Slashdot Mirror

← Back to Stories (view on slashdot.org)

MasterCard Hit By WikiLeaks Payback Attacks

Posted by CmdrTaco on from the this-is-getting-messy dept.

An anonymous reader writes "MasterCard's website has been hit by a distributed denial of service attack. Netcraft describes how the attack uses a voluntary botnet of LOIC (low orbit ion cannon) users to swamp sites with traffic. PostFinance, the PayPal blog and Swedish prosecutors have been targeted previously."

16 of 715 comments (clear)

  1. Wikileaks Vs Sites of Ill Repute by eldavojohn · · Score: 5, Interesting

    Reminds me of an article I saw on Techdirt the other day pointing out that Visa and Mastercard were getting all high and mighty about morality in regards to Wikileaks but happily fielding transactions for sites like the KKK.

    --
    My work here is dung.
    1. Re:Wikileaks Vs Sites of Ill Repute by Legion303 · · Score: 4, Interesting

      since Wikileaks next target seems to be a major bank

      That's the one I'm waiting for. I don't give two shits about the majority of these gossipy cables.

  2. Re:Stupid action by amolapacificapaloma · · Score: 3, Interesting

    And they both have been exposed: http://www.guardian.co.uk/world/us-embassy-cables-documents/246424

    --
    exp(i*pi)+1=0
  3. Re:Whatever... by linhares · · Score: 4, Interesting
    well this "operation payback" has struck gold before, against the blackmailing towards alleged filesharers:

    Operation Payback hit ACS Law a second time, knocking out the site. In the process of bringing it back up, someone exposed the server's directory structure through the Web instead of showing the website itself. Those conducting Operation Payback immediately moved in and grabbed a 350MB archive of ACS Law e-mails, then threw the entire mass up on sites like The Pirate Bay. This is more than a matter of mere embarrassment. The UK has tougher data protection laws than the US, and the country's Information Commissioner has already made it clear that ACS Law could be on the hook for hundreds of thousands of pounds. That's because, in addition to his iTunes receipts ("Hooray for iPads. I love mine," Crossley says at one point) and Amazon purchase orders, the e-mails include numerous attachments filled with all manner of private information: names, addresses, payment details, passwords, revenue splits, business deals.

  4. Re:Stupid action by Moryath · · Score: 5, Interesting

    "Act like fucking adolescents?"

    This is the modern equivalent of a lunch counter sit-in. No user has had their computer hijacked, they are all participating of their free will. Are they "disrupting business"? Perhaps, but no worse than the lunch counter sit-ins did.

  5. Re:Stupid action by scubamage · · Score: 5, Interesting

    I would expect that to never come to light honestly. If they admitted how much the DDoS cost them, it would essentially give a 'quantifiable' damage scores (not sure how else to describe it) to anyone who pursued similar attacks in the future. It'd be fascinating to see though; the amount of lost revenue, divided by the number of unique IP's in the DDoS should give you dollars lost on a per-node basis. Then it'd give you cost metrics, and where there's readily available cost metrics, there's business opportunities. Just think - "we'll pay you $.01 to run this program for an hour!" while in the background you're causing 250$ in damage to a target. Sorry, mind is wandering in the dark side now :)

  6. Re:Stupid action by linhares · · Score: 5, Interesting

    it seems that donations to wikileaks are still being processed by this startup: http://eu.techcrunch.com/2010/12/08/wikileaks-continues-to-fund-itself-via-tech-startup-flattr/

  7. Re:Stupid action by scubamage · · Score: 4, Interesting

    Honestly people refer to anon as adolescents, but I don't think its true. If you look at humans in general, in large groups all of us act like spoiled children. They all want to suck in as much resources as possible, fight to place themselves as high as they can on the social ladder, pee on the beta through omega dogs, and be able to do as they please. Examples: British colonialism treated colonies like second class citizens, extending idiotic laws like the local lord could sleep with peoples wives on their wedding nights, etc. The US constantly interferes with other governments, and after destabilizing them, whines that results aren't in our favor. There's lots of examples. I think Agent Kay put it best, "A person is intelligent. People are dumb, panicky, dangerous animals." Hell, in social psychology there are extensive studies of mob behavior, and they all point towards humans being pretty damn wretched cruel creatures when in groups. Anon is about as principled as any other mob. At least they're predictable insomuch as they always support the first amendment and open information; even if they cast a broad net on who they target.

