Slashdot Mirror
Operation Payback and Hactivism 101
Orome1 writes "While individual acts of hacktivism are inconvenient, something else happens when hacktivists group together — they commonly perform a DDoS attack. Techniques have advanced to automate the process, making the attacks more powerful and thus more able to bypass security controls — the effect, however, remains the same. Let us take a look at the recent Operation Payback which has gained notoriety in the past few months."
Stop calling it HACKtivism?
Amongst nerds (which is pretty much whoever is following it on this site) - to 'hack' does not meant the same as 'to crack'.
And calling DDOSing 'hacking' is wrong on both definitions of hack. Especially if the client is just a script kiddie using a program which s/he doesn't know (or care enough) to work out what its doing exactly.
Is it freedom of speech if you don't let the other guy talk?
In what way has Anonymous prevented their targets from talking? It's not like the only way Paypal or Mastercard have to communicate is through their website.
Living With a Nerd
The problem is this "hacktivism" is doing far more damage than good because it easily allows the politicians to say "We need an internet kill switch". The overwhelming majority of people don't give a damn about wikileaks one way or the other. It's a side show on the 24 hours infotainment channels, that's all. The main reason being that what Wikileaks is doing has little to no effect on people's daily lives. Especially when most are more concerned with the job/family/economy. Instead they see these "attacks" as nothing more than a group of vandals. Nothing more and when authorities want tougher laws to deal with these "vandals", the public shrugs and says...."alright".
And attacking the public facing websites...okay that may work with Amazon or Paypal. But to Mastercard or Visa? So long as I can still use my Visa Debit card or Mastercard at the gas pump or grocery store, it's not like I notice.
That being said, if they did target the processing systems of mastercard/visa, I'm pretty sure that would be the golden goose the politicians have been waiting for to really clamp down on control of the internet because then you are messing with people pocket books.
"The problem with socialism is eventually you run out of other people's money" - Thatcher.
Dude, It's 4chan. Have you ever been on /b/?
Here is what happens: Anon comes in with a novelty idea, /b/tards join in "just for the lulz". Then, new Anon (oldfag Anon is a cold, merciless beast. newfag Anon is the conscious, moral, cause-oriented joke of the internet) puts a tag on it and says they are doing it for X. I mean, some said they did the Habbo raids to fight racism. They also said they did project chanology to protect the victims of Scientology. Bullshit, they did it for the lulz.
Of course, DDoSing, Raiding, IRL stalking, etc, are fucking funny, and if it happens to overlay with a good cause, even better. Let them have fun, and bring them down while they are at it.
But in this case, it's pretty obvious that Anon had nothing to do with Amazon Europe going down. Anon is nothing but a bunch of script kiddies, and they don't have the sophistication nor the combined bandwidth to bring down Amazon with a ddos attack.
WTF am I doing replying to an AC at 5 A.M on a Friday night?
Completely accurate definition. Calling simple request swamping hacking, cracking, cyber-war or any other alarmist title is bullshit. Nobody is breaking into the systems, they are simply utilized beyond their capacity to serve, and that happens because enough people band together to cause the disruption... Witch is in turn caused by company's actions.
As advocates of Democracy and transparency, let's break the law and act in secret to take down big companies, which in turn hurts small businesses who use these payment services. Let's also inconvenience random shoppers. Let's create all kinds of random collateral damage to make a point about supporting transparency by supporting a completely secretive organization.
Sorry, I'm not buying it.
I was just at the Oklahoma City Bombing Memorial and museum. One of the more interesting aspects of it was that the people motivated to bomb the federal building (and kill infants in the nursery) were upset at the government. They felt the most effective way to change the government was a terrorist attack. The two responsible were caught. One will serve life in prison while the other was executed. They didn't change government, but they did forfeit their lives.
Conversely, families of vicitms banded together, formed a group and went to Washington D.C. to ask for reform in how the death penalty is handled in federal cases. They felt the best way to support Democracy and affect change was to use Democracy itself.
That is such a novel concept.
http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
Oh please.
100 people can sit in at a lunch counter, shutting down service, and it's considered activism and protest.
100,000 organized people could easily shut down 1,000 restaurants, or bank branches, or other retail storefronts by the same behavior. Again, activism and protest.
100-500,000 people can jam up the phone banks to Congressional offices and we call it a "Virtual March on Washington." And nobody suggests it doesn't qualify as activism and protest.
