Slashdot Mirror
Anonymous Isn't Anonymous Anymore
An anonymous reader writes "Apparently some small security firm has been able to determine the real identities of several key Anonymous hackers which is resulting in a ton of arrests. From the article: 'An international investigation into cyber-activists who attacked businesses hostile to WikiLeaks is likely to yield arrests of senior members of the group after they left clues to their real identities on Facebook and in other electronic communications, it is claimed.'"
Seriously? Plurals are not denoted by apostrophes. Apostrophes are for possessives and contractions. 3rd grade stuff, that.
I'm pretty sure you mean "identities".
The point at which anyone is identified, they aren't anonymous. For the last time- anonymous is not a group, it is a quality- an adjective.
No one will ever know that I, Anonymous Coward, am Howard Flonnkensten!
Yeah, if that isn't proof that the writer of this article doesn't know what the hell he's talking about, I don't know what is. There are no "senior members" of Anonymous. Someone could claim to be an oldfag, but that's about it. And a co-founder of Anonymous? REALLY? Where are they coming up with this horseshit? They caught some guys who were running a specific group, not "senior members" or "co-founders" of Anonymous.
"Anonymous" as a proper noun defies anonymity, so it's no real wonder that these people failed to cover their tracks.
Why is it that hackers can't resist toying with people or leaving riddles or boasting about their deeds on forums? This ALWAYS happens! The ones who don't get caught are the ones who just do things to do them and don't care about respect from others for their "legendary" accomplishments. The whole "I'm so cool, look at me!" hackers attitude isn't real compatible with staying 100% anonymous. I don't think this was pure carelessness in their case either because they're probably smarter than that. I think it's the same old hacker ego stroking that got them caught.
The weird thing is, this isn't what I'd have expected. The Anonymous hackers seemed like the type to just do what they do with complete security and privacy and keep quiet about it because what they did was politically and ethically motivated, not motivated by just their egos. But I guess some of them apparently couldn't resist posting links to other hackers to their Facebook profiles or something equally stupid.
Google's Super Secret Search Algorithm: SELECT @search_results FROM internet WHERE @search_results = 'good'
Identity's of? What does the Identity own?
I think the prices of Iron Oxide and Aluminum powder just went through the roof. "Anonymous" newfags are going to be doing the delete fucking everything dance for the next few weeks.
Warning: Corny karma killing post above.
Any arrests seem unlikely to me, seeing how hard it would be to prove Facebook posts were really made by the people in question, and that they were unlikely to have done more than hint at involvement. It could only be taken a clue, not evidence.
....or am I???
You mean the group that uses the image of a theocratic Catholic terrorist, as their symbol of freedom, are really just a bunch of morons? I'm SHOCKED!
Just because someone boasts they are part of Anonymous or claims responsibility for some act doesn't mean they were actually involved. The investigators will need to connect the dots via IP addresses, seizing and analyzing computers, etc. They won't be able to prove their case just because someone claims they spearheaded the attack on Mastercard.
Plus, I know they didn't get the right people because I'm the founder of Anonymous and I don't know any of those guys they mention in TFA.
"We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan
you suggesting tape of magnets?
thank God the internet isn't a human right.
Thermite...
Don't they have, like, millions of people to go? I mean, "anonymous", whether they want to admit it or not, is not actually a "group" of hackers. It's a word, which has a pretty clear definition.
Call me sceptical but I don't believe that any senior member of any group involved in any serious campaign is stupid enough to use Facebook and the like as a communication channel for sensible information regarding their operations. If we consider that this so called anonymous organization is supposed to be proficient with computers, networking and subversive campaigns then this allegation becomes even more unbelievable.
But hey, officials have to show that they work, and nothing like an attention-grabbing headline like this one to convey that image to the clueless masses.
Slashdot, fix your code or at least hire someone who is competent at it to do it for you.
Whole lot of issues the law had better be careful about, starting with whether attempting a DDoS attack should be considered a criminal offense. Is it so hard to tweak the Internet to make DDoS impossible? Seems like all that's needed is a bit of caching. Would the Slashdot Effect be criminal? Is repeatedly hitting F5 a felony?
Intellectual Property is a monopolistic, selfish, and defective concept. It is "tyranny over the mind of man"
I thought the whole idea behind a movement like this was that - sure you can capture some - but there are more and you never know how many. If you didn't think it was decentralized then perhaps you should. The more I think about it it reminds me of the whole terrorist thing. How many people are really in al-qaeda? 100? 500? 10,000? New members come in all the time, old members they leave one way or another. Isn't terrorism a symptom, not the cause of the problem? I think its the same thing.
Even a completely headless organization does have people who direct the masses. Even the simplest and most spontaneous mobs have their provocateurs - the 'leaders', so to speak. I'm thinking the media simply got all breathless about how they were labelled.
Also, technical skill is not uniformly high across the group (perhaps a ratio of 10k script kiddies for every 20 actual hackers, etc).
It wouldn't be unreasonable to have major organizers being caught (CnC and direction has to come from *somewhere*, after all), or perhaps (but less likely) catching the more technically-minded members.
Even if they didn't catch 'em all, taking out a large percentage of the technical leads* or Command/Control leads* would be sufficient to do some serious damage.
* note that I have zero idea what to actually call them, but the terms should suffice.
Quo usque tandem abutere, Nimbus, patientia nostra?
