Anonymous Now Attacking Corporate Fax Machines

An anonymous reader writes "Anonymous has claimed responsibility for distributed denial of service attacks against several anti-WikiLeaks websites this month. In a novel twist to the campaign, Mission Leakflood has started a new DDoS attack against fax numbers belonging to Amazon, MasterCard, Moneybookers, PayPal, Visa and Tableau Software. Some numbers have already stopped responding, and Twitter and PostFinance have since been added to the target list."

A what?

[jamesl]

What's a Fax Machine?

Re:A what?

[pspahn]

It's a machine that stores, retrieves, and serves Fax. Fax such as "how many licks does it take to get to the center of a tootsie pop" and "how often does Google watch me in the shower?"

Current forms of Fax Machines are Wikipedia, and Answers.com. They serve their purpose and serve it well. Previous incarnations include the Rosetta Stone, Newpaper Rock, and the Black Monolith. While comparatively primitive by modern standards, these archaic Fax Machines undoubtedly sparked the minds of those who used them.

Honorable mention goes to Baghdad Bob for keeping faithful to the true heart of Fax Machines, though ultimately his Fax were deemed inaccurate.

Re:A what?

[makubesu]

An additional source of confusion is that Fox uses a Faux machine to generate its stories.

Re:A what?

[Pharmboy]

Faxes aren't going anywhere any time soon. It is still more convenient for many tasks, and software hasn't done a great job when it comes to standardization of attachments. I still get email attachments from people who just installed the newest version of Microsoft Office, and when I tell them to save it in an older format, they have no fucking clue what that means. They just save in the default format, which is always the "new" format, and we don't run MS Office in our office, on purpose. We run OpenOffice (which is now LibreOffice) but I digress. So I tell them "Then fax it to me" because I don't have the time to explain why they are a 'tard for not knowing how to save a file as a "word 95" file.

And of course, what they end up sending me is nothing more than plain text anyway, which could have been done using Notepad, but they have no idea what that is. Sometimes they use a fancy font, usually one that is barely readable. We avoid this by simply having a "print to PDF" feature in our office, so we just send everyone a PDF when we email, unless of course we are just sending text, in which case we type it. Unless it is a page from an old owners manual, in which case we just copy it then fax it.

Have I made myself clear? No? Good. Because most people in the biz world are too busy trying to get business done to care how they get it, and faxing is easy, cheap and fast.

As for checks/cheques, they will also be around for a long time as they are handy for a creating paper trail and delaying payment for a couple days. And you can fax them to the other party to show them that the check is in the mail, which doesn't make much sense as technically, it is in a fax machine, but it makes them feel good if you are a week behind on the payment for some reason. Then you wait another week, send the check, and blame the post office. I times are really hard, you can just seal an empty envelope, then use a letter opener to open the empty envelope, then mail that, then when the receiving party says the envelope was open and empty, tell them that someone must have stolen the check, so it isn't your fault, and that you will send another check TODAY, which you then fax a copy of, wait one week, then mail.

So in short, the reason that faxes and cheques exist is that they are simple and efficient.

Not Very Anonymous

[bit+trollent]

I love how all these "Anonymous" noobs are basically reporting themselves to the authorities by running Denial of Service attacks from their home computer.

"Sorry, the FBI took all our computers dad. I was doing some 1337 hacking for 'Anonymous'"

Re:Not Very Anonymous

[Coldegg]

It doesn't matter... I'm not sure how much time you've spent with the police or in front of the judge, but it's really a pain. For most people, having to go through all of those things can be life impacting. It is hard enough for alot of thee people once corporations grab onto them (see DMCA, etc). It's a whole lot worse when you've pissed off the federal government and they latch on.

It will be interesting to see how this goes down... but I have a strong feeling that there will shortly be a large numbers of household raids w/ electronics confiscations. Good luck telling them that your machine was hacked. With that defense, you might see your computer again after a few years of courthouse battle.

Re:Not Very Anonymous

[HBI]

No, but seizing computers and holding them for a while, along with mugshots and showing up in the local police blotter is probably trouble enough for most people. The repeat offenders will get the jail time.

Re:Not Very Anonymous

[EdIII]

You may never see your computer again period.

Innocence is truly not a factor in these cases. They will come down on your hard enough to "put the fear of God" in you, so that you never make the mistake of even thinking of being an activist. That is if you are truly innocent, too.

Regardless, your computer is now evidence in another case, one that they will be building against the person that hacked your machine. Of course, that investigation could go on for years, then the inevitable court cases, multiple jurisdictions, possibly multiple countries involved, etc.

