosh, I’d better get in on that!”

            A sizeable chunk of the “mainstream” has trouble just to keep their computer running smoothly, and you want to make it out like they’re going to add to the ARMY OF ANON and DDoS the Internet into oblivion? Get real, dude.

            • A friend of mine posted a blog post with instructions how to use LOIC, it was retweeted by a radio dj and subsequently thousands of new people downloaded LOIC and started using it. Here is the post http://bit.ly/gc8YGU.

              The whole point is that it’s easy to join in on these attacks, that’s why so many people have signed up in recent days. It has gained mainstream attention and this makes this thing dangerous.

            • Yeah I know of two people just outside my circle of friends, both of whom are not technical, that joined in the ranks. Your assumptions are correct but you forget that you also need some technical knowledge to know the dangers involved. So people join without fully knowing that they are putting themselves at risk.

      • Jeeva

        You kept on referring to kids. Are you retarded? Wait, that was a deffinately “YES”.

        When GNAA (Whom I’m part of) was in its prime activeness, they desolated Wikipedia & destroyed 4chan with DoS & SQL injections. I was probably the youngest entity. The rest of the gang was made up by 30+year old men, whom you can hardly call a “kiddy”. These guys were all GM, CEO, IT MAN., Specialists, etc of large corporations all around the world. I can remember the one guy was the “MAIN” network/system administrator for one of the worlds top ISPS.

        Just because they have nicks like “Blackman” and “rapeme”, doesn’t make them little basement kids.

        You sir are a fucking retard.

        • Sheesh dude, clearly you feel very strongly about how old you are. But let’s be fair, I have no way of telling your age or who you are… the downside of anonymity is that I can call you whatever I want and there is no way of proving me wrong, just like the upside of anonymity for you is that you can insult me without getting your own name pulled through the mud.

        • No sir. You are a retard. That was GNAA this is Anon. Not the same thing. Just because there are adults involved does not mean they are not script kiddies. Do you have a roster and age list of all the members? Oh wait! No you don’t. So what if one of the guys in a dead organisation was the “MAIN” network/system admin and has some technical ability. What does “MAIN” mean anyay… is it in inverted commas because he’s not actually the Main sysadmin? Even is he does/did have technical ability, Using LOIC is the same as using WinNuke in the days of IRC, point and click. No technical knowledge needed. They are kids deal with it.

          Oh hey… look what just happened. The Dutch arrested a 16 year old for “hacking”. http://www.guardian.co.uk/news/blog/2010/dec/10/wikileaks-us-embassy-cables-live-updates (See: 10:05 AM)

          In conclusion: You are retarded.

    • Flash

      Q: Is there a lesson to be learnt by all?
      Ans: I answer myself: Most certainly! The lesson is that globally freedom of speech has been recognized as a human right. We don’t have to all agree with each other but we should be able to say what we think and let others know. Governments and those who populate them have a duty to the people who voted them into power. If that duty includes the need to know then they have no right to go against the wishes of the people. Democratic Nations have no right to threaten businesses and I suspect that this is what happened when payment processes were blocked. On what legal basis do governments have the right to block a payment to ANYBODY or to ANY CAUSE? What Anon and others have proved is that EVERYBODY is accountable for their actions and such actions can and have brought down governments in the past. We are supposed to have Constitutions that protect individuals from being lied to and disinformed. What Wikileaks did was to expose the depth to which we are being hoodwinked. The internet has given billions of people the opportunity to say what they think and more importantly, be heard. It’s time for change. Relationships are built on TRUST and there is a distinct lack of this in the world today fostered by governments with alternate agendas. In general our world revolves around fear and mistrust and that usually leads to a very short lifespan.

    • The danger is not that the counter-DDOS campaign being waged by a group of Wikileaks supporters called Anonymous and Anon Op, have the potential to escalate into destructive attacks against infrastructure, but rather that we are forgetting to draw a distinction between legitimate political expression and “cybercrime”. Our constitution enshrines the right of every citizen to communications freedom, to receive or impart information and ideas. Furthermore, all South Africans possess political rights which include the right to assemble, to gather and to mobilise around specific issues as needs be. Calling the online protest action against sites which sought to destroy Wikileaks, the dangerous work of criminals, is like calling a student sit in at a lunch counter, an armed uprising. In an infowar there are no victims as such, the only thing which is harmed is information, the only activity which is disrupted is communication. While there are laws in place which make the disruption of communication an offense, consider this. If a person requests 1 html page, that person is considered a law-abiding citizen. If that person requests 1000x pages that person is disrupting communications and is a criminal. Worse, he or she is branded an international terrorist. Thus far the only tools being used in the campaign by Anonymous is are load-testing tools which can have the side-effect of DDOS. As we have seen, this is hardly destructive and has only succeeded in disrupting communication to some sites for 24hours or so. As an essay in the economist argues, http://www.economist.com/blogs/babbage/2010/12/more_WikiLeaks, this is not the work of cyber-vigilantism, rather it is an example of Athenian democracy in action. When enough people engage in online protest action, the issue of political intent comes into play. What are the intentions of those who seek to disrupt the communication of Paypal and Mastercard? Clearly, the intention in this case, is to draw attention to the DDOS attacks against Wikileaks conducted by an invisible government. People have every right to question authority and to demand an Internet where rights are extended to all, regardless of ones politics. I may not agree with the Anti-Anti-Wikileaks struggle, but I certainly do not agree with the Anti-Wikileaks campaign.

      SEE: http://www.businessweek.com/technology/content/dec2010/tc2010129_781428.htm