But maybe they take advantage of the angst and ego of those Script Kiddies, empowering them to be "real hackers" by doing the tough part and giving them the tools to carry out their operations. Who's to say there is even one "anonymous". Get a group of would be hackers together in secret, let them talk to one other member of a group claiming to be Anonymous, and BAM.. all of a sudden, they are part of Anonymous. It's just a word, a battle cry or flag at this point.
There are people out there with deliberate intentions and incentives to execute these attacks. They are just using the 4chan type to further their goals.
From TFA: "few hundred participants in operations, only about 30 are steadily active, with 10 people who "are the most senior and co-ordinate and manage most of the decisions"
That just about fits this type of hierarchy.
Outside of "terrorism" (if you can call this that), this system is employed time and time again.
1) Person or small group has Political/Economic Agenda that would not benefit Society as a whole, but needs to engineer support.
2) They get a few Champions that back a stance on a cause that is unrelated, but has a large number of supporters (immigration, abortion, same sex marriage, FREEDOM OF SPEECH). It's best when it's a black/white yes/no issue that has a population divided roughly 50/50. That way, the support group is large, but the opposition is as well. Without a viable opposition, you cannot rally together for a cause.
3) Wrap your own agenda into the priorities of this "front" clause. Bam. You've created an army fighting for something they don't care about.
Not sure what my point was here really. Just noticing a pattern. Though I would love to believe in the idea of true "freedom fighters" who genuinely feel they are protecting essential Liberties, I cannot help to think that there has to be a selfish person at the top of it all.
They did conduct some arrests ('ton' is a very subjective term in this context). The police can and does act without 'hard' proof while an investigation is conducted to either uncover hard proof, a confession, testimony, whatever or give up.
XML is like violence. If it doesn't solve the problem, use more.
"Why is it that hackers can't resist toying with people or leaving riddles or boasting about their deeds on forums?" - by ILuvRamen (1026668) on Sunday February 06, @12:56PM (#35119064)
It's because in reality, they are NOT "that good". I say that, because it's is EASY TO BE BOGUS, & destroy/hack, but much harder to make something that's actually useful and good... that's just a fact of life, & these "script kiddies" exemplify it.
Do I "knock them" for it?? Yes, & no: They produce 1 good thing in their antics & that's showing what needs to be secured/strengthened better... but, that's about it.
(I also agree with them on 1 account though: Giving J. Assange a hard time was a STUPID thing to do, by any parties who did so... the guy is doing what the presses do, and that's expose news... GOOD or BAD news!)
Still - they're just using tools others wrote to execute a DDoS/DoS, which doesn't take any brain power or effort really. That's NO "accomplishment".
APK
P.S.=> People, in my estimation at least, who have to "join a gang" or "team" to try to "be somebody"? They're WEAK, & can't "stand on their own", period... & that's what these people in "anonymous" exemplify (weakness)... apk
lolz
URGENT WARNING TO ALL ANONONYMOUS HACKTIVISTS:
Mr. Barr has successfully broken through our over 9000 proxy field and into our entirely non-public and secret insurgent IRC lair, where he then smashed through our fire labyrinth with vigor, collected all the gold rings on the way, opened a 50 silver key chest to find Anon’s legendary hackers on steroids password.
As Mr. Barr has discovered in spite of our best efforts, Anonymous was founded by Q last Thursday at the guilded Bilderberg Hotel after a tense meeting with one Morrowind mod collection, which itself includes the essential Morrowind Comes Alive 5.2 as well as several retexturing packs, all of which seem to lower one’s FPS unless one has also installed the latest Risc Architecture framework and thus obtained the killer refresh rate that is the right of all world citizens, except for noted heterosexual Tom Cruise.
In addition to the sudden disappearance of Anonymous leader Q, Anonymous co-founder Justin Bieber also disappeared just before his top-secret mission to Eritrea to offer physical succour to the rebels, suggesting that Mubarak is in our base, eating our Cheetos, likely with military support authorized by Hill Dawg. All of this comes at a low point for the Official Anonymous Organization, Inc. and its valued shareholders; several Anons had already lost their Fallout New Vegas saved games in the unwarranted and faggy raids perpetrated by the U.S. federales.
At this point, it is safe to assume that the underground server sites at the North Pole have been compromised as well. Back up all porn drives now, because the super secret P2P centralized distribution server of Backdoor Sluts 9 is presumed to be immediately threatened. Male Anons have been commanded to switch back to traditional tentacle porn while femanons, or “Rei Ayanami wannabes,” continue to be shared among the Echelon Nine Working Group that has since replaced Owen as sky marshall.
However, David Davidson (who might also be the legendary Ceiling Cat, as rumors have it) so far eludes custody, so all is not lost. Mr Davidson skyped the anonymous leaders from his hideout in Philadelphia to remind them that he was “Never gonna give them up, never gonna let them down”. Meanwhile, the board of directors remains little more than a gin-addled menagerie of puppets.
Despite these setbacks, the planned conference in Vienna is not slated for cancellation, although the buffet may be altered to include fewer Cheetos. The scheduled appearence of Boxxy is a subject of much contention within Anonymous ranks, being an event of considerably greater importance than the 4th return of Raptor Jesus, which itself is older than the internet.
