WikiLeaks fans should think before they botnet
December 10 2010
Do you support WikiLeaks? Are you mad at critics trying to snuff it out? Maybe you're thinking about joining the online protests aimed at shutting down the Web sites of its opponents. Don't.
A loosely organized group of vigilantes under the name Anonymous have turned the botnet guns of their Operation Payback campaign, which previously targeted antipiracy organizations, on PayPal, Visa, MasterCard, Senator Joe Lieberman, Sarah Palin, and others who have criticized WikiLeaks or stopped doing business with the document-sharing project. The WikiLeaks fallout has hit a frenzy since the site began releasing diplomatic cables last month that have proved embarrassing for the U.S. government's diplomatic efforts.
The modern-day equivalent of walking the picket line with a sign is launching denial-of-service attacks against target Web sites in order to send a message and try to interfere with their business. But the electronic version is illegal.
"Participating in a botnet with the intention of shutting down a Web site violates the Computer Fraud and Abuse Act," said Jennifer Granick, a lawyer at Zwillinger Genetski who specializes in Internet law and hacking cases. "The thing people need to understand is that even if you have a political motive, it doesn't change the fact that the activity is unlawful."
One person accused of being connected with the attacks has already been arrested. Police in the Netherlands arrested a 16-year-old hacker earlier this week. It's unclear what his role allegedly was.
Typical botnets are created by criminals who use viruses and other methods to sneak malware onto computers that then allows them to commandeer the machines for distributed denial-of-service (DOS) attacks without the computer owners knowing it. Hijacked computers are being used in the Operation Payback campaign, but the focus has been getting individuals to voluntarily join.
Thousands of people from around the world are downloading the LOIC (Low Orbit Ion Cannon) software so that their computer will attack the targets the Anonymous organizers specify. New versions of the DOS tool have emerged this week. There is a version for Linux and a Windows version that includes a "Hivemind" feature to connect to an Internet Relay Chat server and allow the organizers to control what site the computer targets.
There is even a JavaScript version that runs on any device, including smart phones. "The JavaScript one, you just point the browser at a site and say 'go,'" said Jose Nazario, senior manager of security research at Arbor Networks.
As many as 3,000 computers voluntarily participated in attacks earlier this week, and an estimated 30,000 others appeared to be hijacked, according to Sean-Paul Correll, a threat researcher at Panda Labs who has been following the attacks closely and communicating with Operation Payback organizers.
There's a snag, however, for the volunteer botnet protesters--their Internet Protocol (IP) addresses are not masked, so the attacks could ultimately be traced back to the computers launching them, experts say. Of course, it's up to the discretion of prosecutors as to whether or not individual botnet volunteers will be fingered by authorities.
"There may be strength in numbers," said Granick. "There's only so many people the police could go after. But that doesn't mean that they couldn't find out who is behind the unmasked IP numbers and file computer charges against them."
Operation Payback is fending off DOS attacks that have scuttled its efforts. The servers being used to provide the infrastructure for Operation Payback have been taken offline intermittently. No one has taken responsibility for those attacks. "Right now it appears they are regrouping and strategizing for future attacks," said Correll. (Anonymous explains that its goal is to raise awareness not interfere with targets' critical infrastructure.)
Meanwhile, a separate campaign sprang up out of nowhere that could give WikiLeaks fans a more legal way of expressing their support for the cause. An online flyer for "Operation Leakspin" published by Boing Boing encourages people to find juicy bits in the leaked cables and spread them virally on the Internet in blog posts and YouTube videos and use unrelated tags that will ensure broad interest.
It's unclear who is behind Operation Leakspin. "There's no hierarchical structure (to the Anonymous collective), so when things happen, like their server infrastructure is under attack, people tend to want to take control of the campaign," Correll said.
"Even though thousands of people want to participate there doesn't seem to be a cohesive plan about what to do next," he said. "It's fizzling out."
View more news |