Slashdot Mirror
'Anonymous' WikiLeaks Proponents Not So Anonymous
Giovane Moura writes "For a number of days the websites of MasterCard, Visa, PayPal and others are attacked by a group of WikiLeaks supporters (hacktivists). Although the group calls itself 'Anonymous,' researchers at the DACS group of the University of Twente (UT), the Netherlands, discovered that these hacktivists are easy traceable (PDF), and therefore anything but anonymous. The LOIC (Low Orbit Ion Cannon) software, which is used by the hacktivists, was analyzed by UT researchers, who concluded that the attacks generated by this tool are relatively simple and unveil the identity of the attacker. If hacktivists use this tool directly from their own machines, instead of via anonymization networks such as Tor, the Internet address of the attacker is included in every Internet message being transmitted. In the tools no sophisticated techniques are used, such as IP-spoofing, in which the source address of others is used, or reflected attacks, in which attacks go via third party systems.
I should change my WI-FI password?
I sat down to write a new sig tonight and all I did was make the chair warm.
I was under the impression that running the LOIC through TOR would DDoS the TOR network, not the intended target.
Good Luck, I'm Behind 0 Proxies!
and he'll be in jail soon.
Sending an IP datagram with your own IP in the header makes you traceable? Inconceiveable!
Why do you have to write a ten page whitepaper for a simple observation that anybody who is able to find out his own IP address and click on two buttons on wireshark could make in about 5 seconds?
Only the fools who think "Anonymous" is an actual group could think that its members were actually anonymous.
The 7 proxies meme exists for a reason, mostly because no one cares enough to actually use a proxy.
Since the average internet troll can't IP spoof (he is limited to a /32 block) it's fairly obvious he will reveal his location. No need to use the source for that, Luke.
The idea behind a voluntary botnet is that the damage done by each participant does light damage, and is not effectively ddosing, while at the same time the aggregate damage is effective in delivering the desired mob justice. The legal effectiveness of that defense might vary.
As I recall, LOIC is for use with Windows machines. If that's the case, the likely reasoning behind not using any identity-concealing techniques is Windows raw socket restrictions. They're flooding web servers, and TCP packets can't be sent with raw sockets, so there's not much else to do other than repeatedly open valid connections (from the Windows platform).
(Muffled voice emanating from behind a couch from behind which a body and hindquarters are clearly visible) "Hahaha! They'll ~never~ find me!"
No, no sig. Really.
ThePromenader
Regardless of the amount of 'fight-the-man' fame WIkileaks and Assange and Company have drummed up, I think the bigger thing to take away from this story how vulnerable Big Company still is to online DDoS attacks at any given time and for any sort of reason, inflicted or not. You can argue about the traceability and poor track covering tactics of LOIC all day, but it did it's job and did it well. The time and effort to try and even prosecute any of the thousands and thousands of 'whomever's responsible for that source IP would be staggering and it just won't happen. Like many of the /.'s, I side with the notion, "Who cares" and wait for the next front-page new post.
You mean to tell me that the free "hacking" tool released to 15 year old kids doesn't take security precautions??
OH MY GOD!!! Our webs are down! All of them! They're stealing the internet! Quick, we need to hack all IPs simultaneously!
...anyone calling themself a 'hactivist' deserves to be locked up as far as I'm concerned.
I mean...fucking hell. Hacktivist.
There are 10 kinds of people in this world: those who understand binary, and nine other kinds of people.
I don't know who started this dumb, inaccurate, and insulting "hacktivist" portmanteau. These people are simple criminals. They are doing nothing to support Wikileaks. To support Wikileaks, give it money. Give it hosting. MIrror its documents. Attacking MasterCard does absolutely nothing to support Wikileaks.
"Hacker" only means bad things to most people, so I give up on that part of this dumb word. But "activist"? That belongs to people like Liu Xiaobo, winner of the Peace Prize who can't even go to his ceremony because he's in jail. It belongs to people who are actually trying to advance good in the world. It doesn't belong to simple criminals who are engaged in the pointless, cowardly, and pseudo-anonymous destruction of commercial websites.
I don't know if "hacktivist" is some attempt to be cute, some attempt to stir sympathy for these criminals, or some attempt to look cool by using some hip new word invented on some blog or in Twitter, but there is a huge difference between activism of any kind and simple, cowardly, criminal vandalism.
Penny - plain text accounting
Protest is things like gathering together peacefully to make your position and numbers known. Protest is writing your elected representatives to let them know that you find something unacceptable and will vote them out if they don't take action. Protest is refusing to shop at a store, and let others know why.
Protest is NOT launching an attack to try and shut down things you don't like. These people aren't protesters. They are like the jackasses at a physical peaceful protest that go and loot stores or burn cars or whatever. They are vandals, pure and simple. They are out to destroy, not to protest.