We shall note in conclusion that we like the guy and want to believe him, but we still have to ask: Did Aaron Barr shave and murder Alexander Hamilton in 1993? We’re just asking questions here, people. At any rate, the Pink Horse prophecy will soon be fulfilled.
All Hail Xenu,
-Anonymous
As as been posted before, I'm sure these small security companies are also being hired to track down the people who were attacking WikiLeaks itself, right? Right?
anonymous is a movement. as such, it follows certain sociological rules. #1: in any movement, there is a small group of core fanatics, and a much larger group of one-offs and on-and-offs. same with wikipedia, or al qaeda, or drug gangs, or a whole set of other movements
now you could take out a portion of the core competency, and nothing will change. but if you tracked and profiled the core competency over time, and took them all out at once, you really would cripple the movement. yes, you would really cripple anonymous. that they are everyone and no one is mythology, not sociological fact. they are not the borg from start trek
however, since the "cause" of anonymous is so simplistic, others would quickly fill the void and anonymous would be back in action in no time. again, same with wikipedia or al qaeda or drug gangs, etc. but maybe not forever. if law enforcement keeps siphoning off the core fanatics, after 2,3,4x, anonymous will definitely be less influential. if you keep siphoning off the regular crop of persons who can do something with the idea of anonymous. law enforcement can profile, and cripple anonymous, by tracking its core competency, forever, and constantly hamstring it: the core fanatics of anonymous is a well that slowly refills over time. if law enforcement is constantly draining the well, anonymous as a potent force is permanently dimmed
the point is, you don't understand sociology, nor anonymous, if you don't understand that what anonymous is is primarily a core group of fanatics, with a much larger ring of sort-of-interesteds. remove the core, and you at least temporarily cripple the movment. continually remove the core as it tries to grow back, and you have permanently decimated the movement and weakened it to ineffectuality
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
"Apparently some small security firm has been able to determine the real identity's of several key Anonymous script kiddies which is r...
The game.
...just got trolled.
The "Church" of Scientology is following Ron's doctrine faithfully and this is a text book example of their tactics.
Don't forget the magnesium ribbon and blowtorch to light it and get thr reaction going...
This whole anonymous (h)activism has become something on its own, forked off the chans. They are hypocritical computer retards using GUI tools and it's not in any way impressive that this security firm has tracked some of them down. They're just a bunch of kids seeking to belong to something not knowing what the hell they are doing.
They just join in with raids without understanding the serious consequences it can have on their life and how easy it will be to track their IPs down when they join in on a DDoS attack with tools like L.O.I.C. which doesn't seem to send spoofed packets for starters.
Beside this they often hang on irc (on their own network) which ofcourse makes it very easy (through getting a warrant to seize/monitor the ircd) to track them down.
As for the part where I call them hypocrits, think about it, they are protesting site takedowns and denial of certain services (paypal, visa, etc) by taking those services down through a poorly managed DDoS. We're talking about the same frustrated people who destroy facebook and youtube whores for the lulz here.
I, as an elitist oldfag, am ashamed of what we have become.
The Fine Print: The following comments are owned by Anonymous who posted them.
Being Anonymous isn't about being untraceable. It's about a group that collectively has no face. Identifying individuals doesn't make Anonymous any less anonymous. Anonymous could be anywhere at any time, and that's the point of it all. There is no ideology, no one that speaks for Anonymous, no political statement to be made, no central creed that Anonymous agrees to uphold. It's not hard to understand Anonymous, but you tend to make it fit into a category into which it doesn't belong.
How does one misspell the word "identities" and then also spell it again, correctly in the same paragraph?
Last time I joined in one of these threads, Rob Malda finished it a few comments later.
Police State UK - news and
>Person X does ddos... their public ip is in logs. >Small tech firm does a cat on the log file? >Gives IPs to feds? >feds goto court to get info from ISPs? wtf did this small tech firm do exactly? Why are the feds this incompetent?
Protip: Leave the name field blank!
Seriously though: How hard could it really be to track down someone on the internet?
0. Ask those sites attacked for IP addresses of the attackers. ...
1. Open the linux terminal
2. type: "host <ip-address-here>" and press [Enter]
3. Subpoena the ISP that the IP belongs to requesting the name & contact info of the customer who was allocated the IP at the time of the attack.
4.
5. Profit?
Eg; Using the IP of a visitor of my site...
host 69.150.185.133
133.185.150.69.in-addr.arpa domain name pointer adsl-69-150-185-133.dsl.hstntx.swbell.net.
Ah, that's a Southwestern Bell (AT&T Yahoo) DSL subscriber that hails from Houston, Texas.
GEOIP might even be more accurate.
WTF folks, this is a non-story. LOIC does not spoof IP addresses, therefore it should be trivial to discover who attacked.
IMHO, The real story here is that IP addresses are not being used to link online activities to people.
What if I say online: "Everyone Point your browsers at: www.mastercard.com" -- Am I now a DDOS perpetrator?
What if I write a program, say a Firefox plugin, that automatically reloads www.mastercard.com in a new tab, once a day?
What if that plugin updates the website to load from my website, but the USERS of the plugin opt to install the software and download the daily dot-com to reload.
What if the plugin is updated so that it refreshes several times a minute instead of once a day?
The point is: I did not install the plugin to the user's browser, THE USERS DID -- They are the real attackers, NOT ME.
Why are we holding the director, who did not even write the plugin, responsible?
