'Anonymous' WikiLeaks Proponents Not So Anonymous

Giovane Moura writes "For a number of days the websites of MasterCard, Visa, PayPal and others are attacked by a group of WikiLeaks supporters (hacktivists). Although the group calls itself 'Anonymous,' researchers at the DACS group of the University of Twente (UT), the Netherlands, discovered that these hacktivists are easy traceable (PDF), and therefore anything but anonymous. The LOIC (Low Orbit Ion Cannon) software, which is used by the hacktivists, was analyzed by UT researchers, who concluded that the attacks generated by this tool are relatively simple and unveil the identity of the attacker. If hacktivists use this tool directly from their own machines, instead of via anonymization networks such as Tor, the Internet address of the attacker is included in every Internet message being transmitted. In the tools no sophisticated techniques are used, such as IP-spoofing, in which the source address of others is used, or reflected attacks, in which attacks go via third party systems.

Maybe

[mikerubin]

I should change my WI-FI password?

Obvious research

[Stellian]

Since the average internet troll can't IP spoof (he is limited to a /32 block) it's fairly obvious he will reveal his location. No need to use the source for that, Luke.
The idea behind a voluntary botnet is that the damage done by each participant does light damage, and is not effectively ddosing, while at the same time the aggregate damage is effective in delivering the desired mob justice. The legal effectiveness of that defense might vary.

Re:

[poetmatt]

uh, actually, it was suspected that everyone who does the LOIC will be IP spoofing, and only the stupid chanop who got arrested actually didn't. It's true that doing it over tor would effectively ddos tor.

I mean why would you join something such as the LOIC without IP spoofing?

Re:Obvious research

[Anonymous Coward]

Because you heard other people on 4chan are doing it and wanted to be cool too?

Re:Obvious research

[bsDaemon]

we were loitering in the anonops irc channel at work the past few days, and one of the questions asked of a bona fide participant was "what's the port for http on www.hillaryclinton.com?" ... i mean, seriously? clearly, we're dealing with brilliant hacker minds here. /sarcasm IP spoofing is likely not a concept that most of them can actually get their minds around as possible.

Re:Obvious research

[Anonymous Coward]

Here's how the process goes:

1. /b/ gets angry at something (only /b/, the other boards do nothing)
2. Some /b/tard creates an image, which contains information in this format:

A quick summary why we're attacking
Where to get the tool
How to use the tool (this part is usually a screenshot of the tool)
When to start

3. Aforementioned /b/tard starts a new thread with the image, with the text saying "GO!" or "do it nao!" (sic), occasionally referring to the alleged sexual preferences of the reader
4. People see the thread, bump it, and do as they're told

The vast majority of the people who use LOIC know nothing about the internet. They're just grunts. The only smart ones are those who create these images and formulate the attacks, and they're behind seven proxies. They might not even use LOIC themselves, knowing how easy it is to get caught.

Re:Obvious research

[Elbereth]

Nice summary. Yeah, I wouldn't actually partake in the raid, myself, if I were calling for one. Instigating the raid is bad enough, really, and there's no reason to actually get your hands dirty, if dozens, hundreds, or thousands of grunts are doing it for you.

Of course, you're unlikely to get a personal army just because your girlfriend cheated on you, unless your revenge includes lots of "lulzy" repercussions for her.

Re:Obvious research

[aurispector]

It's a surprise that these people are just a bunch of script kiddies? The phrase "useful idiots" comes to mind: these knuckleheads will take the fall, giving the media and legal system someone to chew on while those with some modicum of coding skill avoid attention. I bet it wouldn't take a lot to ID the majority. Their safely is really in numbers, which isn't much safety at all.

Re:

[bsDaemon]

its no surprise they're script kiddies, i just sort of figured that the http port would be common knowledge even to skript kiddies. Oh well.

Re:Obvious research

[Rysc]

You MORORN, The HTTP port is WWW, even my GRANDMOTHER knows that!

Re:Obvious research

[fishexe]

You MORORN, The HTTP port is WWW, even my GRANDMOTHER knows that!

