Slashdot Mirror
Anonymous Now Attacking Corporate Fax Machines
An anonymous reader writes "Anonymous has claimed responsibility for distributed denial of service attacks against several anti-WikiLeaks websites this month. In a novel twist to the campaign, Mission Leakflood has started a new DDoS attack against fax numbers belonging to Amazon, MasterCard, Moneybookers, PayPal, Visa and Tableau Software. Some numbers have already stopped responding, and Twitter and PostFinance have since been added to the target list."
What's a Fax Machine?
I love how all these "Anonymous" noobs are basically reporting themselves to the authorities by running Denial of Service attacks from their home computer.
"Sorry, the FBI took all our computers dad. I was doing some 1337 hacking for 'Anonymous'"
It looks like the "hacktivist" (better known to me as "vandals") are going backwards in time. Maybe they finally recruited someone older than 12?
I'm betting this just gets worse for a while. These attacks are all being carried out for attention, and they've been generating tons of it. They even get extra credit with the several "Are the attacks over???" articles I've seen over the past two days or so. These articles are adding fuel to the fire.
I'm using all of my mod points to mod ancient memes down. Please join me.
I get this feeling that this is mostly a prank to weed out the kids, if even to amuse (or protect) the ones that know what they're doing.
First, DDoS app used by masses of kids that don't know how to obscure who they are. Now wardialing fax machines? Not only are they more easily traced, but there are very specific laws about it (at least in the US) that have been around forever. No grey area here... people are going to find themselves in trouble. :(
when the feds bust down the door to her house because you've been dialing out of her basement.
hahahahaha faxed goatse
Where is the "Ignorant" mod tag?
The Telephone Consumer Protection Act (TCPA) and FCC rules generally prohibit most unsolicited fax advertisements. In addition, the Junk Fax Prevention Act, passed by Congress in 2005, directs the FCC to amend its rules adopted pursuant to the TCPA regarding fax advertising.
I wouldn't assume this is simple wardialing. There are a great many sip servers on the internet now with PSTN access. It could just as easily be someone's list of compromised sip boxen doing this.
Bonus points due to the fact that UDP is stateless and with the right timing, its possible (but less accurate) to wardial bad faxes spoofed perfectly anonymously assuming you know the credentials are valid.
a handful of selfish greedy people are no match for millions of selfish, greedy people -u4ya
for all the business/revenue lost by amazon, paypal, visa, mc. After all, he was the one calling around and pressurizing them to cut a client off, totally against the concepts of free speech, journalism, and fair business. politically censoring a journalistic outlet, for publishing detrimental information.
....
in case some of you havent kept up, here is how we know it was sen. joe liebermann :
day 1 : amazon cuts wikileaks from their cloud. it is rumored that liebermann pressurized them personally, but amazon does not comment. cites tos violation on balooney terms.
day 2 : everydns cuts wikileaks.org domain. they are not as secretive as amazon. they directly and openly state that joe liebermann called them, and threatened them. towards the evening, they mysteriously retract their statement.
a few days later : paypal cuts wikileaks donations and holds their funds. they cite tos violation, inquiry, and so on.
in the meantime : visa, mc do the same.
a week later : anonymous constantly attacks paypal since a week, keeping api.paypal.down and causing them millions in business. paypal comes around, and admits that they have suspended wikileaks due to political pressure.
a few days more with anonymous : paypal releases wikileaks funds that were being held.
today : anonymous starts attacking corporate fax machines.
count the times how many times word 'liebermann' passes in the above chronology.
after pressurizing the PRIVATE companies to cut down a perfectly legitimate customer, while in the meantime totally violating first amendment, modern principle of freedom of speech even outside us constitution, intervening and pressurizing private companies, going against journalistic freedoms, it is only natural that he would come up and pay for the business he cost all those companies. of course, not even counting the clients that started to bail out of american providers. not only payment like paypal etc, but a lot of small to medium size businesses are bailing out of u.s. based web hosting companies, datacenters, and content delivery providers.
surely, joe liebermann has the funds to make up for that business lost. else, he wouldnt be going around violating civil liberties, constitutions, and intervening in business for censorship
right ?
Read radical news here
Are they going to start using carrier pigeons to send harshly worded ankle notes to the CEOs?
You obviously don't know that much then since it can easily be hidden.
Fax hacking is low-tier hackery.
This hasn't even been the first time it has been done.
Of course, those who are idiots and just obey very basic instructions will get caught since most of them are script kiddies amongst a select bunch who abuse the large numbers of anonymous people on the web with time to spare.