They basically did the equivalent of creating a web page that says: "Target=www.mastercard.com"
What's next? Are we going to hold security researchers responsible for malware that uses their published exploits and/or proof of concept code? IMHO, If anyone should be arrested, it should be those that actually send syn floods to the websites -- It's not that hard to find out who the actual attackers are!
As long as "leading" a DDOS is as easy as tweeting: "LOIC_Target=example.com; Refresh=6sec", discovering the "leaders" and arresting them is not going to have any effect. IMHO, arresting everyone who participated would have little effect -- Anyone who says otherwise has never spent any time at 4chan or any other (lowercase a) anonymous forum.
In the end, it will turn out that the scineos created wikileaks knowing anonymous would attack and garner the attention of governments...
"Anonymous co-founder"? Has the writer of this article ever been on the internet before? Maybe someone should link him to Encyclopedia Dramatica so he can do some research before making himself look so uneducated about a topic he is writing about again.
is the apostrophe abuse allowed by samzenpussy in the first sentence of TFS. "Identity's?" Really, fucktard? The plural of "identity" is "identities." You've used the possessive form of "identity," even though nothing belongs to the identity in this context. Please return to the second grade. We spend more per capita on education than any country on Earth, and this is the result? Fucking moron.
Out of curiosity, how long would you put Starbucks, or Dominic's Pizza in jail for since they would show up as the owners of the free WIFI spot in Houston. I wouldn't even have to buy a coffee and you'd be putting tons of open router people in jail using your logic. How's that 4chan education treating you?
A little piece of me dies inside every time I read a news article that refers to Anonymous as a hacker group.
Carl Sagan quotes get you an automatic +5 on all posts.
Lets keep it going. My e-peen needs attention.
I am hardly new here, and I am well accustomed to the notion that the average /. reader has the attention span of a flea, but could we at least make some token attempt to stay on topic?
I'm fairly sure that most /. readers recognize the story as complete crap.
Every once in a while a story will be posted that makes me question whether I need to find a new news site.
LOIC does not spoof IP addresses
Yes, and that is why it is a good way to identify imbeciles who actually use it.
He is suggesting thermiting harddrives
Don't go to bed with no price on your head
No... don't do it
Don't do the crime if you can't do the time
No... don't do it!
And keep your eye on the sparrow
When the going gets narrow!
#DeleteChrome
our sites have been sabotaged (again) after posting, (this time egyptian revolution comments) here on /.. many of us know exactly who each other are by now? new 'faces' as well. see you after the baby care is caught up/on the other side of it? thanks so much for the cheap lessons in just how tiny/fearful some folks can be. yikes
Damn it, uid envy
What if I say online: "Everyone Point your browsers at: www.mastercard.com" -- Am I now a DDOS perpetrator?
Probably yes. At least for conspiracy.
What if I write a program, say a Firefox plugin, that automatically reloads www.mastercard.com in a new tab, once a day?
Depends on why you do it. If you do it "to help increase world support for mastercard in the light of their terrible affliction" then no. If you do it to cause overload on their servers then yes. If you do it to help them but claim to be doing it to destroy them it's quite likely you will be unfairly and incorrectly arrested for damage.
What if that plugin updates the website to load from my website, but the USERS of the plugin opt to install the software and download the daily dot-com to reload. What if the plugin is updated so that it refreshes several times a minute instead of once a day?
Did you tell them to do it? Then you are in trouble. Even if it was just a hint and you get caught. Did someone else tell them to do it? Then that someone else is guilty.
What's next? Are we going to hold security researchers responsible for malware that uses their published exploits and/or proof of concept code?
Been tried. Mostly not done. Results may depend on jurisdiction and target.
discovering the "leaders" and arresting them is not going to have any effect. IMHO, arresting everyone who participated would have little effect -- Anyone who says otherwise has never spent any time at 4chan or any other (lowercase a) anonymous forum.
I think it will have an effect. At the very least, those who weren't caught will learn to be a little more careful next time.
=~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
I post messages to ./ all the time and I submit all the "anonymous" stories so now I'm afraid my true identity may be revealed to the masses.
Wow, only on slashdot would there be an e-peen waving contest to see whose is smallest.
I must report this to my evil anonymous higher ups in the organization, unless of course they've been arrested too. BTW WATCH OUT FOR YOUR YELLOW VAN LOL BOOM!
anonymous should beware of the clutches of capitalism. when the entity with the gold has a problem, there is much to be made in "helping" the gatekeeper with its problems with the underlying notion that idealism be damned
Over 10 years, and still not king of the hill?
I have no problem with your religion until you decide it's reason to deprive others of the truth.
Dumbest article ever, and if there is even a smidge of truth to it, dumbest script kiddies ever. I love the bit at the end
"Mr Barr also burrowed deep enough into a US military group and a US nuclear plant that he could trick workers there to click on web links that, if they had been malicious, could have installed spying software on their computers"
hahahahaha, too fucking right mr barr, you go get em! except wait.... thats complete bullshit.
Quick, lets hire Aaron Barr, he is the haxorz... I think he wrote this article!
sig loading.......
http://www.xkcd.com/834/
If I wanted to learn spelling I'd go talk with reporters and editors, not geeks. In an article about hacking, anonymity, wikileaks, and the law, you are talking about spelling???? For the first ten posts? Geez. Does anyone care about the problem of freedom of expression, censorship, anonymity, reporting of wrongdoing by international authorities? I'll be moving over to the Wikileaks forums I think.
