Slashdot Mirror

← Back to Stories (view on slashdot.org)

'Anonymous' WikiLeaks Proponents Not So Anonymous

Posted by timothy on from the they-see-what-you-did-there dept.

Giovane Moura writes "For a number of days the websites of MasterCard, Visa, PayPal and others are attacked by a group of WikiLeaks supporters (hacktivists). Although the group calls itself 'Anonymous,' researchers at the DACS group of the University of Twente (UT), the Netherlands, discovered that these hacktivists are easy traceable (PDF), and therefore anything but anonymous. The LOIC (Low Orbit Ion Cannon) software, which is used by the hacktivists, was analyzed by UT researchers, who concluded that the attacks generated by this tool are relatively simple and unveil the identity of the attacker. If hacktivists use this tool directly from their own machines, instead of via anonymization networks such as Tor, the Internet address of the attacker is included in every Internet message being transmitted. In the tools no sophisticated techniques are used, such as IP-spoofing, in which the source address of others is used, or reflected attacks, in which attacks go via third party systems.

38 of 390 comments (clear)

  1. Maybe by mikerubin · · Score: 5, Funny

    I should change my WI-FI password?

    --
    I sat down to write a new sig tonight and all I did was make the chair warm.
  2. Using TOR? by jfiling · · Score: 4, Insightful

    I was under the impression that running the LOIC through TOR would DDoS the TOR network, not the intended target.

    1. Re:Using TOR? by Dexter+Herbivore · · Score: 4, Funny

      That was probably the intention of these so-called "researchers" (right, not CIA shills at all...) when they suggested such an alternative.

      Soooo.... got any tinfoil hats for sale?

    2. Re:Using TOR? by Anonymous Coward · · Score: 5, Funny

      think of it like shooting an RPG at your neighbour through a chain link fence.

      You will end up with a still alive neighbour, a destroied fence and look like an idiot.

    3. Re:Using TOR? by gilbert644 · · Score: 5, Insightful

      Isn't it kinda childish to label everything that isn't pro wikileaks as CIA shills?

    4. Re:Using TOR? by Anonymous Coward · · Score: 5, Funny

      Isn't it kinda childish to label everything that isn't pro wikileaks as CIA shills?

      You only say that because you're a CIA shill.

    5. Re:Using TOR? by Opportunist · · Score: 3, Interesting

      Finally an analogy that at least made me laugh. It's not much more accurate than the average car analogy, but at least I liked the picture it gave me.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    6. Re:Using TOR? by horatio · · Score: 4, Insightful

      Yes, it is. It is also some kind of hubris to scream about Wikileak's "1st amendment rights" to then attack MC, Paypal, ....and Sarah Palin's website? These entities have a right to conduct their business however they want without undue criminal interference. Palin, whether you agree with her or not, certainly has a right to post a dissenting opinion on FB without having her place (website) smashed up by a bunch of thugs.

      "More speech for Assange and wikileaks --- but no speech may be heard from, no business may be conducted with anyone who thinks this was a stupid/criminal/illegal/unethical thing to do and chooses to terminate their business relationship with Wikileaks!"

      --
      There is very little future in being right when your boss is wrong.
    7. Re:Using TOR? by shaitand · · Score: 5, Insightful

      "It is also some kind of hubris to scream about Wikileak's "1st amendment rights" to then attack MC, Paypal, ....and Sarah Palin's website?"

      Silly rabbit. The bill of rights is for actual humans.*

      * Palin may be human but public figures open themselves to criticism.

  3. No shit, sherlock? by PseudonymousBraveguy · · Score: 4, Insightful

    Sending an IP datagram with your own IP in the header makes you traceable? Inconceiveable!

    Why do you have to write a ten page whitepaper for a simple observation that anybody who is able to find out his own IP address and click on two buttons on wireshark could make in about 5 seconds?

    1. Re:No shit, sherlock? by davidbrit2 · · Score: 5, Funny

      Warning! Your computer may be broadcasting an IP address! Click here to learn how to fix it!

  4. Duh by Anonymous Coward · · Score: 3, Informative

    Only the fools who think "Anonymous" is an actual group could think that its members were actually anonymous.

    The 7 proxies meme exists for a reason, mostly because no one cares enough to actually use a proxy.

  5. Obvious research by Stellian · · Score: 4, Interesting

    Since the average internet troll can't IP spoof (he is limited to a /32 block) it's fairly obvious he will reveal his location. No need to use the source for that, Luke.
    The idea behind a voluntary botnet is that the damage done by each participant does light damage, and is not effectively ddosing, while at the same time the aggregate damage is effective in delivering the desired mob justice. The legal effectiveness of that defense might vary.