They develop the techniques and software, post it somewhere, direct some board to it, bham.
I love how you also fell for such an obvious troll that "anon", AKA, generic 4chan user that you are obviously blaming for this, is underage. /b/ mainly)
A good bunch of users are in their 20s-30s, well under a quarter of the people who visit it are genuinely underage. (the ones who frequent
And you wonder how i know this when "anonymous" users on an anonymous board. That is one thing you shall never know.
If you spend six months organizing 10,000 marchers down Times Square in nyc you might get less media attention than these guys. Sad thing is, not only these kids are attracted to violence, the media and the readers are too. Not to mention the establishment. Planning meaningful action that does not involve these things is not easy.
Build your own energy sources from scratch. http://otherpower.com/
So is spam. ("Spam is actually illegal but many people are still receiving messages because people don't care about the laws" -- spamlaws.com)
So is phishing. (It's considered fraud.)
So is war dialing (In some places under "placing a call with no intent to communicate" and other laws).
So is robocalling.
These people don't fucking care.
After they outlawed faxing advertisements and junk, only outlaws faxed advertisements and junk.
Can you fax me some white paper? I'm running out.
http://michaelsmith.id.au
hahahahaha faxed goatse
Actually, the best method would be to use a Black Fax rather than something like stick figures or Goatse. Better yet, not only a simple Black Fax, but one that is looped, so that it endlessly feeds itself through the fax - assuming the originator is a fax machine itself. Otherwise if the fax is originating from a computer or IP address of some sort, then multiple pages of plain monotone black - with the emphasis on MULTIPLE :)
Moved to http://soylentnews.org/. You are invited to join us too!
I think the correct term is "center of attention" or "world police". ~Anonymous your days are through, and now you'll have to answer to.. America, F-yeah!~
... how important fax numbers are to companies like Paypal and Mastercard and Amazon.
Like it or not, a faxed document with a signature is still much more legally recognized as valid than a scanned email, even if said email has been digitally signed. As such, companies like Mastercard/Paypal/Amazon *ROUTINELY* rely on fax to send and receive legal documents, both among other businesses and their own customers.
Cutting off faxes would be a BIG BIG deal to a financial company like Paypal/Mastercard, and likely Amazon as well.
I find it amusing that companies are willing to accept blurry, low-quality, could-have-been-signed-by-Bigfoot black-and-white signatures delivered by fax, but not high-resolution color scans delivered by e-mail...
I am also amused that "Anonymous" thinks DDoS'ing a fax number will make companies listen to them.
That defense may actually work if your computer is actually part of a botnet. Otherwise, you will likely find yourself learning more about computer forensics and perjury laws. No, your not going to just be able to lie to the FBI about your computer and get away with it.
The police / FBI may have a little trouble with 'the botnet defense' when they discover that your computer is not actually controlled by a botnet. Or is your computer under botnet control?
For those naive enough to take 'the botnet defense' seriously:
If the police are talking to you, you have already lost
The kind of lawyers that can actually get you off cost alot of money
Lying to the police is easier in theory than in practice
Your best defense against the police is silence. Just shut your mouth and get a lawyer.
"They can't arrest us all"
No, but they can log all of our IP addresses and arrest whoever they want. They can't arrest every drug user, but that doesn't stop them from filling the prisons with them. If you want to stay out of trouble, you should do your best to make yourself a small target.
These large companies probably don't even have real fax machines. All a black-page fax would do is put a black-page PDF in some inbox or file share somewhere.
That hurts, but is pretty juvenile and easily dealt with.
The best way to do it is if they faxed all those cables that Wikileaks has released. Black pages can be recycled easily. Sensitive data? That has to be shredded. And people who aren't supposed to be looking at these things may end up seeing them.
Imagine all the banks and Paypal and Amazon having to now deal with printouts of all the cables themselves - do they shred them? Recycle them without shredding? Also imagine people who shouldn't be looking at them looking at them accidentally (like all those trying to apply for federal jobs).
DDoS the fax? Doesn't do much. But use the fax to DDoS the company is more interesting because someone has to handle the document in the end, and they have to look at the incoming fax to determine routing. They may have to read the cables whether they want to or not to figure out if it's something to can or forward. Black pages - canned easily (and since it's all electronic these days, costs disk space). But pages and pages of readable material...
the law states that i can't falsify who i am when faxing - and that at the receivers request i must stop sending unsolicited faxes.
problem is... if i'm always busy (dialing your fax number) you can't exactly call me to ask me to stop - nor can you fax me to ask me.. best they can do and is within the law is to call the bell and request either an operator override and block the number and have the bell send the request.
either way given the short window given for this DoS as long as people aren't trying to hide who they are when sending them then they aren't breaking the law.