Build your own energy sources from scratch. http://otherpower.com/
This story is like the one about the anarchists' reorganization, only with misplaced apostrophes.
The point is, is there anonymity, or not? Anonymity is legal in the US, exactly for the use of activism and whistleblowing. So, where is it? Yes, these guys didn't know how to achieve it properly. Well, is anyone going to teach them? Or just keep letting them getting arrested and criticizing?
Build your own energy sources from scratch. http://otherpower.com/
Hi There! Thanks for playing!
This guy is trying to pin Anonymous as some traditional radical group. Anyone claiming to be the co-founder of Anonymous is lying and anyone can be "senor members" by simply saying they are. No one wants to be a newfag.
Author should actually do their research on what anonymous really is. This sounds like like that one Fox News cover story on Anonymous. Damn those pesky hackers on steroids!
Now behave children.....
Mine's smaller than yours, but I'm not showing.
Now behave children.....
(Forgot to login....oldage--)
Ha, that's some quality research.
I'll bet they made the arrests in less than twelve parsecs, too.
population, I am not certain it would work against Anon. In fact, I think it might work inversely as they would expect it to. Which, of course, will be future lulz.
chain enough of them and your mostly gonna be safe as long as your first one never logs.
The media doesn't like it when they can't put people into labeled boxes.That is why Anonymous is so often misreported on. Anonymous isn't a group, it's a mindset. It's a bunch of people who think the same about a certain issue and decide to do something about it.
When Anonymous protested Scientology, I was a part of Anonymous. When Anonymous decided to send cards and flowers from all over the world to some veteran who was having a birthday, I was part of Anonymous. When Anonymous decided to track down a soldier that threw a puppy off a bridge, I was part of Anonymous.
It's not like you have to register somewhere, you just have to share the same mindset. Sometimes people do things that I disagree with, then I'm not part of that.
That said, there is no group, no leaders, no official press releases, no contribution, no clubhouse. It's a state of mind and sometimes I agree with a lot of like minded people.
Just for completeness sake, if the press is going to read this statement out of context, then please report that I'm the Grand Czar of Anonymous. I could use some more honorifics on my resume. :)
Just using Tor doesn't grant you anonymity. It's an undertaking that requires a lot of of self-discipline and supreme vigilance to maintain. Humans, by nature, share information. That's just how it works. Most of it isn't direct - meta-information channels like times when you always "disappear," your route, choice of words, body language, everything. Controlling all of the things you say directly (despite your natural desire to boast of success), avoiding letting any information out through non-verbal channels, and also managing to never leak information to a weak link online (The first person you make privy to the truth who isn't as vigilant as you are is the end of it) is incredibly taxing personally.
I can certainly think of how I'd go about maintaining complete anonymity... and how slow, inefficient and agonizing it would be. Evan Ratliff played the "go into hiding" game; He was ultimately caught because doing all the thing it took to avoid being caught ground him down and he made a mistake.
and that firm and the arrests have created even more activists to take the others' place, not to mention probably bringing the matter into the interest range of more serious and rebel segments of the internet. i would like to see those people deal with the latter type that they are slowly irritating.
Read radical news here
Hmm, considering the average health of a basement dweller, a ton of arrests could be only six people. :)
Now behave children..... (Forgot to login....oldage--)
Well! If anyone here has earned the appellation "oldfag" you certainly qualify. 111 ... I'm impressed.
The higher the technology, the sharper that two-edged sword.
"A co-founder of Anonymous"
I don't think they really understand.
http://www.internetmemes.org/
What if I say online: "Everyone Point your browsers at: www.mastercard.com" -- Am I now a DDOS perpetrator?
Probably yes. At least for conspiracy.
Well, I just did -- Conspiracy to do what?
I think the Slashdot effect is more powerful than many of the LOIC attacks -- Slashdot posts links to websites; In essence this is exactly saying, "point your browser at: example.com". Surely you don't mean that when example.com goes down due to a slashdot article link all of us visitors are breaking the law? How do you distinguish a traffic from a Slashdot visitor repeatedly clicking an article link that points to a downed website from LOIC attack traffic that may be occurring at the same time? You don't.
What if I write a program, say a Firefox plugin, that automatically reloads www.mastercard.com in a new tab, once a day?
Depends on why you do it. If you do it "to help increase world support for mastercard in the light of their terrible affliction" then no. If you do it to cause overload on their servers then yes. If you do it to help them but claim to be doing it to destroy them it's quite likely you will be unfairly and incorrectly arrested for damage.
What if I do it for no reason at all? Can you really prove that such a plugin has a purpose other than to open a tab and reload it? Users could use the tool to tell when a website came back online after being slashdotted...
What if I do it so that people can run a traffic test on their own websites? This is what LOIC was designed to do... Guns designed to hunt ducks can be used on other objects -- It's not the gun maker's fault when a person is killed by firearms. It's not the security researcher's fault when someone takes their tools and uses them to cause harm. It's not Slashdot's fault that a website has insufficient bandwidth to support the visitor flood a frontpage article causes. It's not the creator of the LOIC tool's fault that it was used to DDOS someone.
What if that plugin updates the website to load from my website, but the USERS of the plugin opt to install the software and download the daily dot-com to reload.