By the time you get your computer back from the evidence room everything will be on the Internet (translation Google) and accomplished by omni-present holographic interfaces in your whole house, including the shitter. More than likely you will get a form first asking if you want to donate it to the Smithsonian.

This is just going to get worse

[secretcurse]

I'm betting this just gets worse for a while. These attacks are all being carried out for attention, and they've been generating tons of it. They even get extra credit with the several "Are the attacks over???" articles I've seen over the past two days or so. These articles are adding fuel to the fire.

Re:Ah, Wardialing

I get this feeling that this is mostly a prank to weed out the kids, if even to amuse (or protect) the ones that know what they're doing.

First, DDoS app used by masses of kids that don't know how to obscure who they are. Now wardialing fax machines? Not only are they more easily traced, but there are very specific laws about it (at least in the US) that have been around forever. No grey area here... people are going to find themselves in trouble. :(

Mommy won't be happy...

[RightwingNutjob]

when the feds bust down the door to her house because you've been dialing out of her basement.

Re:Mommy won't be happy...

[brainfsck]

According to the instruction image, they're using an online faxing service behind a proxy.

Seems unlikely anyone will go after dozens of kids behind international proxies.

Junk faxes are against the law

[rminsk]

The Telephone Consumer Protection Act (TCPA) and FCC rules generally prohibit most unsolicited fax advertisements. In addition, the Junk Fax Prevention Act, passed by Congress in 2005, directs the FCC to amend its rules adopted pursuant to the TCPA regarding fax advertising.

Re:Junk faxes are against the law

[aBaldrich]

DDoS is against the law too. That doesn't stop them from doing it.

Re:Junk faxes are against the law

[Fluffeh]

The Telephone Consumer Protection Act (TCPA) and FCC rules generally prohibit most unsolicited fax advertisements. In addition, the Junk Fax Prevention Act, passed by Congress in 2005, directs the FCC to amend its rules adopted pursuant to the TCPA regarding fax advertising.

A Black Fax doesn't advertise anything or solicit anything and therefore cannot be realistically prosecuted under either act. I did actually read the Junk Fax Prevention Act in quite a bit of detail. It specifically covers advertising of some sort, no matter how it is passed as "Savings, information, value to the customer etc..." it has to be an ad of some sort.

So, Junk Fax Advertising is indeed against the law, but it is NOT against the law to send a fax to someone without prior dealings, or without their permission or without an "Opt out" clause.

Re:Junk faxes are against the law

[Planesdragon]

So, Junk Fax Advertising is indeed against the law, but it is NOT against the law to send a fax to someone without prior dealings, or without their permission or without an "Opt out" clause.

Bollocks. It may not be against THAT law... but sending faxes with as benign an intent as annoying someone can be criminal. In NYS, for instance, you'd be violating the penal code.

Aggravated harassment in the second degree.

  A person is guilty of aggravated harassment in the second degree when, with intent to harass, annoy, threaten or alarm another person, he or she:

  1. Either (a) communicates with a person, anonymously or otherwise by telephone, or by telegraph, mail or any other form of written communication, in a manner likely to cause annoyance or alarm; or (b) causes a communication to be initiated by mechanical or electronic means or otherwise, with a person, anonymously or otherwise, by telephone, or by telegraph, mail or any other form of written communication, in a manner likely to cause annoyance or alarm; or

  2. Makes a telephone call, whether or not a conversation ensues, with no purpose of legitimate communication; ....
  Aggravated harassment in the second degree is a class A misdemeanor.

There may be a federal equivalent elsewhere in the law. Good rule of thumb: If it interferes with someone else, don't assume you're not violating any laws until you talk to a lawyer.

(And don't get hang up on that "how could they figure out my intent!" argument. Near every criminal locked up in the state had a jury of their peers infer their intent. [the exceptions being those who pled guilty])

Re:Ah, Wardialing

[CyprusBlue113]

I wouldn't assume this is simple wardialing. There are a great many sip servers on the internet now with PSTN access. It could just as easily be someone's list of compromised sip boxen doing this.

Bonus points due to the fact that UDP is stateless and with the right timing, its possible (but less accurate) to wardial bad faxes spoofed perfectly anonymously assuming you know the credentials are valid.

