'Anonymous' WikiLeaks Proponents Not So Anonymous 390
Giovane Moura writes "For a number of days the websites of MasterCard, Visa, PayPal and others are attacked by a group of WikiLeaks supporters (hacktivists). Although the group calls itself 'Anonymous,' researchers at the DACS group of the University of Twente (UT), the Netherlands, discovered that these hacktivists are easy traceable (PDF), and therefore anything but anonymous. The LOIC (Low Orbit Ion Cannon) software, which is used by the hacktivists, was analyzed by UT researchers, who concluded that the attacks generated by this tool are relatively simple and unveil the identity of the attacker. If hacktivists use this tool directly from their own machines, instead of via anonymization networks such as Tor, the Internet address of the attacker is included in every Internet message being transmitted. In the tools no sophisticated techniques are used, such as IP-spoofing, in which the source address of others is used, or reflected attacks, in which attacks go via third party systems.
Duh (Score:3, Informative)
Only the fools who think "Anonymous" is an actual group could think that its members were actually anonymous.
The 7 proxies meme exists for a reason, mostly because no one cares enough to actually use a proxy.
Re:Give a kiddie a script... (Score:4, Informative)
As TFA states, LOIC software does not perform a reflected (AKA distributed) DoS attack.
As more individuals participate in the protest, the DoS is equally more effective, but it is a "neutered" attack; A very small amount of traffic is generated compared to what a similar sized bot-net using a true reflective DDoS attack would create. The LOIC program could be much more disruptive if it were meant to do the most harm, but it isn't.
Each individual is simply sending requests (AKA data) to Mastercard or Amazon. Each individual is performing a DoS attack. It's different than if each individual were performing a DDoS (reflected) attack.
It's not illegal for an individual to request an Amazon or Mastercard web page.
How many requests must an individual generate before that individual is in breach of any law?
Let's say we set it at more than 10 requests per second. Let's also say that I use a web browser that doesn't support the "Keep-Alive" HTTP 1.1 option. Using said browser to view one Amazon web page will easily generate more than 10 requests in a second if my connection speed is sufficiently fast (each image, script, iframe, etc will be downloaded over its own HTTP 1.0 connection).
When does "using" Amazon's or Mastercard's website become "abusing" the same websites?
IMO, if you don't want unsolicited packets of data: Install a Firewall in front of your machine. (Note: It is very difficult to run a web server that does not accept unsolicited packets).
Re:Obvious research (Score:3, Informative)
Great points, Opportunist (Score:4, Informative)
PayPay, and that Swiss bankster, with absolutely no court order nor legal authorization, froze -- or in reality -- stole, over 100,000 Euros of Wikileaks' private donations.
And PayPal claims to have been coerced by the US State Dept., which is aiding, abetting and collusion, as well as strong-arming. Beyond the Euro Union laws, and individual countries' laws, there's also a document called the WTO Financial Services Agreement, which all the bankster frauds always conveniently forget when they so desire.
Next, we have all those legal transgressions in Sweden: (1) the leaking of the investigation by prosecutor Maria Kjellstrand to rightwing tabloids, in violation of Swedish secrecy laws; (2) the further leaking of Assange's file by person or persons unknown in the Swedish Prosecution Authority, in direct violation of their secrecy laws; (3) the fact that Chief Prosecutor Eva Finnes throw out the case initially, after reviewing the fact that the two women got together (corrupting the evidence and conspiring together with their individual stories prior to approaching the police), and next the Minister of Justice, Beatrice Ask, pressures Finnes to reopen the flimsy case; (4) the fact that when Assange and his attorneys attempted to communicate with the Swedish Prosecution Authority for 41 days straight, they were refused -- because not a single magistrate at that time would take on such a farce of a case; (5) the law only recently been written up, specifically for Wikileaks' Assange, WHILE they were actually submitting their Interpol warrant (Sex By Surprise).
Re:Great points, Opportunist (Score:1, Informative)
Sorry but PayPal acted in accordance with their policy. Wikileaks IS trying to get people to do illegal acts by creating a safe-heaven specifically for stolen and leaked material.
"(1) the leaking of the investigation by prosecutor Maria Kjellstrand to rightwing tabloids, in violation of Swedish secrecy laws"
This is not remarkable with Assange's case, most high-profile cases end up leaked if there's enough interest from the public to find out the facts. And it's not even clear if the secrecy law protects a non-Swedish citizen.
"(3) the fact that Chief Prosecutor Eva Finnes threw out the case initially, after reviewing the fact that the two women got together (corrupting the evidence and conspiring ...."
They appealed the decision, as is allowed with any other case.
"(4) the fact that when Assange and his attorneys attempted to communicate with the Swedish Prosecution Authority for 41 days straight, they were refused -- because not a single magistrate at that time would take on such a farce of a case"
Nobody gets the privilege that Assange was asking for, to meet with the prosecutor in another country because of their personal reasons.
"(5) the law only recently been written up, specifically for Wikileaks' Assange, WHILE they were actually submitting their Interpol warrant"
It is unclear which law you're referring to, I haven't heard of this and I've been following this case.
I'm not against Wikileaks but they knew what they were getting themselves into when they started their operations, now they'll simply have to manage the repercussions.