How pro-WikiLeaks hackers wage cyberwar without hijacking your computer
Some 'hacktivists' use malicious software to capture and control unwitting computer 'zombies,' but WikiLeaks avenger 'Anonymous' is using social media to mobilize hordes of volunteers.
(Page 2 of 2)
"When you get a whole bunch of people who happen to have say, only 10,000 machines under their control or less, none may be individually capable of building a really big botnet," says David Dittrich, an expert in denial of service attacks at the University of Washington. "But if someone can get them all on the same page through blogging and twittering, and get them at the same time instead of dispersed, you get effectiveness of a much larger botnet."Skip to next paragraph
Subscribe Today to the Monitor
Anonymous members have essentially posted virtual handbills across the Internet to rally new participants. Twitter posts have been used to organize, time, and target their attacks.
"We will fire at anyone or anything that tries to censor WikiLeaks, including multi-billion [dollar] corporations such as Paypal. Twitter, you're next for censoring #WikiLeaks discussion," reads a virtual handbill circulated on the Internet Monday prior to a second DDoS attack on Paypal, according to Panda Labs, an Internet security research firm.
The same cyberposter that announced an attack on PayPal also advertises how to locate and use Anonymous's homegrown cyberattack weapon, dubbed the Low Orbit Ion Cannon (LOIC). That fanciful name (accompanied by equally fanciful graphics of a space-laser-like weapon come hovering above the Earth in another file), is essentially about organizing a botnet or group of computers for DDoS attacks.
Social networks spread the word
"We're seeing more and more instances where social networks are allowing a message to spread to large number of people very quickly," says Professor Dittrich. "So it's representative of what we've seen before, but at a far larger scale and moving more rapidly than anything we've seen."
The Anonymous LOIC botnet is voluntary. Likeminded individuals can visit a website or other Internet location and get the electronic files needed to turn their computer into a larger weapon that attacks various sites. By Wednesday morning, Panda Labs reported roughly 2,200 computers at one point joining the LOIC attacks.
But the LOIC could be primarily a public relations smokescreen, a figleaf intended to convey an uprising of morally outraged masses, experts say. By itself it is not nearly powerful enough to bring down a large robust website. Even a botnet with 10,000 computers would not be nearly enough to cause serious trouble to Visa or Mastercard, Dittrich says. It requires getting many botnet operators or bot-herders to participate of their own free will, he says.
Operation Payback may be novel in scale, but not in approach. At a World trade organization meeting in Seattle in 1999, a group calling itself the "Electronic Disruption Theater" offered software code that would run on individual computers, so that DDoS attacks on the websites for the meeting would appear to come from thousands of volunteers that didn't like WTO and wanted to protest. The Anonymous attack appears to be the same, but far larger – and drawing in other bot-herders, too, Dittrich says.
"Anonymous now has a bunch of people using a bunch of different types of attacks," he says. "Whatever they have on hand."
"I am of the firm opinion that bot herders (botnet administrators) are lending a few hours of their botnet time," writes Faisal Khan, CEO of Net Access Communication Systems, an expert in denial of service attacks. Small botnets with just 250 to 500 machines "are sooooo common that 16-year-old kids are herding such a bot."
There are literally tens of thousands of such-sized bots, he writes. So when news hits that Paypal is under a DDoS, many small botnet herders may just decide to spend an hours worth of their botnet time hammering it, too. "Add a couple of hundred bot nets doing this and PayPal will have a very hard time staying up," he says.