I heard WWW was greek for 666, so I don't use the HTTP anymore.

Re:

[marcosdumay]

What; they donwloaded a script that they were using in some cracking attempt. (WTF, they are not even controlling the script themselves!) Isn't that the definition of what is a script kid?

Re:Obvious research

[mkiwi]

It's a surprise that these people are just a bunch of script kiddies? The phrase "useful idiots" comes to mind: these knuckleheads will take the fall, giving the media and legal system someone to chew on while those with some modicum of coding skill avoid attention. I bet it wouldn't take a lot to ID the majority. Their safely is really in numbers, which isn't much safety at all.

It's not "Script Kiddies" on 4chan. It's "Script Kitties" :-)

Re:Obvious research

[arivanov]

Both you and UTwente missed the point.

It is a different type of attack. It is the "I am Spartacus" attack.

It requires putting 100000+ people most of which are juveniles in their jurisdiction on trial. No politician today can stomach that one at this point. However, the way things are going and the way we are sliding towards police societies I am not so sure that this will be the case a few years from now.

Re:

[arivanov]

Just to add to that, the fact that they are asking for "what is the port for http" makes any prosecution even more difficult as 99% of them can claim did not know what they were doing.

Re:

[xnpu]

Suspected by whom? Pretty much everyone knows spoofing is not possible from 99% (if not 100) of residential connections.

You join LOIC because you believe you can get away with it. Same reason millions of people still down copyrighted material on bittorrent without blocklists, ip spoofing or other kinds of protection.

Re:Obvious research

[chrb]

I mean why would you join something such as the LOIC without IP spoofing?

Because many people can't IP spoof? You need to get your broadband router to forward a packet without NATing it, then your ISP has to forward that packet even though the source IP is wrong.

Re:

[Anonymous Coward]

thank you for the 2 year old summary, now for the nerds out there: its called egress filtering [wikipedia.org]. every isp does it including every dedicated datacenter in the us -- unless they forget, but it is quickly caught when abused (i'm talking within 5min, there are 24/7 noc monkeys watching giant billboards of data).

Facts on VISA would hurt more than packets

[h00manist]

Just widely publish facts. That's what Wikileaks does. Just google some money laundering news or other similar "services" numerous financial mammoths offer regularly, publish them to many more places, and you'll do much more lasting damage than a bunch of packets for a couple of hours.

Someone has to to teach these kids that corporations are more worries more about teh bad publicity, than the broken websites. You're not breaking the law by widely re-publishing the truth, it can be done easily, and you can actually use Tor for that, respecting netiquette and all.

Re:

[shentino]

Joint and several liability.

Since they were attacking *as a group*, each of them is responsible in full.

Re:

[betterunixthanunix]

Would this also result in them being charged with conspiracy?

Using TOR?

[jfiling]

I was under the impression that running the LOIC through TOR would DDoS the TOR network, not the intended target.

Re:

[Anonymous Coward]

That was probably the intention of these so-called "researchers" (right, not CIA shills at all...) when they suggested such an alternative.

Re:Using TOR?

[Dexter Herbivore]

That was probably the intention of these so-called "researchers" (right, not CIA shills at all...) when they suggested such an alternative.

Soooo.... got any tinfoil hats for sale?

Re:Using TOR?

[Anonymous Coward]

think of it like shooting an RPG at your neighbour through a chain link fence.

You will end up with a still alive neighbour, a destroied fence and look like an idiot.

Re:Using TOR?

[Opportunist]

Finally an analogy that at least made me laugh. It's not much more accurate than the average car analogy, but at least I liked the picture it gave me.

Re:

[Farmer Tim]

[citation required]

Not disputing you, I just want to see some video of one in action

Re:Using TOR?

[gilbert644]

Isn't it kinda childish to label everything that isn't pro wikileaks as CIA shills?

Re:Using TOR?

[Anonymous Coward]

Isn't it kinda childish to label everything that isn't pro wikileaks as CIA shills?