Dont worry - Sen. Joe Liebermann will pay

[unity100]

for all the business/revenue lost by amazon, paypal, visa, mc. After all, he was the one calling around and pressurizing them to cut a client off, totally against the concepts of free speech, journalism, and fair business. politically censoring a journalistic outlet, for publishing detrimental information.

in case some of you havent kept up, here is how we know it was sen. joe liebermann :

day 1 : amazon cuts wikileaks from their cloud. it is rumored that liebermann pressurized them personally, but amazon does not comment. cites tos violation on balooney terms.

day 2 : everydns cuts wikileaks.org domain. they are not as secretive as amazon. they directly and openly state that joe liebermann called them, and threatened them. towards the evening, they mysteriously retract their statement.

a few days later : paypal cuts wikileaks donations and holds their funds. they cite tos violation, inquiry, and so on.

in the meantime : visa, mc do the same.

a week later : anonymous constantly attacks paypal since a week, keeping api.paypal.down and causing them millions in business. paypal comes around, and admits that they have suspended wikileaks due to political pressure.

a few days more with anonymous : paypal releases wikileaks funds that were being held.

today : anonymous starts attacking corporate fax machines.

count the times how many times word 'liebermann' passes in the above chronology.

after pressurizing the PRIVATE companies to cut down a perfectly legitimate customer, while in the meantime totally violating first amendment, modern principle of freedom of speech even outside us constitution, intervening and pressurizing private companies, going against journalistic freedoms, it is only natural that he would come up and pay for the business he cost all those companies. of course, not even counting the clients that started to bail out of american providers. not only payment like paypal etc, but a lot of small to medium size businesses are bailing out of u.s. based web hosting companies, datacenters, and content delivery providers.

surely, joe liebermann has the funds to make up for that business lost. else, he wouldnt be going around violating civil liberties, constitutions, and intervening in business for censorship ....

right ?

Re:Okay that's some funny shit

[Fluffeh]

hahahahaha faxed goatse

Actually, the best method would be to use a Black Fax rather than something like stick figures or Goatse. Better yet, not only a simple Black Fax, but one that is looped, so that it endlessly feeds itself through the fax - assuming the originator is a fax machine itself. Otherwise if the fax is originating from a computer or IP address of some sort, then multiple pages of plain monotone black - with the emphasis on MULTIPLE :)

A lot of people don't seem to understand...

[brunes69]

... how important fax numbers are to companies like Paypal and Mastercard and Amazon.

Like it or not, a faxed document with a signature is still much more legally recognized as valid than a scanned email, even if said email has been digitally signed. As such, companies like Mastercard/Paypal/Amazon *ROUTINELY* rely on fax to send and receive legal documents, both among other businesses and their own customers.

Cutting off faxes would be a BIG BIG deal to a financial company like Paypal/Mastercard, and likely Amazon as well.

Yeah - Why not add a Federal Perjury Charge...

[bit+trollent]

That defense may actually work if your computer is actually part of a botnet. Otherwise, you will likely find yourself learning more about computer forensics and perjury laws. No, your not going to just be able to lie to the FBI about your computer and get away with it.

The police / FBI may have a little trouble with 'the botnet defense' when they discover that your computer is not actually controlled by a botnet. Or is your computer under botnet control?

For those naive enough to take 'the botnet defense' seriously:
If the police are talking to you, you have already lost
The kind of lawyers that can actually get you off cost alot of money
Lying to the police is easier in theory than in practice
Your best defense against the police is silence. Just shut your mouth and get a lawyer.

"They can't arrest us all"
No, but they can log all of our IP addresses and arrest whoever they want. They can't arrest every drug user, but that doesn't stop them from filling the prisons with them. If you want to stay out of trouble, you should do your best to make yourself a small target.

Re:Nice blunder!

[HeronBlademaster]

These large companies probably don't even have real fax machines. All a black-page fax would do is put a black-page PDF in some inbox or file share somewhere.

Re:Okay that's some funny shit

[tlhIngan]

Actually, the best method would be to use a Black Fax rather than something like stick figures or Goatse. Better yet, not only a simple Black Fax, but one that is looped, so that it endlessly feeds itself through the fax - assuming the originator is a fax machine itself. Otherwise if the fax is originating from a computer or IP address of some sort, then multiple pages of plain monotone black - with the emphasis on MULTIPLE :)

That hurts, but is pretty juvenile and easily dealt with.

The best way to do it is if they faxed all those cables that Wikileaks has released. Black pages can be recycled easily. Sensitive data? That has to be shredded. And people who aren't supposed to be looking at these things may end up seeing them.

Imagine all the banks and Paypal and Amazon having to now deal with printouts of all the cables themselves - do they shred them? Recycle them without shredding? Also imagine people who shouldn't be looking at them looking at them accidentally (like all those trying to apply for federal jobs).

DDoS the fax? Doesn't do much. But use the fax to DDoS the company is more interesting because someone has to handle the document in the end, and they have to look at the incoming fax to determine routing. They may have to read the cables whether they want to or not to figure out if it's something to can or forward. Black pages - canned easily (and since it's all electronic these days, costs disk space). But pages and pages of readable material...

