When Hackers Attack

Denial of Service: Priceless?

Update: 12/9 4:40PM PST

Last week, a growing number of attackers worked to prevent access to WikiLeaks, primarily through various forms of denial of service attacks. But, as I mentioned in an earlier article, there is a significant subculture of free information among those in the computer security community.

The free information people began to fight back this week. MasterCard began to refuse to accept payments of donations to WikiLeaks, so their site became the next victim of a denial of service attack, called “Operation Payback.” PayPal was also targeted. It’s dangerous on a public web site to divulge too much about what’s behind Internet attacks, so I’ll leave the description at that.

Visa and Amazon are also possible targets, since they have taken efforts to deny WikiLeaks ability to continue to exist. Amazon had briefly hosted the WikiLeaks homepage, but kicked the site off after a few days.

What’s fascinating is to watch the online discussions on security web sites. There is no consensus regarding WikiLeaks. In many respects, it’s like the infighting within the Republican Party over the degree to which the Tea Party should drive the agenda. But in the hacker world, this can turn into a large online brawl. The next week will be most interesting to watch.

Update: Sarah Palin’s PAC has now been brought down as well. Visa was attacked, too. So was Amazon, but they have more horsepower than the group could tie up. And Amazon is now selling the WikiLeaks cables, though they claim they aren’t being hypocrites by doing so.

You can also read a good article explaining how these attacks work.


About Michael Weiss

Michael is now located at http://www.logarchism.com, along with Monotreme, filistro, and dcpetterson. Please make note of the new location.
This entry was posted in Uncategorized and tagged , , , . Bookmark the permalink.

24 Responses to When Hackers Attack

  1. Bart DePalma says:

    The free information people began to fight back this week.

    Believers in “free information” do not launch malicious attacks to prevent the free flow of information by those who oppose them. Please stop glorifying these criminals.

  2. Monotreme says:

    I fail to see how the words “free information” are in any way “glorifying” anyone. They’re neutral words.

  3. shortchain says:

    Yes, just as no “classical liberal” or “libertarian” would ever support extra-legal governmental assassination (whether character or the real thing).

  4. filistro says:

    Of course Assange should be assassinated… he’s un-American.

    And we all know that not being American is a capital offense 😉

  5. Monotreme says:

    5.7 billion un-Americans. We better get busy.

  6. filistro says:

    @Treme… 5.7 billion un-Americans. We better get busy.

    I hear DC rents out his guillotine quite reasonably on weekdays. Also bulk rates for larger countries.

  7. dcpetterson says:

    Yes, filistro, but the guillotine is reserved for the elite wealthy. Most of those un-Americans are pretty darn poor.

  8. filistro says:

    @DC… Yes, filistro, but the guillotine is reserved for the elite wealthy

    I don’t think it’s right to be selective in these matters as the scourge of un-Americanness is no respecter of persons and must be stamped out wherever and whenever it is found, even in other countries also, you betcha, as in those other countries there that the president comes from and is also a citizen of, and in fact those other countries there tend to be target-rich environments for un-Americanness. So… we need to go get ’em.

  9. filistro says:

    Actually my guillotine joke wears a little thin when you watch that footage of Charles and Camilla being driven through the rioting mobs in London today. You can make out Camilla’s tense profile through the glass as angry crowds surge around their car and a man screams, “Off with their heads! Off with their heads.!”

    Shades of 1795. Really quite chilling.

    The Republican elites in America had better HOPE the economy improves now that they’ve got their tax cut… because if the recession deepens and unemployment spreads, things could get pretty ugly on this side of the pond as well.

  10. Max aka Birdpilot says:

    “Boris, can you work in another?”

    “Well, sir, as you can see, I’m quite busy. I really would not be able before next Tuesday!”

  11. dcpetterson says:

    You’re right, filistro. I’m reserving my ire for the toadies who insist on tax cuts for the wealthy before we get an extension of unemployment benefits. Or before we approve a vital arms control treaty.

    The right wing pretends to be strong on defense. But won’t consider the Defense appropriations bill before we got $800 billion in hock for their wealthy overlords.