  8. Re:voluntary DDOS botnet... by NuKe_MoNgOoSe · · Score: 3, Interesting

    I remember back in the day chilling on a mIRC server and there was room that was very ominous thousands of handles were there and me, being a novice, didnt really understand why none of them spoke. Then it was explained to me that they could be aimed at websites to overload them with jargon traffic to knock them offline. When I was educated about this the danger became evident. When I asked who created it they said the original creator was unknown and the net itself wasnt owned by anyone and that the original owner left open instruction on how to control it... with such anonymity and such power (it was further explained that the net grew exponentially at times as the backdoor used to create it spread) that it was fairly intangible, and destroying one bot in the net does nothing to hinder its ability to wreak havok. Not only that but because it can be controlled by anyone who knows the means it can be shifted from server to server which would further hinder peoples ability to disable it.. a botnet is a scary thing when you see it in that light.. Im sure people can counter and offer all kinds of more technical jargon, but for a novice this sufficed enough for me to stay away from these sort of things.

    --
    When you dislike the human race as much as I do, Karma:Bad is inevitable lol.
  9. Comcast is blocking access to wikileaks by jaypaulw · · Score: 2, Interesting

    Comcast is blocking access to any websites reporting wikileaks related stories.

    This is exactly what I would suspect they would do.

    What can you expect from a big corporate interest?

  10. and banks may get to be the next target of w.leaks by leuk_he · · Score: 3, Interesting

    WikiLeaks Founder Says Next Target Is Major US Bank

    "Early next year, WikiLeaks will publish tens of thousands of internal documents from a major U.S. bank, exposing the institution's rampant corruption and unethical practices and executives' brazen self-interest, Assange said in an interview with Forbes magazine."

  11. Re:Stupid action by Duradin · · Score: 2, Interesting

    Wikileaks had credibility, back when they were a whistleblowing site and not a media corp.

  12. Re:Visa and MC have no problem being associated... by hedwards · · Score: 3, Interesting

    Indeed. I'm curious as to what sort of liability this is going to open for them in the future. Previously they only refused transactions that the government required them to or in cases where they suspected fraud.

    If they're now blocking transactions which the government doesn't require them to and that they have good reason to believe the cardholder consented to, that's got to open up all sorts of liability over their connection with cybercriminals.

  13. Re:Stupid action by slim · · Score: 5, Interesting

    Consumer action is another tactic. Here's the letter I sent my bank:

    Dear Smile.co.uk,

    One of the reasons I am a customer of Smile Banking is your commitment to ethical banking.

    I do not believe that Visa's recent decision to block payments to Wikileaks is consistent with that ethical stance.

    I understand that due to Visa's near-monopoly on card payments and online payments, it is not really practical for either Smile Banking or myself personally to discontinue our use of Visa debit card facilities. However I would like to send a message to Visa that this decision has weakened, not strengthened, their brand reputation to me and, I would assume, others.

    To this end:

    1. Please would you forward this message to Smile Banking's board of directors
    2. Please would Smile Banking collate any similar messages of disapproval regarding Visa's actions from other Smile customers, should they be received, and communicate the aggregate message to Visa
    3. Please, so that I can modify my behaviour where possible, would you advise me to what extent the following activities result in income to Visa
        a: A debit card payment where I the cardholder am present
        b: A cash withdrawal at a high street ATM
        c: An online/telephone debit card payment

    Many thanks,

  14. Re:Stupid action by slim · · Score: 3, Interesting

    DDoS != modern sit-in

    Voluntary Botnet == modern sit-in

    See the difference?

    Where does this leave a DDoS implemented using a voluntary botnet?

  15. Re:How is Wikileaks engaging in "free speech?" by HungryHobo · · Score: 1, Interesting

    And you're not a programmer without being a member of.... well actually you just have to know how to program.
    And you're not a grave digger unless you... well just digging some graves makes you a grave digger.
    And you're not a translator unless you're a member of..... actually just being fluent in multiple languages can qualify you as a translator.
    And you're not a musician unless you're a member of... well being able to play a musical instrument and being called a musician pretty much qualifies you to claim that title.

    Anyone who breaks news stories, anyone who does the job of a journalist is a journalist particularly if they do it well and wikileaks have been doing it very well.

    the Internet's ability to allow people to self-publish via web sites is not a flaw.
    it is one of it's best attributes.

    and you absolutely can turn up somewhere, claim the title of a journalist and if they want to they might let you in.
    A bunch of my friends printed themselves off a loads of "[their blog name] news team" t-shirts and when they went out drinking and got into clubs free because club owners wanted to get free advertising.
    To be fair they did post pictures of their nights at the clubs.
    fantastic idea though.

    you could start publishing your own little newsletter and try turning up up to things and asking to be let in as a reporter for your own newspaper.
    They don't have to let you in, they might not but you have every right to try.