'...if only "Jumping to a Conclusion" was an event in the Olympics.'
Why attack twitter? http://www.twitter.com/wikileaks seems to be working fine, and the explanation at http://www.boingboing.net/2010/12/06/why-wont-wikileaks-t.html#comment-958285 for why Wikileaks didn't appear in trending topics makes sense to me. Everyone seems to agree that #cablegate did trend. The issue of why Twitter should be attacked is not mentioned at all in the original article.
I, for one, do not support this comment. Smack that kid and send him to bed without supper. Problem solved.
The world is how you make it
You seem to think that the US == the entire world.
You seem to think geography matters when the big dogs want to put you behind bars. Just ask Julian.
pointless
since most of the major corporations have moved from hardcopy faxes to digital ones, easier to handle, less waste.
i would assume since Amazon...paypal are large enough and have enough corporate structure (rules) that they would have moved to digital faxes, expecially to fulfil their archive responsibilities
It's not a typo if you understood the meaning!
That sort of thing is trivially detectable, however, and if they are using an efax service, I dont doubt that that sort of thing is filtered out.
It's not a case of being clueless noobs.
It's a classic example of Civil Disobedience ( http://en.wikipedia.org/wiki/Civil_disobedience ) not unlike refusing to sit in the back of a bus - and when many people do it in large numbers, it changes policies.
This is a million geeks saying I AM ANONYMOUS just like the guys saying I AM SPARTACUS in that old movie.
Between e-fax and hacked SIP accounts, I think fax spamming would be trivial. Do you think the attackers care if the efax service gets shut down?
It's not like those spammers are actually using their own computer to send out e-mails, why would fax attackers behave any differently?
How many hacked skype gateways or magic jacks is your operator going to override?
When our name is on the back of your car, we're behind you all the way!
Easily traced until you get to the POP of the Voip call. Or it's not out of a company's compromised phone system.
Sorry but prank calling phone numbers is 100% untraceable and easy to do in the world of Voip and tons of companies with outbound services that are not protected as well as they should be.
Phone calls are the easiest to hide behind, because they can't do the CSI trace the call crap. Your education in the matter is from TV and is very flawed.
Do not look at laser with remaining good eye.
I'm not sure this would have the desired effect at these locations.
I have four or five offices I administrate that receives faxes and stores them without ever printing. It looks through the image for the attention tag and then the name after that and attempts to assign it to an email of a specific person. If that doesn't work right, it goes to one of the receptionists who sees the first page and manually determines who to send it too. If that can't be figured out from that little bit of information, it then goes to someone who views the entire fax to determine what to do with it.
In this situation, simply writing a script to detect more then so many black characters (more then say 80% or the fax) could automatically forward this to file 13.
I wouldn't think that large companies like Amazon or MasterCard have any less of a system. There might be certain offices that have direct fax lines but I would think that accountability laws and the nature of the business would require an automatic archive of all faxes in and out pertaining to any particular matter of business. This sort of makes it more likely that they are stored first and printed as/when needed. Perhaps in this day and age, all you can really do is tie up the fax lines and flood personnel with verification tasks.
either way given the short window given for this DoS as long as people aren't trying to hide who they are when sending them then they aren't breaking the law.
Yes, yes they are. Read up on "harassment" for starters, and that's just the one I know off the top of my head.
Amazon and Paypal don't do classified work for the government, so they aren't bound by the same standards for destruction of classified documents as a defense contractor.
The places that actually do classified work for the government would have this "problem" solved in seconds. It's not like their shredders are slow, and it's quite common to have cleared office staff who'd be handling the material.
I used to remember the sequence for going into the nortel system configuration menu. Anyone who spends a few evening configuring these things can eventually memorize every menu.
Back in the day I actually picked up a handset at a major retailer and checked to see if anyone had changed the passwords. In my experience, there are lots of poorly configured systems or at least those waiting to be poorly configured. A very basic feature of even the most basic systems is a redirect. You can setup a dialing pool on an unknown extension very quickly and very easily. Once it's running there are very times someone actually goes back to investigate.
"You should always go to other people's funerals; otherwise, they won't come to yours." -- Yogi Berra
Assuming myfax is "the bad guys", then yes.
Otherwise, you've managed to destroy an innocent company.
Go team!
Actually, what he is saying is pretty smart.
You see, when people get busted for smuggling drugs across the country, they generally get hit not because the cop said, he might have drugs, lets search him, but because they are speeding or sampling the merchandise and weaving or driving erratic or something. They failed to make themselves a small target.
