WikiLeaks cyberattacks Q&A: MasterCard and Visa 'have egg on their faces.'
'MasterCard died quick,' Gregg Housh, an unofficial spokesman for the hactivists known as Anonymous, says in an interview with the Monitor. 'Visa went down in 30 seconds.'
(Page 2 of 3)
CSM: How many of those "movers and shakers" are there?Skip to next paragraph
Subscribe Today to the Monitor
GH: Out of the 3,000 [on the Operation Payback channel on the chat platform 4chan], there’s actually a couple hundred.
CSM: How does Anonymous choose a target like Visa or MasterCard?
GH: They haven’t had to. The best part for these Payback people for the last few days is they haven’t had to choose an enemy. Everyone that they’ve attacked has literally walked out in front of the bus and just been waiting to be hit. They’ve raised their hand and said ‘please attack me.’
CSM: But you have to pick one. You haven’t attacked EveryDNS, the company that dropped the domain name WikiLeaks.org. Why not them?
GH: Not big enough. Quite honestly, I'll tell you the real goal here, and one reporter I was talking to said, ‘Maybe I don’t want to cover it then,’ after I told her this. The only reason these DDoS’s actually work so well is because the press comes running every time they do it and ask for tons of articles. If they’re not doing the DDoS’s [distributed denial of service attacks], they’ll get an article a month maybe about them if they're lucky on the back page of some blog. When they DDoS something like Visa, then I end up on the front page of The New York Times and on CNN that day. The DDoS’s are happening because of the coverage. There’s a secondary reason to it, and there is a purpose, but in all honesty it gets the media coverage on the points, on the messages.
CSM: How do you pick a time to launch an attack?
GH: Visa stepped up and volunteered [when it refused to process financial transactions for WikiLeaks]. And then people start looking at the website. ... They were talking about this one [IP address] that seemed to be the actual central one and if you were to hit that, then maybe the whole thing might come down. Boom. They change the target to it. Everyone’s bots, or everyone’s copy of LOIC [Low Orbit Ion Cannon software], switched to that, and that site just dropped quick. So whoever figured that out is quite the intelligent guy.
CSM: So give me a better sense of that. You’ve got these botnets, and there’ll all voluntary?
GH: Yes. This is the first voluntary botnet in the world to actually be exercised, the first one. You get on the IRC [Internet Relay Chat, which is done on the Anonymous channel of 4chan] and one of the first things you see in the initial message is if you want to join go to this channel on the chat channels named "setup," and they give you a link to download the executable, and there's people there willing to help you install it if you don't know how, and they just say minimize it when it's installed and we'll do the rest.
CSM: To launch a DDoS that’s actually going to bring down MasterCard, how can that be done with just voluntary botnets?
GH: Thousands and thousands of people. ... You would think MasterCard was better than that. But did you see PayPal fall today? They were hit by the same botnet and they didn’t go down. PayPal did not fall. Amazon did not fall. It slowed a little but only a little, it was still usable. Amazon didn’t slow down at all. MasterCard died quick. When they went after MasterCard, it was down in five minutes. This is somewhat a talk about the power of the voluntary botnet, but it’s also at some point a talk about just how bad their setup was. Visa went down in 30 seconds.