    The Teapers pretend to be concerned with deficits. But not when it comes to borrowing money from China to give to the wealthy.

    The dishonesty of newly-elected Teaper darlings is raw and apparent, as they ignore their promises about earmarks. (Of course, the whole earmark thing was overblown, just another right wing talking point — it’s a vanishingly tiny part of the budget, and a LOT Of that money actually creates jobs and does a lot of useful stuff — but Republicans are good at manufacturing faux issues to distract us from the things that actually are important.)

    I think we may have two years of open political warfare in Congress, if the Democrats actually find some spine. This is a vast improvement from Republicans and Blue Dogs clogging up the system as we have seen for the last two years. Nothing was going to get done anyway, with an insane Republican House and obstructionists in the Senate. But at least we may see some actual contrast, some real fights, a true choice presented to the American public —

    True choice. Yes, an avalanche of propaganda. But if there are some real fights, it will be harder for the Republicans to pretend they are anything other than lying toadies. After all, it is the Republicans who want us to go always farther into debt to give money to their corporate masters — which is what they have been doing since Reagan. It is time for their destructive greed to be revealed, and this may be the Congress to actually do it.

  12. filistro says:

    @DC… I’ve been thinking about this ever since I watched that angry, unruly, bloodthirsty mob swarming around the Rolls Royce carrying the future King of England.

    I could be wrong about this, and I know a lot of people think differently… but I really want the tax cut bill to pass, and I want the Republicans to be firmly, indelibly tagged with it… and I think that latter part has already been accomplished. Is there anybody in America who doesn’t know by now what this is about? It’s one of those rare animals… a complex legislative issue that can be reduced to a brief soundbite… and those are the ones that spread widely and burrow deep into the public consciousness.

    The soundbite here… Republicans refused to extend UI or pass any legislation until they got tax cuts for the ultra-rich.

    That meme is across the land everywhere from sea to sea. Everybody knows it. So as far as I can see, two things can happen now.

    1.)The economy can improve. If this happens Obama will get credit for it, be re-elected and have a solid mandate for a productive second term

    2.) The economy can get worse, in which case austerity measures will have to be imposed to manage and service the debt. If THIS happens, people won’t just be voting against Republicans everywhere… unruly mobs in America will be swarming “greedy” wealthy Republicans with torches and pitchforks.

    Either outcome is really quite good. To me it looks like a “heads I win, tails you lose” proposition all the way.

  13. Emerson Schwartzkopf says:

    As somewhat of an old-timer in the online world — I started in the BBS era some 25 years ago — I have much fewer (although some) concerns with WikiLeaks content than with the response. The ethos of the online pioneers would’ve dictated that there are plenty of ways to solve this problem than by trying to jam up the works.

    Files can be mirrored to numerous sites around the globe, making it impossible to stop the flow of information without massive multinational intervention. And surely there are creative minds that can come up with alternative ways of sending and accepting financial payments, instead of relying on international banking networks.

    The actions today seem like an effort to coerce private businesses by disruption until you get what you want. Destruction, however, always yields low results. This is a prime opportunity to build something new, and do a lot more harm to the perceived online monopolies than denial-of-service attacks.

  14. Emerson Schwartzkopf says:

    Just a follow-up — if you’re looking for WikiLeaks, you can try this rather massive listing of sites that offer a redirect.

    http://www.twitlonger.com/show/79s9r1

  15. Emerson Schwartzkopf,

    I share your opinion. Given that you were into BBSes 25 years ago, surely you recall the amount of immaturity often displayed in that world. Why should it surprise you to see the same in the following generation, just with more powerful computers and faster modems?

    As for alternative methods of financial payments, they exist to varying degrees, but it’s exceptionally hard to get outside the universe of existing fiat currencies, simply because of the very nature of fiat currency. That is, they are created by and owned by governments. In order to be fuly fungible, there has to be a means of interfacing with that network of governments.

  16. Eusebio Dunkle says:

    I question the use of the widely used terms to describe DDOS via LOIC. It isn’t hacking and it the very worst is of questionable legality.