    1. Re:Obvious research by Anonymous Coward · · Score: 5, Insightful

      Because you heard other people on 4chan are doing it and wanted to be cool too?

    2. Re:Obvious research by bsDaemon · · Score: 5, Funny

      we were loitering in the anonops irc channel at work the past few days, and one of the questions asked of a bona fide participant was "what's the port for http on www.hillaryclinton.com?" ... i mean, seriously? clearly, we're dealing with brilliant hacker minds here. /sarcasm IP spoofing is likely not a concept that most of them can actually get their minds around as possible.

    3. Re:Obvious research by Anonymous Coward · · Score: 5, Insightful

      Here's how the process goes:

      1. /b/ gets angry at something (only /b/, the other boards do nothing)
      2. Some /b/tard creates an image, which contains information in this format:

      A quick summary why we're attacking
      Where to get the tool
      How to use the tool (this part is usually a screenshot of the tool)
      When to start

      3. Aforementioned /b/tard starts a new thread with the image, with the text saying "GO!" or "do it nao!" (sic), occasionally referring to the alleged sexual preferences of the reader
      4. People see the thread, bump it, and do as they're told

      The vast majority of the people who use LOIC know nothing about the internet. They're just grunts. The only smart ones are those who create these images and formulate the attacks, and they're behind seven proxies. They might not even use LOIC themselves, knowing how easy it is to get caught.

    4. Re:Obvious research by chrb · · Score: 5, Insightful

      I mean why would you join something such as the LOIC without IP spoofing?

      Because many people can't IP spoof? You need to get your broadband router to forward a packet without NATing it, then your ISP has to forward that packet even though the source IP is wrong.

    5. Re:Obvious research by aurispector · · Score: 4, Insightful

      It's a surprise that these people are just a bunch of script kiddies? The phrase "useful idiots" comes to mind: these knuckleheads will take the fall, giving the media and legal system someone to chew on while those with some modicum of coding skill avoid attention. I bet it wouldn't take a lot to ID the majority. Their safely is really in numbers, which isn't much safety at all.

      --
      I have mod points. The reign of terror begins now.
    6. Re:Obvious research by Elbereth · · Score: 4, Insightful

      Nice summary. Yeah, I wouldn't actually partake in the raid, myself, if I were calling for one. Instigating the raid is bad enough, really, and there's no reason to actually get your hands dirty, if dozens, hundreds, or thousands of grunts are doing it for you.

      Of course, you're unlikely to get a personal army just because your girlfriend cheated on you, unless your revenge includes lots of "lulzy" repercussions for her.

    7. Re:Obvious research by Rysc · · Score: 5, Funny

      You MORORN, The HTTP port is WWW, even my GRANDMOTHER knows that!

      --
      I want my Cowboyneal
    8. Re:Obvious research by mkiwi · · Score: 5, Funny

      It's a surprise that these people are just a bunch of script kiddies? The phrase "useful idiots" comes to mind: these knuckleheads will take the fall, giving the media and legal system someone to chew on while those with some modicum of coding skill avoid attention. I bet it wouldn't take a lot to ID the majority. Their safely is really in numbers, which isn't much safety at all.

      It's not "Script Kiddies" on 4chan. It's "Script Kitties" :-)

    9. Re:Obvious research by Anonymous Coward · · Score: 3, Informative

      thank you for the 2 year old summary, now for the nerds out there: its called egress filtering. every isp does it including every dedicated datacenter in the us -- unless they forget, but it is quickly caught when abused (i'm talking within 5min, there are 24/7 noc monkeys watching giant billboards of data).

    10. Re:Obvious research by arivanov · · Score: 5, Insightful

      Both you and UTwente missed the point.

      It is a different type of attack. It is the "I am Spartacus" attack.

      It requires putting 100000+ people most of which are juveniles in their jurisdiction on trial. No politician today can stomach that one at this point. However, the way things are going and the way we are sliding towards police societies I am not so sure that this will be the case a few years from now.

      --
      Baker's Law: Misery no longer loves company. Nowadays it insists on it
      http://www.sigsegv.cx/
    11. Re:Obvious research by fishexe · · Score: 4, Funny

      You MORORN, The HTTP port is WWW, even my GRANDMOTHER knows that!

      I heard WWW was greek for 666, so I don't use the HTTP anymore.

      --
      "I don't care about the Constitution!" --Bill O'Reilly, November 17, 2009
  6. Raw sockets and Windows by Rijnzael · · Score: 4, Interesting

    As I recall, LOIC is for use with Windows machines. If that's the case, the likely reasoning behind not using any identity-concealing techniques is Windows raw socket restrictions. They're flooding web servers, and TCP packets can't be sent with raw sockets, so there's not much else to do other than repeatedly open valid connections (from the Windows platform).