You only say that because you're a CIA shill.

Re:Using TOR?

[horatio]

Yes, it is. It is also some kind of hubris to scream about Wikileak's "1st amendment rights" to then attack MC, Paypal, ....and Sarah Palin's website? These entities have a right to conduct their business however they want without undue criminal interference. Palin, whether you agree with her or not, certainly has a right to post a dissenting opinion on FB without having her place (website) smashed up by a bunch of thugs.

"More speech for Assange and wikileaks --- but no speech may be heard from, no business may be conducted with anyone who thinks this was a stupid/criminal/illegal/unethical thing to do and chooses to terminate their business relationship with Wikileaks!"

Re:Using TOR?

[shaitand]

"It is also some kind of hubris to scream about Wikileak's "1st amendment rights" to then attack MC, Paypal, ....and Sarah Palin's website?"

Silly rabbit. The bill of rights is for actual humans.*

* Palin may be human but public figures open themselves to criticism.

Re:

[fishexe]

Palin may be human but public figures open themselves to criticism.

You're free to criticize her all you like. You are not free to damage, attempt to damage, or otherwise engage in any kind of criminal mischief against her, her family, her property, or her vendors (ISP, hosting provider, etc) because you don't like something she said.

What if the "something she said" is criminal incitement to violence and the police aren't doing anything about it?

Re:

[fishexe]

What if the "something she said" is criminal incitement to violence and the police aren't doing anything about it?

That's what they said about the publishing of images of Mohammad not so long ago.

I don't know anybody who said that. I don't know any way you can say publishing images of Muhammed is an instruction to someone to kill someone else. Palin directly called for killing Julian Assange.

But all the cool kids hate Palin, so that makes it OK.

Yeah, never mind that what she said is completely different in every way from what you're trying to compare it to. That can't possibly have anything to do with it.

Re:

[shaitand]

It isn't just freedom of speech. It is also freedom of expression. The DDoS attack was a form of protest.

Re:

[Neoprofin]

So the CIA should just hire some thugs to murder the entire staff of Wikileaks and dismember the bodies?

Saying criminal interference is just a cost of doing business if you anger the wrong criminals isn't even a slippery slope, it's flat out stupid.

Re:

[Dhalka226]

I think killing you would be justice. Do you really want to play this game through to its conclusion? Do you think idiots like you are the ones who will come out on top? Our corporate and governmental douchebag overlords will come out on top, with a pile of corpses and business as usual in their wake.

If you think people deserve to die, grow a pair and go kill them. Otherwise shut the hell up about justice. Not having the balls to commit your own crime doesn't give you an acute sense of justice, it gi

Good luck!

[Anonymous Coward]

Good Luck, I'm Behind 0 Proxies!

Give a kiddie a script...

[Dexter Herbivore]

and he'll be in jail soon. [theregister.co.uk]

Re:

[Rakshasa Taisab]

Yeah, let them go ahead and arrest hundreds of random people... That's sure to make WikiLeaks less popular with The People.

It's like arresting protesters trying to stop a building project... If you throw the law book at them it's going to ruing your public image.

Re:Give a kiddie a script...

[Ritz_Just_Ritz]

Not really. These aren't "protesters trying to stop a building project." Like it or not, they're also criminals who are disrupting websites and networks that other folks are paying to use. However, let's humor you and say they're simple protesters. As every person who engages in civil disobedience knows, you've got to be prepared to be arrested/punished. The long arm of the law doesn't always roll their eyes and wait for you to go away.

Best,

Re:Give a kiddie a script...

[Opportunist]

Well, technically, so do normal protesters. They clog streets that I'd like to use, they are noisy which disturbs the other neighbors, they're loitering and maybe even squatting, which may be illegal on its own, depending on your country.