Re:Ah, Wardialing

[Amouth]

the law states that i can't falsify who i am when faxing - and that at the receivers request i must stop sending unsolicited faxes.

problem is... if i'm always busy (dialing your fax number) you can't exactly call me to ask me to stop - nor can you fax me to ask me.. best they can do and is within the law is to call the bell and request either an operator override and block the number and have the bell send the request.

either way given the short window given for this DoS as long as people aren't trying to hide who they are when sending them then they aren't breaking the law.

Why attack Twitter?

[TimFreeman]

Why attack twitter? http://www.twitter.com/wikileaks seems to be working fine, and the explanation at http://www.boingboing.net/2010/12/06/why-wont-wikileaks-t.html#comment-958285 for why Wikileaks didn't appear in trending topics makes sense to me. Everyone seems to agree that #cablegate did trend. The issue of why Twitter should be attacked is not mentioned at all in the original article.

Re:I, for one,

[Stregano]

I, for one, do not support this comment. Smack that kid and send him to bed without supper. Problem solved.

Re:Ah, Wardialing

[Jurily]

You seem to think that the US == the entire world.

You seem to think geography matters when the big dogs want to put you behind bars. Just ask Julian.

Re:Okay that's some funny shit

[muphin]

pointless
since most of the major corporations have moved from hardcopy faxes to digital ones, easier to handle, less waste.
i would assume since Amazon...paypal are large enough and have enough corporate structure (rules) that they would have moved to digital faxes, expecially to fulfil their archive responsibilities

I AM SPARTACUS - google civil disobediance

[ron_ivi]

It's not a case of being clueless noobs.

It's a classic example of Civil Disobedience ( http://en.wikipedia.org/wiki/Civil_disobedience ) not unlike refusing to sit in the back of a bus - and when many people do it in large numbers, it changes policies.

This is a million geeks saying I AM ANONYMOUS just like the guys saying I AM SPARTACUS in that old movie.

Re:Ah, Wardialing

[Lumpy]

Easily traced until you get to the POP of the Voip call. Or it's not out of a company's compromised phone system.

Sorry but prank calling phone numbers is 100% untraceable and easy to do in the world of Voip and tons of companies with outbound services that are not protected as well as they should be.

Phone calls are the easiest to hide behind, because they can't do the CSI trace the call crap. Your education in the matter is from TV and is very flawed.

Re:Ah, Wardialing

[Planesdragon]

either way given the short window given for this DoS as long as people aren't trying to hide who they are when sending them then they aren't breaking the law.

Yes, yes they are. Read up on "harassment" for starters, and that's just the one I know off the top of my head.

Re:Ah, Wardialing

[jeff4747]

Assuming myfax is "the bad guys", then yes.

Otherwise, you've managed to destroy an innocent company.

Go team!

Re:A life lived in fear is a life half lived.

[sumdumass]

Actually, what he is saying is pretty smart.

You see, when people get busted for smuggling drugs across the country, they generally get hit not because the cop said, he might have drugs, lets search him, but because they are speeding or sampling the merchandise and weaving or driving erratic or something. They failed to make themselves a small target.

The same goes with a concealed weapon. It's the people who show it to everyone who get busted for carrying it. Well, that unless they get busted for something else. In either case, they failed to make themselves a small target.

What he is saying is that if you don't want to get into trouble, don't do anything wrong. And if you do, do as little as noticeable so you don't become a big target on their radar.

Re:I AM SPARTACUS - google civil disobediance

[eriqk]

This is a million geeks saying I AM ANONYMOUS just like the guys saying I AM SPARTACUS in that old movie.

You do know how that ended, right?

Re:A life lived in fear is a life half lived.

[Oxford_Comma_Lover]

> You see, when people get busted for smuggling drugs across the country, they generally get hit not because the cop said, he might have drugs, lets search him, but because they are speeding or sampling the merchandise and weaving or driving erratic or something.

I especially loved the guy who drove a semi full of pot on the cars-only level of the George Washington Bridge.

Re:Ah, Wardialing

[realityimpaired]

You seem to think that the US doesn't have treaties with many (most, when you consider the source of most of the /b/tards out there) foreign countries to allow for prosecution of spam faxes.

Not only is sending junk faxes illegal in the states, it's illegal in most of the EU, Japan, Hong Kong, China, Canada, and most of South America. The least penalty in any of those countries is the disconnection of your telephone service, and in some it can result in significant fines or jail time.

Doing a DDoS on a website is much more difficult to prosecute, because it's way too easy to spoof your number. While you can spoof your number on call display, the telephone company can still quite easily trace the source of a harrassing call for prosecution.

Obligatory disclaimer: I work for Ma Bell, and have performed such traces in the past.