All of these count as activism. Yet when an unknown number of people voluntarily download an item to their computer to participate in a "virtual march" on the website of a bank, or the RIAA, or Paypal, or Scientology, somehow it's not activism?
The major difference is whether the participants are willing or unwilling. In the case of most botnet-based DDoS attacks, the participants are unwilling; their machines have been hijacked and often they don't even know they are participants. In the case of LOIC, they are all willing. They purposely downloaded and installed the software. They can leave it running or only turn it on at specific times. They can easily uninstall it if they believe it is being used in a way they don't support.
What is going on is not a "cyber attack." It is a virtual protest march.
How do you figure? It what way were Paypal or Mastercard prevented from saying what they had to say?
Are you implying that they only communicate through their websites?
Living With a Nerd
Yeah. Like they could totally go into the closet and whisper their opinions to the cockroaches. No need to be able to talk to the people who want to listen to them.
Get some maturity why don't you?
Freedom of speech involves freedom from retaliation. If you choose not to do business with them, that's great. But if you prevent others from doing business with them then you've crossed the line.
It is not DDoS or cyber-war it is cyber-picketing. It used to be that when you had a disagreement with a company people picked it and disrupted its business that way. Well, welcome to the 21 century you can now picket the business from the comfort of your own home.
When you're picketing, staging a sit-in, etc you're putting yourself at some risk. At minimum, there's the risk of recognition, of having your name and face associated with your action. You're also taking some of your time and energy to do something that's of value to you.
For a DDOS attack, you're anonymously pushing a "go" button. Quite possibly you're not even still at your computer while it runs. Woooo, there's a way to make a statement.
The nature of the attack itself strips it of both credibility and value - instead, it gets classified (by those who even notice it) as whiny children playing their whiny child games.
So, what, every other DDoS wasn't an 'attack", it was an "event"?
Bullshit.
You just don't like the idea that something you happen to support *this time* is being referred to with *accurate*, pejorative terminology.
Well, suck it up, bucko. Your little wannabe-robinhood friends are nothing more than digital gangsters (actually, that's not fair... gangsters have worked hard to build a reputation for themselves, and it's hardly fair to equate them with a bunch of punk script kiddies), and what they're doing is *attacking* websites in a fit of whiny vigilantism.
Now, that's not to say they don't have legitimate grievances. But what they're doing has been called a "distributed denial of service attack" long before these little bastards decided to use it against VISA.
"Freedom of speech involves freedom from retaliation. If you choose not to do business with them, that's great. But if you prevent others from doing business with them then you've crossed the line." Assuming that we're starting with a level playing field. Mastercard, Visa, Paypal, and Amazon are all able to buy Congressmen. Regular people can't. Our government is so corrupt at this point, there's really no recourse for regular people who have to go up against these corporations with more rights and privileges than actual people.
I don't respond to AC's.
"Cyber-picketers" sit behind a wall of more or less anonymity
Which is necessary because any attempt at cyber-picketing, peaceful or not, is deemed a crime.
often using hundreds or thousands of OTHER PEOPLE'S COMPUTERS to distance their person from the activity
Which is bad. But in the case of this LOIC client, the computers doing the DDOSing are not zombies. They're people who've decided to throw their computer into the picket line.
It really seems to me that this kind of voluntary DDOS is a fairly accurate digital version of the picket line. I mean, how exactly would you picket Amazon anyway? Line up a bunch of people outside their warehouses or something? It isn't like they've got a physical storefront to picket in front of.
"Work is the curse of the drinking classes." -Oscar Wilde
Wikileaks did it to themselves.
Instead to sticking to the leaking criminal activity or human rights violations, leaks decided to just release everything they were given without regard to consequences.
They are now actually aiding countries like China and Saudi Arabia by exposing all the US information and opinions on them.
Good job leaks.
If someone is passing you on the right, you are an asshole for driving in the wrong lane.
Yeah. Like they could totally go into the closet and whisper their opinions to the cockroaches. No need to be able to talk to the people who want to listen to them.
So they don't have Twitter accounts? Facebook accounts? Or, you know...access to the fucking media?
Living With a Nerd
"Freedom of speech involves freedom from retaliation. If you choose not to do business with them, that's great."
But choosing not to do business with them *is* retaliation.
Wait, wasn't there just a slashdot story showing how the pro-Wikileaks "hacktivists" can be easily identified? If so, it seems they actually are putting themselves at risk.
Information theory is life. The rest is just the KL divergence.