These "internet protests" are not really more or less disruptive to "normal folks" life than ordinary protesters. The difference is that "normal" protesting is protected in most western states and the disruption they cause is something you have to endure because they're executing their right to assemble (peacefully) and protest. Do you think I'm happy to sit in a traffic jam because some students are against chanting in front of our parliament? I hate the jam, but I support their right to protest and to voice their dissent. I consider it important that they may do that, even if I do not agree with their political position and think (for once in a while) that our government is doing a few things right.

But their right to protest and voice their dissent is more important than me being late for my appointment.

Re:

[h4rm0ny]

I applaud your sentiment. So I guess the question is should something being online make a difference to the right to protest? And if not, is that the only relevant difference between clogging the streets with placards and DDoSing Mastercard or Amazon?

Re:Give a kiddie a script...

[VortexCortex]

As TFA states, LOIC software does not perform a reflected (AKA distributed) DoS attack.

As more individuals participate in the protest, the DoS is equally more effective, but it is a "neutered" attack; A very small amount of traffic is generated compared to what a similar sized bot-net using a true reflective DDoS attack would create. The LOIC program could be much more disruptive if it were meant to do the most harm, but it isn't.

Each individual is simply sending requests (AKA data) to Mastercard or Amazon. Each individual is performing a DoS attack. It's different than if each individual were performing a DDoS (reflected) attack.

It's not illegal for an individual to request an Amazon or Mastercard web page.

How many requests must an individual generate before that individual is in breach of any law?

Let's say we set it at more than 10 requests per second. Let's also say that I use a web browser that doesn't support the "Keep-Alive" HTTP 1.1 option. Using said browser to view one Amazon web page will easily generate more than 10 requests in a second if my connection speed is sufficiently fast (each image, script, iframe, etc will be downloaded over its own HTTP 1.0 connection).

When does "using" Amazon's or Mastercard's website become "abusing" the same websites?

IMO, if you don't want unsolicited packets of data: Install a Firewall in front of your machine. (Note: It is very difficult to run a web server that does not accept unsolicited packets).

Re:

[Opportunist]

Well, the right to protest and demonstrate should not be different "online" just because it's "online". And probably the people who originally gave us the right to demonstrate because they thought it is important that people can make their voice heard even against the interests of industry and government would agree.

Sadly, the people currently in power would not even grant us the right to demonstrate and assemble peacefully, and would gladly get rid of it given a chance. So I doubt that we'll get the right

Great points, Opportunist

[sgt_doom]

But more to the point, there were indeed laws, and many of them broken, in Europe, and specifically in Sweden, in Switzerland.

PayPay, and that Swiss bankster, with absolutely no court order nor legal authorization, froze -- or in reality -- stole, over 100,000 Euros of Wikileaks' private donations.

And PayPal claims to have been coerced by the US State Dept., which is aiding, abetting and collusion, as well as strong-arming. Beyond the Euro Union laws, and individual countries' laws, there's also a document called the WTO Financial Services Agreement, which all the bankster frauds always conveniently forget when they so desire.

Next, we have all those legal transgressions in Sweden: (1) the leaking of the investigation by prosecutor Maria Kjellstrand to rightwing tabloids, in violation of Swedish secrecy laws; (2) the further leaking of Assange's file by person or persons unknown in the Swedish Prosecution Authority, in direct violation of their secrecy laws; (3) the fact that Chief Prosecutor Eva Finnes throw out the case initially, after reviewing the fact that the two women got together (corrupting the evidence and conspiring together with their individual stories prior to approaching the police), and next the Minister of Justice, Beatrice Ask, pressures Finnes to reopen the flimsy case; (4) the fact that when Assange and his attorneys attempted to communicate with the Swedish Prosecution Authority for 41 days straight, they were refused -- because not a single magistrate at that time would take on such a farce of a case; (5) the law only recently been written up, specifically for Wikileaks' Assange, WHILE they were actually submitting their Interpol warrant (Sex By Surprise).

Ya this is not protest

[Sycraft-fu]

Protest is things like gathering together peacefully to make your position and numbers known. Protest is writing your elected representatives to let them know that you find something unacceptable and will vote them out if they don't take action. Protest is refusing to shop at a store, and let others know why.