What if the plugin is updated so that it refreshes several times a minute instead of once a day?
Did you tell them to do it? Then you are in trouble. Even if it was just a hint and you get caught. Did someone else tell them to do it? Then that someone else is guilty.
Reformat you hard drive, then run over pedestrians with your car.
There, now go do that and try to sue me for damaging your hard drive or injuring people with your car; You are responsible for your own actions. I won't be held liable -- Hint: the RIAA doesn't lose money when people use "The Music Made Me Do It" defence...
What's next? Are we going to hold security researchers responsible for malware that uses their published exploits and/or proof of concept code?
Been tried. Mostly not done. Results may depend on jurisdiction and target.
[citation needed]
Uhhm, excuse me, Many (and I do mean MANY) security research companies are currently submitting exploits to Microsoft. Some are even publishing before MS has fixed the exploits -- I remember a Google employee discovering and publishing MS flaws -- Jail? Nope.
discovering the "leaders" and arresting them is not going to have any effect. IMHO, arresting everyone who participated would have little effect -- Anyone who says otherwise has never spent any time at 4chan or any other (lowercase a) anonymous forum.
I think it will have an effect. At the very least, those who weren't caught will learn to be a little more careful next time.
ROFLMAO!
Seriously now, did you not just read that? Please enlighten me, how much time have you spent browsing 4chan? (You can't be serious!) You clearly have no clue as to the sort of people we're dealing with.
while the leadership does change frequently and the members fluctuate there are certainly Key people who organize and send the commands to LoiC in anon. Also remember the Anon of this doesn't equal the anon of /b on 4chan. 2 very seperate entities(4chan's userbase leaning more towards IHM than the Current political endeavors of Anon).
And for you newblet, a few words of wisdom, It is better to keep one's mouth shut and be thought a fool than to open it and remove any doubt. I made that up btw.
Just from what I have read about the IRA - you will get caught - you will not want to go back to prision - you will organise/encourage other people to get caught in their turn.
So I guess it is up to everyone to improve freedom fighting/hacking tools so the reckless young can have more of an impact. At least it gets us better jobs in the security forces in fact we should encouage them / run agents etc:)
Be Free: Free Software Tuition
ROFL Nice 111!
Don't forget the magnesium ribbon and blowtorch to light it and get thr reaction going...
Yes, and when you put in the new drive and install your operating system, be sure to set your system clock back a couple of years first. Judges don't much like it when they find out that people accused of a crime erase all the evidence.
The higher the technology, the sharper that two-edged sword.
At the bottom of the /. screen for this story there is this line:
In Seattle, Washington, it is illegal to carry a concealed weapon that is over six feet in length.
- only now I realize that I have been in violation of that law for the most of my life!
Which means you're either a martial arts expert of above-average height ... or you're very generously endowned.
I don't really care to know which.
The higher the technology, the sharper that two-edged sword.
(all those who, for some stupid reason, just lurked for the first few early years are now weeping, huddled in the corner)
One that hath name thou can not otter
I think it will have an effect. At the very least, those who weren't caught will learn to be a little more careful next time.
I agree. Evolution in action. And, if what they're doing is anything more to them than a lark, the tools they use will evolve to be less traceable, in much the same way the P2P has become harder to track (not impossible, but the bar has been raised.) If the Feds aren't very careful here, they may find themselves creating a true movement where there was none before.
The higher the technology, the sharper that two-edged sword.
So, leaderfags are getting v&? Marblecake 3.0? Lesson not learned?
Before I start; you are making the fundamental technical person's standard mistake of thinking that law deals with actions rather than intent. It's a very different way of thinking and really matters
What if I say online: "Everyone Point your browsers at: www.mastercard.com" -- Am I now a DDOS perpetrator?
Probably yes. At least for conspiracy.
Well, I just did -- Conspiracy to do what?
Conspiracy to deliberately overload the site.
I think the Slashdot effect is more powerful than many of the LOIC attacks -- Slashdot posts links to websites; In essence this is exactly saying, "point your browser at: example.com". Surely you don't mean that when example.com goes down due to a slashdot article link all of us visitors are breaking the law? How do you distinguish a traffic from a Slashdot visitor repeatedly clicking an article link that points to a downed website from LOIC attack traffic that may be occurring at the same time? You don't.
Check if someone posted a link on Slashdot. If not it wasn't related. Contact, randomly, a sample of the people who just visited the page. Ask them why they did it. 90% will just tell you in anything approaching a police interview. Once you have the main group pointing towards one web site, examine that site. Do most people post there to cause problems or for a good reason? Was there an alternative explanation for the posting? Raid the guy who posted the link and some of his friends. Did they discuss doing damage to mastercard or not? If so, you have your case. If not, use the drugs you will find in at least one guys house to get him to confess it was done deliberately. Use that confession to get a warrant on the poster. Start spying on him. Try to get him on tape saying he did it. Etc. etc.
N.B. If you post a link to Slashdot because you want to take down someone's site, that is a DoS attack. If you make the exact same posting because you want to advertise their service, that is a friendly act!
What if I do it for no reason at all? Can you really prove that such a plugin has a purpose other than to open a tab and reload it?
The phrase you really want here is "prove beyond reasonable doubt" and in fact that means "persuade a jury to accept voting for your guilt if I tell them it has to be beyond reasonable doubt". The first answer is, after this slashdot posting, it will be dead easy.