They aren't even EFFECTIVE vandals at that. Amazon is up and running good as ever, doesn't even seem to be slow. My understanding is that MasterCard was down but it is back up now, however none of that mattered since their site is not at all important, their transaction processing is and that was never affected (credit cards worked fine all last week). They are kids throwing rocks at a window, and missing, because they are angry and can't be bothered to do anything productive.
There isn't any excuse for behaviour like this. It also doesn't help your cause. It makes it seem like the people who support Wikileaks are just immature criminals, who lash out at 3rd parties when they don't get their way. It is real thug like behaviour "Do what I want or I'll hurt you!" That kind of thing does NOT lend itself to respect and support.
I never noticed Amazon have a single problem, and Mastercard's site is back up and not that important anyhow, it never touched the payment network. Doesn't seem to have been that effective.
As for DDoS vulnerability well ya, the only real defense is massive amounts of bandwidth and lots of server capacity. If someone clogs up your connection, or overloads your server, what are you going to do?
However I don't know that you want to go around advocating for defense against it because an evil one I can think of is just to limit end user upstream severely. Make it so that ISPs can't give out more than 512k or maybe less. If end user connections can't send out many packets, it isn't such a problem. If the per connection upstream is small enough in relation to what big companies have, it'll just take too many systems to mount a DDoS with any effectiveness.
That's also the sort of things that worries me about these asshole tactics. They may lead to the government clamping down on the Internet. If big companies are hit enough and regular people get tired of the assholes, it may well lead to restrictions like small upstreams and more.
this is inane. The point is the attacks not only come from the LOIC network, but other bot networks can also be employed. Therefore it is not possible to differentiate if the computer involved with an attack is a willing participant or a worm victim. So unless the authorities act on every IP-address involved and pay those IP users a personal visit, and IF these people indeed have used LOIC and managed not did not wipe it, only then they have a problem with their non/relative-anonymity. Every one of the conditionals is very questionable to ever occur.
`Anonymous' as the group is called is called such only to indicate that this group does not exist in the sense of identity or organisation. It is plain stupid to speak of anonymous as a group of this or that. One can laugh about it if the mass media doesn't get it, but it's said when universities think something like this is noteworthy. If anon bombs an address with pizza deliveries, it has never been implied that the people who call the pizza delivery companies did so using a untraceable telephone connections. Please.
A perl (iirc) script used for sending packages to internet locations.
See also: USPS, Royal Mail, etc.
Hate to spoil your party, but Anonymous is everyone until you start leaving your ID everywhere, then anonymous is:
72.101.37.123
69.69.69.69
12.39.17.8
etc.
PayPay, and that Swiss bankster, with absolutely no court order nor legal authorization, froze -- or in reality -- stole, over 100,000 Euros of Wikileaks' private donations.
And PayPal claims to have been coerced by the US State Dept., which is aiding, abetting and collusion, as well as strong-arming. Beyond the Euro Union laws, and individual countries' laws, there's also a document called the WTO Financial Services Agreement, which all the bankster frauds always conveniently forget when they so desire.
Next, we have all those legal transgressions in Sweden: (1) the leaking of the investigation by prosecutor Maria Kjellstrand to rightwing tabloids, in violation of Swedish secrecy laws; (2) the further leaking of Assange's file by person or persons unknown in the Swedish Prosecution Authority, in direct violation of their secrecy laws; (3) the fact that Chief Prosecutor Eva Finnes throw out the case initially, after reviewing the fact that the two women got together (corrupting the evidence and conspiring together with their individual stories prior to approaching the police), and next the Minister of Justice, Beatrice Ask, pressures Finnes to reopen the flimsy case; (4) the fact that when Assange and his attorneys attempted to communicate with the Swedish Prosecution Authority for 41 days straight, they were refused -- because not a single magistrate at that time would take on such a farce of a case; (5) the law only recently been written up, specifically for Wikileaks' Assange, WHILE they were actually submitting their Interpol warrant (Sex By Surprise).
So suppose I have a 100mbit line to my server. Great. However then suppose people start sending a gigabit of traffic down it. Well now I'm fucked. There is going to be so much contention, so much bad traffic, that legit traffic won't get through. Nothing I can do about that, my firewall doesn't help since my line is full. If my firewall is over at my ISP, before my line, then on maybe it can, but there's still the matter of what kind of connection it has going in to it. At some point, there's a limit. Fill that up, and you are screwed.
That is the problem with a DDoS. Even if you can make it so that it never hits the server, when you are talking more bandwidth than you have, you can't do anything (on your end).
Just widely publish facts. That's what Wikileaks does. Just google some money laundering news or other similar "services" numerous financial mammoths offer regularly, publish them to many more places, and you'll do much more lasting damage than a bunch of packets for a couple of hours.
Someone has to to teach these kids that corporations are more worries more about teh bad publicity, than the broken websites. You're not breaking the law by widely re-publishing the truth, it can be done easily, and you can actually use Tor for that, respecting netiquette and all.
Build your own energy sources from scratch. http://otherpower.com/