Protest is NOT launching an attack to try and shut down things you don't like. These people aren't protesters. They are like the jackasses at a physical peaceful protest that go and loot stores or burn

Re:

[Barrinmw]

What is the difference between what these people are doing and the sit-ins that blacks did for civil rights?

Re:Ya this is not protest

[Graymalkin]

The people performing sit-ins were not attempting to be anonymous and running away as soon as they were challenged. They were willing to act in public and be arrested for what they believed in. Participating in a DDoS is not remotely similar no matter what delusions of grandeur they might have. It's troubling that these people are equating DDoSing a website with activism or protest.

Re:

[Graymalkin]

No the difference is accountability. The people performing sit-ins were willing to be held accountable for their actions. They could have opted not to give their names if confronted but they put a face and a body to their protest. They actually had a confrontation with their opposition. Participating in a DDoS is not putting a body or face to the protest nor is it actually confronting the opposition. It's little better than throwing rocks through store front windows and running away. Julian Assange putting

Re:

[darrad]

So says the Anonymous Coward...

Re:

[cheekyboy]

I rather consider all of congress and 1000s of politicians criminals than the average joe bloggs.

Seriously, this is WW3, the people in power and in charge get STFU, us young people will outlive you old grey haired assess ok.

You stupid MOFO baby boomers who smoked pot in the 60s, remember you guys were fighting the MAN in the 60s, well, us youngers are now fighting your fat asses now. ok.

Re:

[h4rm0ny]

Most civil disobedience makes one a criminal, however. Is this civil disobedience? Well, it's done to make a political point and doesn't provide any material reward to the perpetrators, so I suppose it's at least heading in that direction. I'm not sure what would define civil disobedience that would exclude these attacks.

Re:

[arth1]

It's only civil disobedience if you act civilly.
- You do what you do in the open, without trying to hide who you are.
- You don't cause direct harm.

Someone lying down in front of a bulldozer may be exercising civil disobedience, but someone wearing masks to hide their identity tossing molotov cocktails at it aren't.

Or, to use a recent example:
The student protesters in London who refused to leave and linked arms, expecting the police to use force against them were engaged in civil disobedience.
The protesters

Re:

[h4rm0ny]

and the FACT that none of us actually knows the details of what Assange may or may not have done to/with those women)

Just pointing out that you are (a) conflating the sexual assault charges with the issues of Mastercard and Amazon discriminating against Wikileaks which is what has actually instigated this, and (b) making an accusation, rather than a conviction, something to base your decisions on.

Re:Give a kiddie a script...

[h4rm0ny]

Nope, Ghandi never won the prize though I think he was nominated several times. On the other hand, Henry Kissinger did, which tells you all you need to know about the Nobel Peace Prize. GP made a bad example, I don't recall acts of sabotage by Ghandi, but he was certainly a law-breaker and a criminal by the laws of the time. GP should have picked a different specific.

Re:

[flyingfsck]

Uhmm, the US government isn't really worried about its public image. They can throw all kinds of things at you - the rule book should be the least of Asange's worries.

Re:

[Yetihehe]

Yeah, all protesters should be caught and sentenced some light prison.~

Re:

[Opportunist]

I dunno about your country, but it would be legal in mine. Of course they must not keep people from entering the store, but if they just sit down in front of the store so people who want to enter it have to step around them (and it's a "legal" demonstration, long legalese story), this is a legal form of protest.

They must not touch one of the potential customers (it's instantly assault if they only try to "attack" someone trying to get in), they must not even directly address one of them (they may chant thei

No shit, sherlock?

[PseudonymousBraveguy]

Sending an IP datagram with your own IP in the header makes you traceable? Inconceiveable!

Why do you have to write a ten page whitepaper for a simple observation that anybody who is able to find out his own IP address and click on two buttons on wireshark could make in about 5 seconds?

Re:

[DarkIye]

1. For every man on the street who knows what an IP address is (not many), very few would know what Wireshark is.

2. I certainly wasn't bothered to download LOIC and analyse the packets it sent, but its certainly interesting to note it does give away the Tx IP address.