What if I do it so that people can run a traffic test on their own websites? This is what LOIC was designed to do... Guns designed to hunt ducks can be used on other objects -- It's not the gun maker's fault when a person is killed by firearms. It's not the security researcher's fault when someone takes their tools and uses them to cause harm. It's not Slashdot's fault that a website has insufficient bandwidth to support the visitor flood a frontpage article causes. It's not the creator of the LOIC tool's fault that it was used to DDOS someone.
These are all examples of "plausible deniability". This is a good strategy for getting away with things, but it's not nearly as good as most people think. Most of the time, people claim they did things for one reason and somehow or other it's shown that that wasn't true. E.g. you say "I did it because I love the mastercard corporation and want to see that their website is up all the time", all it takes is an ex-girlfriend who remembers some rant you gave about the evils of the company and you will be completely screwed. It is true, however, that even Richard Nixon managed to avoid impeachment by using this strategy.
Reformat you hard drive, then run over pedestrians with your car.
There, now go do that and try to sue me for damaging your har
=~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
Anyone smart enough to look at the wonderful tool called "LOIC" can see that it's only doing an HTTP request with completely static and hence totally traceable headers.
If they're after the people who caused some of Anonymous' DDOS, no wonder they managed to find them !
To say it's not an organized group is either denial or not knowing what an organization is. Disorganized groups can't coordinate anything. If you can coordinate a night at the movies with three people, you have a three member organized group, with common objectives and interest of entertainment. Decentralized organization, loosely organized group, nameless and with shifting leadership, even a small and pointless group, whatever it is, but organized in some fashion nevertheless. Truly anonymous, in fact, if they coordinate any action, would mean a secret organization.
Build your own energy sources from scratch. http://otherpower.com/
And not only did they execute coordinated attacks but they even managed to *cancel* a coordinated attack, you can't do that without *some sort* of organizational structure.
To put it another way, everyone is a member and perhaps organizer in several organizations. A family, company, social sphere, bank, school, neighborhood, opinion group, social class, club. Except for insane or radical loner people, almost everyone is inside at least one "organization".
Build your own energy sources from scratch. http://otherpower.com/
I am Spartacus.
The first rule of Anonymous club is......
They'll be living the ruin lifestyle.
Rules 1 and 2 kiddies. If they got caught bragging on Facebook, well, they broke the rules, and they deserve to get caught. Anyway, who uses a real facebook identity these days anyway?
All you people gloating about dumb everyone is because there is no leader of Anonymous, and/or how you can't attribute it to one person.
You are saying anyone can go into the IRC channel at any time and target the DDoS software at any target they want?
Oh, but wouldn't that be a huge confusing waste of resources, and fall prey to spammers fighting over what is going to be DDoS'd at all times?
Hey wait, could it possible be that only certain people have the power to aim the DDoS to prevent that from happening?
Gee, now that if that was true those few people sure would look like good targets to arrest...
posting as anonymous
Before I start; you are making the fundamental technical person's standard mistake of thinking that law deals with actions rather than intent. It's a very different way of thinking and really matters
The original intent of my post was to illuminate the fact that the law doesn't understand technology. I ask are each of these things illegal? You assume intent.
What if I say online: "Everyone Point your browsers at: www.mastercard.com" -- Am I now a DDOS perpetrator?
Probably yes. At least for conspiracy.
No. That statement alone does not make me a DDOS perpetrator. You are assuming intent when you say "probably yes". In conjunction with all of the following actions, you may attempt to prove implied intent, but not before. Much as I do not expect you to run over people in your car based on my words, I also do not expect everyone to visit the above domain... Ergo, you have made two conflicting statements. Either stating "Everyone visit example.com" does or doesn't, by itself, make me guilty of executing a DDOS. The correct answer, which you arrived at later, was that it depends on intent and contex.
What if I write a program, say a Firefox plugin, that automatically reloads www.mastercard.com in a new tab, once a day?
What if that plugin updates the website to load from my website, but the USERS of the plugin opt to install the software and download the daily dot-com to reload.
What if the plugin is updated so that it refreshes several times a minute instead of once a day?
Each step taken gets us closer to having a tool that could be used for a DDOS, it may have many other uses as well.
I would argue that even given all of the above, mass distribution of the tool would be needed in order to execute a DDOS. Simply having such a tool created does not actually cause a DDOS or demonstrate intent to do so.
LOIC lets you specify hit frequency as well as domain -- Only with intent to use the tool as a DDOS tool is the line crossed. I suppose that the config of the tool could also be aimed at a site without the intent or expectation that anyone will actually partake in a DDOS attack.
Should creating such a tool cause the creator to be as guilty as those performing illegal acts with the tool? You reply: It probably is. Being illegal already doesn't mean something should remain so, or that the current laws are just. Ask a professional skilled in the technical arts if they believe tools such as these should be illegal to create or posses. Why are the answers of skilled professionals frequently at odds with judges and jurors? The answer can only be that the judges and jurors don't fully grasp the concept -- Frequently the tool is banned when instead only the actions of those that used the tool, and their intent to do harm while performing the acts should be illegal.
You and I realise that creating these tools is like owning a tamper-proof-screwdriver, or a pistol -- Illegal Actions performed with malicious intent can be done with many tools; Creating the tools themselves should not illegal, yet some courts have found otherwise. The legal system does not understand technology -- this was what I was focusing on in my original post.