    This is the equivalent of a physical sit in, like angry college kids overflowing a segregated diner. Independent agents are voluntarily using their personal computers to access a website, repeatedly. Instead of hitting F5 in your browser or throwing wget in a loop, someone developed a tool to automate the process. In fact if you attempt to visit visa.com during the protest you will contribute to the DDOS. I endorse it completely.

    I also like this:
    http://www.cbsnews.com/stories/2010/12/09/world/main7133062.shtml
    Or since Visa, Mastercard, have now joined paypal in deciding who can buy what, they should be held liable for every illegal transaction through their service.

  17. Eusebio Dunkle,

    I question the use of the widely used terms to describe DDOS via LOIC. It isn’t hacking and it the very worst is of questionable legality.

    I agree that the terms used are somewhat inaccurate, though I really can’t share everything I know about that stuff in a public forum, so I keep it a little quieter.

    As for the legality, it’s not really questionable (aside from jurisdiction concerns). Assuming it’s all within the US, it’s quite illegal. It’s often hard to prove, though.

    In fact if you attempt to visit visa.com during the protest you will contribute to the DDOS.

    In a very technical sense, yes. But only in a very technical sense.

    Or since Visa, Mastercard, have now joined paypal in deciding who can buy what, they should be held liable for every illegal transaction through their service.

    That does cause problems for them in terms of management, because it eliminates much of the plausible deniability argument. But they didn’t take WikiLeaks down until they were informed of the illegal activity. That’s different from being liable for every illegal transaction. What has changed now is that they can be held liable for repeat offenders, in cases where they were informed of the illegality of a prior transaction.

  18. Eusebio Dunkle says:

    @ michael

    Q1. What illegal activity is wikileaks charged with? As far as I know, wikileaks has not been officially charged with anything, except for a bunch of unconstitutional blathering by corrupt government officials.

    Q2. So what makes a page request illegal? The frequency or the intent? Am I criminally liable for DDOSing purposefully encourage too many customers to visit their site? Does it matter whether its Amazon’s EC3 or the christian group down the street that host on their 256k adsl line? It’s all so absurd.

    I’m not terribly concerned with the legality of the act. Our corrupt government has already demonstrated a willingness to abridge 1st amendment rights when it suits them. For instance in St. Paul in 2008 I could maybe protest in a cage offsite, unless my permit, filed 90 days in advance, is denied, or my political group was infiltrated by spooks over a year in advance to form some absurd illusory case against my group so that I can be held without charge during my scheduled, and permitted protest in a cage, offsite.

    Let’s call it civil disobedience.

  19. Eusebio,

    WikiLeaks hasn’t been charged with anything. However, a company may choose to have a policy to take down at any of the stages, from suspicion, to probable cause, to charges, to convictions. What matters most from a liability perspective is consistency in adhering to that policy (assuming that there aren’t specific laws to the contrary).

    In answer to your other question, what makes a page request illegal is intent. Frequency will typically be used as one piece of evidence in proving intent. And it doesn’t really matter who you target, though the victims may opt to not press charges.

    It’s interesting to me that I’m seeing comments from various sides assuming that I’m on the other side. But I’m not taking sides here. I’m just laying out the facts. I understand the perspectives of all parties, and mostly find myself ambivalent.

  20. Eusebio Dunkle says:

    I know you aren’t the enemy and are at least somewhat sympathetic to the wikileaks argument, but this whole topic makes me crazy- genuinely hostile to anyone that suggests there are sides to this “debate”. I see this wikileaks drama as real, indisputable evidence that the state and our media are every bit as terrible as I thought they were. I can’t see, for the life of me, how extrajudicial assassination or other blatantly illegal and unconstitutional “remedies” can ever warrant discussion in a democracy [let alone, dominate the discourse]. To me, this is the indication of a failed democracy; a corrupt state with no authority. I’ve reached new levels of despair; our systems are hopelessly corrupt to the point that change via the rules is impossible. All well, such is the misery of a petulant cry baby.

