WikiLeaks cyberattacks now involve Visa, Facebook, Twitter, MasterCard

The cyberattacks against corporations that move against WikiLeaks founder Julian Assange appear to be escalating.

After bringing down his Swiss bank's website last week, and MasterCard's site Wednesday, a loose coalition of hackers calling themselves Operation Payback brought down Visa's website Wednesday afternoon.

Companies are fighting back. In the latest salvo, Facebook and Twitter both pulled Operation Payback's websites Wednesday afternoon, cutting key lines of communication with the "troops" in this cyber-battle.

What damage remains is hard to assess, as MasterCard and Visa continue to try to re-establish full functioning of their websites. If nothing else, Operation Payback has drawn attention to the vulnerability of many companies to this sort of cyberattack. As President Obama said in May 2009, "This cyber threat is one of the most serious economic and national security challenges we face as a nation.... This status quo is no longer acceptable – not when there's so much at stake. We can and we must do better."

For the attackers, the real benefit may be attracting attention to their cause.

Where did these so-called cyberwars begin?

Last week, WikiLeaks announced the planned release of thousands of classified government cables. Its website was quickly knocked out, presumably by those who didn't want the material released, but WikiLeaks shored up its digital defenses and proceeded.

Governments, media, and others reacted with shock to the leaked cables, and responded by accusing WikiLeaks founder Julian Assange of assorted crimes, closing his accounts, and calling for his extradition. Private companies got involved as well: Amazon.com stopped hosting WikiLeaks, PayPal stopped allowing money transfers to him at the urging of the State Department, and this week MasterCard and Visa followed suit.

Angry supporters of WikiLeaks saw these moves as attempted censorship, and announced that they would "fight for freedom." A group of hackers collectively called "Anonymous," photographed only in Guy Fawkes masks, stepped into the fray.

"Mastercard, Visa, Paypal, Amazon all betray America by betraying Free Speech," wrote "Guy Fawkes" on the Operation Payback Facebook page, early Wednesday morning. "You will all be dealt with. Anonymous is on your case. WikiLeaks cannot be silenced!"

Anonymous responded to Assange's real-world challenges with cybersphere assaults against the various organizations.

Anonymous's offensive division, known as Operation Payback, controlled a digital "cannon" that could blast websites of their choosing through distributed denial-of-service (DDoS) attacks. Operation Payback had previously targeted groups that tried to prevent the illegal download of movies, music, and games, as well as the Church of Scientology (no relation to The First Church of Christ, Scientist, that publishes The Christian Science Monitor) and KISS performer Gene Simmons.

Last week, Operation Payback launched DDoS hits against the website of Assange's Swiss bank, which briefly shut down, and then moved on. On Dec. 8, Operation Payback focused its attention on MasterCard. It flooded MasterCard.com throughout the day, knocking it out of commission from 5:30am Eastern Time till about 4 p.m., at which point the website flickered in and out of service, as it continued to do for hours.

Why did MasterCard recover?

In part, perhaps, because Operation Payback had re-aimed its cannon: Visa's website went down just as MasterCard's began to mend. Three hours before, at 1:15pm, Visa spokesman Ted Carr had announced, "Our website is operating normally," which another spokesman reiterated at 2:30pm.

About the same time that Visa came under attack, third parties Facebook and Twitter stepped into the fray. Operation Payback had used its Facebook page (link now broken) and Twitter feed (link now broken) to direct attacks and provide links to instructions on how to participate. Facebook sent Operation Payback a message:

Your Page "Operation Payback" has been removed for violating our Terms of Use. ... Pages that are hateful, threatening, or obscene are not allowed. We also take down Pages that attack an individual or group... If your page was removed for any of the above reasons, it will not be reinstated.

The loss of its Facebook page didn't seem to slow down Operation Payback; its Twitter feed continued to direct and celebrate their efforts, until it, too, went dark about 6 p.m., by which point Visa.com and MasterCard.com were recovering. Having lost these social network connections, Operation Payback is still able to reach out to supporters via IRC and 4chan, hacker-friendly Internet forums.

How does a DDoS attack work?

Individual computers join together to form a collective unit that tries to access the same website thousands of times per second. Most website servers aren't designed to take that many requests at once, and they collapse under the pressure.

In many DDoS incidents, computers are directed against their target without the knowledge or consent of their owners. Operation Payback appears to be volunteer-driven, calling upon interested people to download its program and point it at a chosen target.

Like a firehose pouring into a kitchen sink, a high volume flow can overwhelm a system quickly, causing a server to crash – or a kitchen to become flooded. But in both cases, the problem only lasts as long as the flow continues. Once the firehose turns away, or once Operation Payback targets a new system, the accumulated attempts can wash through – down the drain – and leave little permanent damage.