3. It does give impartial background on the tool that I trust more than what Encyclopediadramatica says about it.

Re:

[shentino]

In theory, using real return addresses would be required to avoid being blocked by egress filtering that would rightly drop martians on grounds of source IP spoofing.

In practice, egress filtering usually sucks balls these days.

One thing that could work well is for LOIC to randomize a configurable number of tail bits on the packets it sends out. Enough to avoid being pinned, but not too much to run afoul of egress filtering.

Re:

[fishexe]

3. It does give impartial background on the tool that I trust more than what Encyclopediadramatica says about it.

Dude, that site is totally reliable. It even has "Encyclopedia" in its name!

I mean, for comparison, even "Wikipedia" only has the "pedia" portion in its name. Therefore Encyclopediadramatica must be at least twice as reliable!

Re:No shit, sherlock?

[davidbrit2]

Warning! Your computer may be broadcasting an IP address! Click here to learn how to fix it!

Re:

[chrb]

Sending an IP datagram with your own IP in the header makes you traceable? Inconceiveable!

Indeed. Though there is a slight advantage of a SYN flood attack: deniability. All of those packets could have been spoofed to make it look like they came from your IP, when in fact you had nothing to do with it.

Re:

[Opportunist]

Why do you have to write a ten page whitepaper for a simple observation that anybody who is able to find out his own IP address and click on two buttons on wireshark could make in about 5 seconds?

DUH!

You think anyone would pay you for a three-liner? Or take you serious? You've never been in the academic circus, have you?

You have to produce text on paper. You print, hence you are! The more, the more important you are.

Duh

[Anonymous Coward]

Only the fools who think "Anonymous" is an actual group could think that its members were actually anonymous.

The 7 proxies meme exists for a reason, mostly because no one cares enough to actually use a proxy.

Raw sockets and Windows

[Rijnzael]

As I recall, LOIC is for use with Windows machines. If that's the case, the likely reasoning behind not using any identity-concealing techniques is Windows raw socket restrictions [microsoft.com]. They're flooding web servers, and TCP packets can't be sent with raw sockets, so there's not much else to do other than repeatedly open valid connections (from the Windows platform).

Re:

[Rijnzael]

I suppose I should also elaborate that raw sockets are required to make non-standard modifications to the IP header (such as spoofing the IP address).

Re:

[Pi1grim]

"There's a patch for that." And besides, LOIC now comes in all flavours: windows, linux (qt), MacOsX and cross-platform (Java and JS+HTML type).

Re:

[PseudonymousBraveguy]

Forcing an interface to have a forged IP is trivial, so the restrictions do not really inhibit concealing your IP address. With TCP you are basically limited to a SYN flood, however, because you will not be able to finish the 3-way-handshake with a forged sender address.

Re:Raw sockets and Windows

[Xelios]

Or a reflected SYN attack [plynt.com], which is a little more potent. But the main problem in concealing your identity by forging the source IP is that most ISP's these days perform egress filtering, meaning those forged packets will simply be dropped before they leave your local network. You have to find the range of IP's allowed through your local network and restrict your spoofing to that range, which in the end doesn't conceal your identity very well anyway.

4chan was actually hit by a reflected SYN attack last year, which forced AT&T to black hole its domain [slashdot.org] for several hours. Apparently there are still some ISP's, particularly in Eastern Bloc countries, that don't bother to filter spoofed packets leaving their networks.

Re:

[jimicus]

Obviously this doesn't apply to anyone with more than a bit of knowledge, but thinking of the people who are using this tool: spoofing your IP address won't do much good when you're sat behind the NAT'ing router your ISP sent you.