    1. Re:Raw sockets and Windows by Xelios · · Score: 5, Interesting

      Or a reflected SYN attack, which is a little more potent. But the main problem in concealing your identity by forging the source IP is that most ISP's these days perform egress filtering, meaning those forged packets will simply be dropped before they leave your local network. You have to find the range of IP's allowed through your local network and restrict your spoofing to that range, which in the end doesn't conceal your identity very well anyway.

      4chan was actually hit by a reflected SYN attack last year, which forced AT&T to black hole its domain for several hours. Apparently there are still some ISP's, particularly in Eastern Bloc countries, that don't bother to filter spoofed packets leaving their networks.

      --
      Murphey's fighting Occam, and we're in the stands.
    2. Re:Raw sockets and Windows by Opportunist · · Score: 3

      The main "problem" isn't that it's Windows or the lack of raw sockets, even if raw sockets were trivial to use LOIC would probably not use them. Reason? It was never intended to be a DDoS tool to be used in a real attack. It was developed as a stress testing tool, where it matters preciously little whether the "attacked" machine knows where the attack is from. Why? Because the attacker and the attacked is the same person, it's supposed to be a tool to stress test YOUR OWN machines and networks.

      Hiding and spoofing was not really a big issue in the development of this tool.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  7. Hacktivists? by ThePromenader · · Score: 3, Funny

    (Muffled voice emanating from behind a couch from behind which a body and hindquarters are clearly visible) "Hahaha! They'll ~never~ find me!"

    --

    No, no sig. Really.

    ThePromenader
  8. Too much over analysis and hype by adosch · · Score: 4, Insightful

    Regardless of the amount of 'fight-the-man' fame WIkileaks and Assange and Company have drummed up, I think the bigger thing to take away from this story how vulnerable Big Company still is to online DDoS attacks at any given time and for any sort of reason, inflicted or not. You can argue about the traceability and poor track covering tactics of LOIC all day, but it did it's job and did it well. The time and effort to try and even prosecute any of the thousands and thousands of 'whomever's responsible for that source IP would be staggering and it just won't happen. Like many of the /.'s, I side with the notion, "Who cares" and wait for the next front-page new post.

  9. Re:Give a kiddie a script... by Ritz_Just_Ritz · · Score: 4, Insightful

    Not really. These aren't "protesters trying to stop a building project." Like it or not, they're also criminals who are disrupting websites and networks that other folks are paying to use. However, let's humor you and say they're simple protesters. As every person who engages in civil disobedience knows, you've got to be prepared to be arrested/punished. The long arm of the law doesn't always roll their eyes and wait for you to go away.

    Best,

  10. You are broadcasting your IP!!! by Arancaytar · · Score: 3, Funny

    If hacktivists use this tool directly from their own machines, instead of via anonymization networks such as Tor, the Internet address of the attacker is included in every Internet message being transmitted.

    OH MY GOD!!! Our webs are down! All of them! They're stealing the internet! Quick, we need to hack all IPs simultaneously!

  11. Re:Give a kiddie a script... by Opportunist · · Score: 5, Insightful

    Well, technically, so do normal protesters. They clog streets that I'd like to use, they are noisy which disturbs the other neighbors, they're loitering and maybe even squatting, which may be illegal on its own, depending on your country.

    These "internet protests" are not really more or less disruptive to "normal folks" life than ordinary protesters. The difference is that "normal" protesting is protected in most western states and the disruption they cause is something you have to endure because they're executing their right to assemble (peacefully) and protest. Do you think I'm happy to sit in a traffic jam because some students are against chanting in front of our parliament? I hate the jam, but I support their right to protest and to voice their dissent. I consider it important that they may do that, even if I do not agree with their political position and think (for once in a while) that our government is doing a few things right.

    But their right to protest and voice their dissent is more important than me being late for my appointment.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  12. Don't coin dumb and inaccurate words by massysett · · Score: 3, Insightful

    I don't know who started this dumb, inaccurate, and insulting "hacktivist" portmanteau. These people are simple criminals. They are doing nothing to support Wikileaks. To support Wikileaks, give it money. Give it hosting. MIrror its documents. Attacking MasterCard does absolutely nothing to support Wikileaks.

    "Hacker" only means bad things to most people, so I give up on that part of this dumb word. But "activist"? That belongs to people like Liu Xiaobo, winner of the Peace Prize who can't even go to his ceremony because he's in jail. It belongs to people who are actually trying to advance good in the world. It doesn't belong to simple criminals who are engaged in the pointless, cowardly, and pseudo-anonymous destruction of commercial websites.