  21. Eusebio,

    There are times when there are legitimate reasons to keep information secret. Asymmetric information is exceptionally powerful in adversarial situations.

    Whether or not anything was leaked that should legitimately have been kept secret, it’s clear that it could have been, and I think it likely the WikiLeaks crew is unwilling or unable to make that determination.

    I agree that the proposed “remedies” are counterproductive, but it still doesn’t address the bigger underlying issue, that we are far more vulnerable to cyberwarfare than most Americans realize.

  22. filistro says:

    @Michael: There are times when there are legitimate reasons to keep information secret.

    Of course. Much of international relations are essentially just complex negotiations… as in “we may be willing to give a bit on A, but we’re holding the line on B unless we get C from you.” In any negotiation it is important (and not inherently “evil”) to keep some information secret. For instance if you are in thr midst of buying a house there is certain information you confide to your real esate agent, including exactly how much you are willing/able to pay. If somebody hacks into your email (or your agent’s) and provides the seller with that information, you have irretrievably lost a critical advantage.

    In human dealings “complete openness” is a lofty ideal… but often neither practical nor sensible.

  23. Eusebio Dunkle says:

    @michael,

    “Asymmetric information is exceptionally powerful in adversarial situations.”
    Ah yes, adversarial situations, like Hillary Clinton and the U.N,
    the US government and its citizens, or
    multinational corporations and the unwashed masses

    Adversarial situations, or propagandizing situations, whitewashing situations, or any situation in which asymmetric information can facilitate the covering up of complete lawless corruption.

    @filistro,

    I can accept some things. But when people/nations are completely unaccountable for their repeated crimes and its been proven they hide their unlawlful acts from the citizens, they deserve no protections, no presumption innocence, no right to secrecy for any reason, whatsoever. Such a person/state has no authority and must be removed/dismantled. They are simply not compatible with any social contract.

    Thanks to the prior administration and the present one we now have the following acceptable precedents in this country:
    1. Start aggressive, unprovoked wars based on lies. Proven lies.
    2. Institute torture regimes and rely on friendly totalitarian regimes for when the torture needs to be extra super bad
    3. Use automated robots to bomb (and deny bombing) civilians (and accused evildoers, even US citizens) within the borders of sovereign nations
    4. Kidnap citizens from within the borders of sovereign allied nations, evidently even perfectly innocent people, for torture (and extra super bad torture) and then threaten those allies as they attempt to prosecute these crimes
    And 5 – 347 are other nefarious things

    Are these the kinds of negotiations we should protect ?

    As one recent cable proved [like many cables, this was simply confirmation of rumor], a convicted terrorist was released to save oil contracts.
    Is this the messy, non-ideal negotiation that should remain secret? At least let’s attach some numbers on that transaction so we can tell if were getting a good deal when it swings in the other direction, e.g. Saudi Oil / Pakistani ‘cooperation’ in exchange for overlooking their financial culpability for the last decade’s worth of terrorism. I mean, I just want to make an informed decision about whether the “negotiations” of my government are benefiting me.

    Apparently, once you reach some certain level within existing institutions there is no rule of law. For instance, a low level diplomat can publish a report, available to over a million people world-wide, which details their intention to cover up child sex slavery by US contractors. Apparently, this is SOP and its nothing but treasonous espionage for a foreign journalistic entity to leak this information to the public

    There can be no secrecy when there is no trust. And, as has been shown countless times, these people including the BHO administration, can not be trusted to tell the truth… literally, even in the face of indisputable evidence that they are lying. This is psychopathic.

    Contrary to what it might seem, I do not harbor much blame for individuals. Instead our state/leadership/whatever is a place where a bunch of normal well-intentioned (usually) people connected in abstract bureaucratic self-propogandizing way , which in the whole essentially duplicates the behavior of a evil sociopathic nation state. (aka Brazil!) This is why the state has no authority. It is the machine itself that is broken and must be dismantled.

  24. Eusebio,
    As I said, it may not be this time, but that sounds like security by accident to me.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s