Maybe someone who works for an ISP can confirm this, but I wouldn't imagine it'd be that difficult for your ISP to spot traffic that's coming in on an interface it shouldn't be given its IP address and drop it. Hard at the core of the network, but pretty easy at the edge on other

Re:Raw sockets and Windows

[Opportunist]

The main "problem" isn't that it's Windows or the lack of raw sockets, even if raw sockets were trivial to use LOIC would probably not use them. Reason? It was never intended to be a DDoS tool to be used in a real attack. It was developed as a stress testing tool, where it matters preciously little whether the "attacked" machine knows where the attack is from. Why? Because the attacker and the attacked is the same person, it's supposed to be a tool to stress test YOUR OWN machines and networks.

Hiding and spoofing was not really a big issue in the development of this tool.

Re:

[trapnest]

As someone who was active in the IRC where LOIC was being developed, it was never intended to be anything other than a DoS tool. Thus the name, etc.

Re:

[Opportunist]

I think this is a good moment to mention that there are countries with governments even a notch more insane than the US one who already outlawed "hacking tools". So, unless you pointlessly want to incriminate a few people here, I do highly recommend NOT calling anything a "hacking tool" or it being developed for the purpose of hacking.

In other words, NO that was NOT what it was invented for. It was never intended to be used that way, it has never before been used this way and I could have never imagined tha

Hacktivists?

[ThePromenader]

(Muffled voice emanating from behind a couch from behind which a body and hindquarters are clearly visible) "Hahaha! They'll ~never~ find me!"

Re:

[Opportunist]

More like: Running to the corner, covering the eyes with both hand and announcing "you can't see me!"

Re:

[chill]

Daft as a hairbrush, the Ravenous Anonymous Beast of 4chan is arguably the most insanely idiotically dense creature in existence. It believes that if you can't see it, it can't see you. Therefore, if you are faced by the horrid (yes, horrid, in spite of its intelligence, or lack of) Beast you should wrap your towel around your head (you do have one, don't you!?) to TEMPORARILY ward off the Beast's voracious appetite and furious... fury... sorry.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[Opportunist]

Up the ante a notch: How about the next DDoS not being executed by a bunch of "willing" participants but a botnet controlling a few hundreds of thousands machines, all of them "unwilling" participants. Even if you could prosecute these people (and under the laws of my country that would be quite hard to do), what would it get you? In the current case, you might even have some sort of deterrent effect, telling people that they probably should not participate in that attack. But the attackers of a botnet are

Did it?

[Sycraft-fu]

I never noticed Amazon have a single problem, and Mastercard's site is back up and not that important anyhow, it never touched the payment network. Doesn't seem to have been that effective.

As for DDoS vulnerability well ya, the only real defense is massive amounts of bandwidth and lots of server capacity. If someone clogs up your connection, or overloads your server, what are you going to do?

However I don't know that you want to go around advocating for defense against it because an evil one I can think of

The problem is the line

[Sycraft-fu]

So suppose I have a 100mbit line to my server. Great. However then suppose people start sending a gigabit of traffic down it. Well now I'm fucked. There is going to be so much contention, so much bad traffic, that legit traffic won't get through. Nothing I can do about that, my firewall doesn't help since my line is full. If my firewall is over at my ISP, before my line, then on maybe it can, but there's still the matter of what kind of connection it has going in to it. At some point, there's a limit. Fill

Re:

[the_one(2)]

The raw bandwidth from these attacks are nowhere near enough to take out anything. I believe I read that it was something like 20 MBit/s or something.

Re:

[Taur0]

Except, they don't need to convict everyone. Just a few people. These are a bunch of teenagers who think they're invincible, they see some of their buddies dragged into court and they're going to stop.

Re:

[chill]

Not really. Had they actually disrupted Visa & MasterCard's *authorization* network, that would have been impressive. As is, DDoSing their websites by getting a lot of morons to download a script-kiddie tool and enter a target IP isn't impressive.

Really??

[Nailer235]

You mean to tell me that the free "hacking" tool released to 15 year old kids doesn't take security precautions??

Re:

[Opportunist]

Again, the fact that it's exactly NOT a hacking tool is what causes problems for those kids. It was never meant to hide and be stealthy because it was developed as a tool to stress test your OWN network. There's preciously little reason to be sneaky and stealthy and hide yourself when the intention of the tool is to test YOURSELF and not to bring down others.