    I don't know if "hacktivist" is some attempt to be cute, some attempt to stir sympathy for these criminals, or some attempt to look cool by using some hip new word invented on some blog or in Twitter, but there is a huge difference between activism of any kind and simple, cowardly, criminal vandalism.

    --
    Penny - plain text accounting
  13. Re:Ya this is not protest by Graymalkin · · Score: 3, Insightful

    The people performing sit-ins were not attempting to be anonymous and running away as soon as they were challenged. They were willing to act in public and be arrested for what they believed in. Participating in a DDoS is not remotely similar no matter what delusions of grandeur they might have. It's troubling that these people are equating DDoSing a website with activism or protest.

    --
    I'm a loner Dottie, a Rebel.
  14. Re:Give a kiddie a script... by VortexCortex · · Score: 3, Informative

    As TFA states, LOIC software does not perform a reflected (AKA distributed) DoS attack.

    As more individuals participate in the protest, the DoS is equally more effective, but it is a "neutered" attack; A very small amount of traffic is generated compared to what a similar sized bot-net using a true reflective DDoS attack would create. The LOIC program could be much more disruptive if it were meant to do the most harm, but it isn't.

    Each individual is simply sending requests (AKA data) to Mastercard or Amazon. Each individual is performing a DoS attack. It's different than if each individual were performing a DDoS (reflected) attack.

    It's not illegal for an individual to request an Amazon or Mastercard web page.

    How many requests must an individual generate before that individual is in breach of any law?

    Let's say we set it at more than 10 requests per second. Let's also say that I use a web browser that doesn't support the "Keep-Alive" HTTP 1.1 option. Using said browser to view one Amazon web page will easily generate more than 10 requests in a second if my connection speed is sufficiently fast (each image, script, iframe, etc will be downloaded over its own HTTP 1.0 connection).

    When does "using" Amazon's or Mastercard's website become "abusing" the same websites?

    IMO, if you don't want unsolicited packets of data: Install a Firewall in front of your machine. (Note: It is very difficult to run a web server that does not accept unsolicited packets).

  15. Re:Give a kiddie a script... by h4rm0ny · · Score: 3, Insightful

    Nope, Ghandi never won the prize though I think he was nominated several times. On the other hand, Henry Kissinger did, which tells you all you need to know about the Nobel Peace Prize. GP made a bad example, I don't recall acts of sabotage by Ghandi, but he was certainly a law-breaker and a criminal by the laws of the time. GP should have picked a different specific.

    --

    Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
  16. Great points, Opportunist by sgt_doom · · Score: 3, Informative
    But more to the point, there were indeed laws, and many of them broken, in Europe, and specifically in Sweden, in Switzerland.

    PayPay, and that Swiss bankster, with absolutely no court order nor legal authorization, froze -- or in reality -- stole, over 100,000 Euros of Wikileaks' private donations.

    And PayPal claims to have been coerced by the US State Dept., which is aiding, abetting and collusion, as well as strong-arming. Beyond the Euro Union laws, and individual countries' laws, there's also a document called the WTO Financial Services Agreement, which all the bankster frauds always conveniently forget when they so desire.

    Next, we have all those legal transgressions in Sweden: (1) the leaking of the investigation by prosecutor Maria Kjellstrand to rightwing tabloids, in violation of Swedish secrecy laws; (2) the further leaking of Assange's file by person or persons unknown in the Swedish Prosecution Authority, in direct violation of their secrecy laws; (3) the fact that Chief Prosecutor Eva Finnes throw out the case initially, after reviewing the fact that the two women got together (corrupting the evidence and conspiring together with their individual stories prior to approaching the police), and next the Minister of Justice, Beatrice Ask, pressures Finnes to reopen the flimsy case; (4) the fact that when Assange and his attorneys attempted to communicate with the Swedish Prosecution Authority for 41 days straight, they were refused -- because not a single magistrate at that time would take on such a farce of a case; (5) the law only recently been written up, specifically for Wikileaks' Assange, WHILE they were actually submitting their Interpol warrant (Sex By Surprise).

  17. Facts on VISA would hurt more than packets by h00manist · · Score: 3, Insightful

    Just widely publish facts. That's what Wikileaks does. Just google some money laundering news or other similar "services" numerous financial mammoths offer regularly, publish them to many more places, and you'll do much more lasting damage than a bunch of packets for a couple of hours.

    Someone has to to teach these kids that corporations are more worries more about teh bad publicity, than the broken websites. You're not breaking the law by widely re-publishing the truth, it can be done easily, and you can actually use Tor for that, respecting netiquette and all.

    --
    Build your own energy sources from scratch. http://otherpower.com/