The same goes with a concealed weapon. It's the people who show it to everyone who get busted for carrying it. Well, that unless they get busted for something else. In either case, they failed to make themselves a small target.
What he is saying is that if you don't want to get into trouble, don't do anything wrong. And if you do, do as little as noticeable so you don't become a big target on their radar.
This is a million geeks saying I AM ANONYMOUS just like the guys saying I AM SPARTACUS in that old movie.
You do know how that ended, right?
Why would they want to weed out the kids, instead of having them available for the next prong of the attack?
The evident intent of the Wikileaks, and the resulting "Anonymous" group, is to incur government costs, crippling the government at every level. It's a multi-pronged DDoS: sure, the fax machines and the servers are one thing, but they're denying resources further down the line, as well:
* The people maintaining the servers
* The people who rely upon the servers
* The people who's lives are disrupted by inadvertently viewing said documents (against their pay grade)
* The policy adjustments which must be made to account for the intelligence disruptions.
* The years of building international relationships which are damaged.
* Significantly, the burden upon the justice system by the influx of hundreds+ of "10 years to life" charges resulting from the various above attacks.
It's pretty damning towards Wikileaks, IMO. If, indeed, the intent was to "make the government accountable" they'd be, I dunno, releasing documents which actually relate to that, first and foremost - not these international relations-damaging intel documents.
Maybe I'm reading into it too much, but it's quite evidently a conspiracy-in-the-open by the very definition of the coordination.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
Civil disobedience is, for the most part, flat out illegal too. And, for the most part, it involves disruption of other people's services. What makes it "right" rather than "wrong" is not a matter of whether there are laws against it or whether people are depending on you not doing it, but whether those laws or that allocation of services is just in the first place.
You don't think that the Mississippi sit-ins disrupted white folks' services at restaurants? You don't think countless young activists engaged in non-violent actions that nonetheless violated various local apartheid laws?
Civil disobedience is a term which distinguishes non-violent resistance from violent resistance, not non-resistance from resistance.
Refusing to sit in the back of the bus is most certainly civil disobedience, if the law (or policy) says you must sit in the back of the bus.
That's ridiculous. The purpose of civil disobedience is to disrupt unjust (according to the disobeying party) policy and make it too costly to maintain. That there is some risk involved is a consequence of the injustice; wanton self-risk without regard for purpose is exactly how *not* to accomplish anything worthwhile in activism. It's at least as useless as having neither purpose nor taking risk, but quite a bit more destructive as it's likely to cause needless waves of repression in response.
Actually, there was. They were called "Jim Crow" laws, and they allowed separation of races in public spaces and provided punishments for those who refused to comply.
Rosa Parks was arrested and served time in jail for refusing to stand up for a white man. The law mandated that she obey the driver regarding the segregation of the seating on the bus.
Quote:
Jim Crow laws in various states required the segregation of races in such common areas as restaurants and theaters. The "separate but equal" standard established by the Supreme Court in Plessy v. Ferguson (1896) lent high judicial support to segregation.
A Montgomery, Alabama, ordinance compelled black residents to take seats apart from whites on municipal buses. At the time, the "separate but equal" standard applied, but the actual separation practiced by the Montgomery City Lines was hardly equal.
It was most certainly a "city ordinance" and therefore a law in 1955.
> You see, when people get busted for smuggling drugs across the country, they generally get hit not because the cop said, he might have drugs, lets search him, but because they are speeding or sampling the merchandise and weaving or driving erratic or something.
I especially loved the guy who drove a semi full of pot on the cars-only level of the George Washington Bridge.
-- IANAL, this isn't legal advice, and definitely isn't legal advice for you. Also, Squee!
The Roman Empire fell and slavery was abolished?
OK, so it took a little time...
"Kill 'em all and let Root sort 'em out"
You seem to think that the US doesn't have treaties with many (most, when you consider the source of most of the /b/tards out there) foreign countries to allow for prosecution of spam faxes.
Not only is sending junk faxes illegal in the states, it's illegal in most of the EU, Japan, Hong Kong, China, Canada, and most of South America. The least penalty in any of those countries is the disconnection of your telephone service, and in some it can result in significant fines or jail time.
Doing a DDoS on a website is much more difficult to prosecute, because it's way too easy to spoof your number. While you can spoof your number on call display, the telephone company can still quite easily trace the source of a harrassing call for prosecution.
Obligatory disclaimer: I work for Ma Bell, and have performed such traces in the past.