"IMHO, The real story here is that IP addresses are not being used to link online activities to people."
Preceding this statement: Technical examples of how simple it is to prosecute the ACTUAL attackers, using actual evidence.
Following the above statement: Over simplistic breakdown and comparison of basic tech-tools to guns.
Now, what I'm illustrating is that it's simple to find "perps" because their "DDOS weapons" left a paper trail. Those hard facts can lead to actual participators in the DDOS attack. It can be proven with a fair degree of certainty that those who opted to run the LOIC software intended to participate in a DDOS attack.
The LOIC
They just don't understand anything most things in general and headless "organizations" in particular. They have had the good fortune of watching headless "organizations" uprooting Governments in Tunisia and Egypt and they are still playing the ostrich, sigh!
I stop reading articles when I reach the first use of the word (or prefix) "cyber". I made it five words into the linked article. Federal government related articles are the worst. Or maybe only? Who outside of the Feds and organizations working for the feds, uses "cyber"? I need to figure out what the approximate vernacular lag.
When using a word, it can be used as a class if not a noun, like how plural in Norse is almost like general class in Latin.
Then in non-latin German it's identical to old English, so you have all kinds of semantics mixed together because one nationality tried to invade another by outbreeding to them; in the case of German becoming more latinized than it's original Dutch.
Realy, Latin is nothing more than the countries that Arabs raped their seed onto; in that regard, Arabs are the mexicans of the middle-east; typical low-class peices of shit that only know how to force others to work at slave wages and have too many babies than they can take care-of unless they find a scapegoat to go to war over.
ex:
California, Californian, and Californicus all mean the same thing only in different dialects ranging from middle English to German to Latin.
I need the 'rest.
It's hard work doin alot'ah nuffin.
you'd need something to start it off, like magnesium powder.
Not sure termite would be that good, you'd still have bits of drive left.
probably better to go with a big magnet!
thank God the internet isn't a human right.
I happen to know one of the 5 people who got arrested (although not via these IRC rooms), and while I have not been involved in any of these supposed 'anonymous' operations, I happen to know that the reason this person got caught was because he made no decent attempts to remain anonymous. Hell, his facebook page had the same username as he was using for the IRC channels. The result of this was that everyone else then found his facebook page and shared his personal info, and before he knew it, yeah, he got arrested. This person wasn't even using a single proxy, let alone over 9000.
Surely to be a part of anonymous, you actually have to be anonymous? As another poster said, anonymous is a mindset and no-one is specifically a member. Just some of the people involved are getting arrested because they're making no decent attempts to remain anonymous. I'll admit, I've not been involved in any of the recent operations, and well, seeing as how anonymous isn't exactly a well structured group these people probably don't match the same description as the other people involved.
http://nakedsecurity.sophos.com/2011/02/07/hbgary-federal-hacked-and-exposed-by-anonymous/
http://krebsonsecurity.com/2011/02/hbgary-federal-hacked-by-anonymous/
Seriously? How many times is the media going to call Anonymous a group? Calling Anonymous a group is like calling all customers of a certain shopping centre or clothing brand a group. For the last time, they do not have leaders. Anyone who thinks otherwise is a fool. They do not have "senior members". Can we all stop referring to them as any sort of organised group? Anyone can go by the name Anonymous. Anyone can participate in their raids. Anyone can start their own raid; it is just a question of whether other people who decide they are part of Anonymous decide to participate. Hell, even if you did start the idea of a raid as Anonymous, you do not become a senior member; you do not get any credit; you are just Anonymous. You can be a member of Anonymous one day, and not the next. Hopefully more people might start understanding this, and finally stop referring to Anonymous as an organised group with "leaders". The sooner we do that, the sooner we can all realise what makes Anonymous tick.
"A co-founder of Anonymous, who uses the nickname Q after the character in James Bond,"
Yeah, right, .. geez, if he named himself Q, somehow Q from Star Trek would seem more likely :-)
Hand-carved from meteorites by the Elders...
Surprise, surprise... the person who wrote the summary didn't read the article.
Nobody was arrested and likely nobody will be arrested because the security firm won't release their data to the authorities. The security firm did their digging using fake Facebook accounts and other methods that would make it difficult for authorities to be legally be allowed to use the info in court.
And apparently, all you need to do to be considered a senior member is to mouth off on Facebook.
~Syberz
It all depends how you go about being anonymous, I could show you how to really be anonymous, but then I would have to use all sorts of tricks that would take a lot of special tricks and time, I guess maybe these amateurish script kiddies had none, and went for broke thinking that international laws (or lack of) would be in their favor...
Groups like this need to be using something like Freenet for their communication, to give them real anonymity. There are a few forum systems on there that would work well. http://freenetproject.org
I guess /b/'s not safe anymore.
Has anyone bothered reading the linked story? Sounds like pure bullshit to me. Obviously made up to keep the more gullible script-kiddies from causing trouble during Assange's trial in London.
Oh, the beautiful gloss of greality!
Think I found myself a new signature:
sometimes I agree with a lot of like minded people
we have tons of hackers doing real damage all day every day who barely get noticed or caught. why is our government putting so much energy into getting these activists?
By a TON of arrests you mean about 11 people weighing 200 pounds.