Isn't this true of any protest though, online or off? As soon as the protest becomes effective enough to actually have any real impact, measures will be taken by someone to put it to an end. The only protests that can be allowed are those which achieve nothing.
A silly point.
If a thug threatens harm to me or my family for saying something they don't like, that doesn't mean I can't still talk.
But I'd still say you're directly affecting my freedom of speech.
Are you also against civil rights protests that interfered with businesses? Like sit-ins against restaurants that didn't serve black customers?
It's the same kind of thing. The government apparently isn't interested in making companies act fairly to minority customers, and the minority isn't big enough to cause significant damage through passive actions like boycotts. So you're left with vigilante justice or just ignoring it and moving on.
I don't know how I feel about it but I am very curious if people who oppose this DOS attack are also against civil rights sit-ins, which are exactly the same, and being done for the same motivations (even if you don't agree with them).
I doubt it is just "for the lulz" (I feel stupider for typing that), I'm guessing that some portion of Anon does care. They probably care a bit more than you think, since there are probably targets out there that could get even more "lulz" with a bit less risk or work. Looking around, there is a ton of media, IRC channels, forums, and such supporting Operation Payback, or Leakspin, or whatever the hell their calling it these days.
There is no rule stating that you can't find amusement in protests. Go to some modern protests, or view some footage of protests in the '60s, there was almost a carnival like atmosphere. People enjoyed it. You don't have to be serious faced, completely devoted zealot to have a meaningful protest. You can find it fun as well. It might even be better, since to be human is to garner more sympathy (how much sympathy do we have for raving, utterly devoted, religious zealot protesters?), and it makes a better mockery of whoever your protesting. Your having fun inspite of their nasty behaviors.
Rebellion has always been playful.
I would never argue against doing things you believe in AND getting your "lulz" from it, I would rather you go protest laughing. Everything is better when there is some humor, and element of joie de vivre involved. There is a difference between being serious about something, and being just plain creepy.
I do have some distaste over anything 4Chan, and specifically /b/ does, but I think thats mainly just a generational, or cultural thing and really has no relevance on much of anything.
A patriot must always be ready to defend his country against his government. -edward abbey
Visa, MC and Amazon didn't "choose" not to do business with Wikileaks. They have been "asked" to do so, and presented with the alternative to piss off Wikileaks or the US governments, they choose the (presumably) smaller problem. Note that they were not required by law to cease business with Wikileaks or that the government had any (legally backed) reason to require them to cease business. It was just "convenient" for the US government. They just "wanted" to cut off Wikileaks from its resources.
Visa, MC and Amazon were not required, neither by law nor convention nor any other reason to comply with the "request". They just did because it can be beneficial to do the US government a "favor". Especially if it doesn't really cost you anything.
The only thing the DDoSs did is, they made it cost something. And hopefully companies will from now on be more considerate when doing "favors".
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Freely? Are you kidding me?
Do you really think Visa and MC woke up one morning and found out that "Hmm. We suddenly don't like Wikileaks anymore." And Amazon, Paypal and that Swiss bank the name of which I keep forgetting, all had the same idea all at the same time? Boy, talk about great minds thinking alike.
They didn't "freely" decide to stop doing business with Wikileaks. You may rest assured that they were "asked" to freeze the funds and stop dealing with Wikileaks. Note that they were not required BY LAW to do so. If they were, I'd be fully on your side. There is no law that requires them to cease business with Wikileaks. They were just "asked" to cease business and figured that it doesn't matter, so we better do what the US gov wants, even though there is zero legal reason to comply.
Simply allowing this to happen means that whoever just happens to be in power in the US can basically decide who may and who may not do business, with whomever. Is that what we want? A government that may dictate who may and who may not buy, sell or otherwise trade? Not based on laws but on whim?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Picketing is NOT about denying access to something, it is about persuading people not to go in. Picketing is non-violent, and non-disruptive. The idea is to call attention to a problem, and to hopefully persuade others to not do business with a place. If you are forcibly stopping people from going in, that's a blockade and that isn't legal.
If you think I'm an asshole, you are within your rights to picket my house. You can stand outside, not on the property, with a sign and let people know, including people who come to visit. However, if you try to block me from entering my house, the police will come and remove you and charge you with a crime. You can't prevent me from going where I want.
Now occasionally protesters do blockade a business as a form of protest. Guess what? They get arrested for that, and they KNOW they will. It is a form of civil disobedience and they understand the consequences.
This is not picketing, it is blockading and it is illegal.