You are broadcasting your IP!!!

[Arancaytar]

If hacktivists use this tool directly from their own machines, instead of via anonymization networks such as Tor, the Internet address of the attacker is included in every Internet message being transmitted.

OH MY GOD!!! Our webs are down! All of them! They're stealing the internet! Quick, we need to hack all IPs simultaneously!

Consequences

[SoVeryTired]

Sounds like they got back-traced. Consequences will never be the same.

Anyone...

[grimdawg]

...anyone calling themself a 'hactivist' deserves to be locked up as far as I'm concerned.

I mean...fucking hell. Hacktivist.

Re:

[Opportunist]

Don't blame them for a buzzword the media tacked on them. Blame them for whatever they do or say, but not for what others do or say onto or about them. It's just not fair.

Don't coin dumb and inaccurate words

[massysett]

I don't know who started this dumb, inaccurate, and insulting "hacktivist" portmanteau. These people are simple criminals. They are doing nothing to support Wikileaks. To support Wikileaks, give it money. Give it hosting. MIrror its documents. Attacking MasterCard does absolutely nothing to support Wikileaks.

"Hacker" only means bad things to most people, so I give up on that part of this dumb word. But "activist"? That belongs to people like Liu Xiaobo, winner of the Peace Prize who can't even go to his ceremony because he's in jail. It belongs to people who are actually trying to advance good in the world. It doesn't belong to simple criminals who are engaged in the pointless, cowardly, and pseudo-anonymous destruction of commercial websites.

I don't know if "hacktivist" is some attempt to be cute, some attempt to stir sympathy for these criminals, or some attempt to look cool by using some hip new word invented on some blog or in Twitter, but there is a huge difference between activism of any kind and simple, cowardly, criminal vandalism.

Re:

[Reziac]

"Activist" hasn't meant anything positive in a long time, ever since the basic philosophy of too many activist groups became "We'll make your lives miserable until you give in and do what WE want you to do." Thanks to groups like ALF/ELF and the money-making/laundering machines behind many others (see http://www.activistcash.com/ [activistcash.com] ), "activist" has almost become synonymous with "domestic terrorist".

It's the same unfortunate regression of meaning that "hacker" suffers from, for the same reasons -- too many bl

Hacktivist?

[Rydia]

Even if there is such a thing as a "hacktivist," these kids are not it. Activism is about standing up and making your voice heard and organizing to demand change or raise awareness of something, in a peaceful fashion. "Anonymous" is not organized, isn't really demanding anything so much as lashing out as things that make them angry, and is certainly not peaceful. Imagine if all this effort were put into a website, or marches, or something constructive. The discussion would be a lot different than what can e

Re:

[Haedrian]

Not to mention that:

Hacking =/= Cracking.

I guess Cracktivist sounds like a pro-drug group.

Call me dumb, but

[Compaqt]

what is a Low Orbit Ion Cannon?

Re:

[trapnest]

A perl (iirc) script used for sending packages to internet locations.
See also: USPS, Royal Mail, etc.

Sorry, but

[TranceThrust]

this is inane. The point is the attacks not only come from the LOIC network, but other bot networks can also be employed. Therefore it is not possible to differentiate if the computer involved with an attack is a willing participant or a worm victim. So unless the authorities act on every IP-address involved and pay those IP users a personal visit, and IF these people indeed have used LOIC and managed not did not wipe it, only then they have a problem with their non/relative-anonymity. Every one of the cond

YOU HAVE THE RIGHT . . .

[MarkvW]

Three Rules:
(1) STFU
(2) Rule 1 always applies
(3) No exceptions

Anybody could have used the IP address. How do I figure out who? GOTO RULE 1.

Re:

[trapnest]

Hate to spoil your party, but Anonymous is everyone until you start leaving your ID everywhere, then anonymous is:
72.101.37.123
69.69.69.69
12.39.17.8
etc.