Unusually heavy Internet traffic Wednesday morning crashed MasterCard's website, brought a shadowy Internet group into the limelight, and posed an intriguing question:
Did supporters of WikiLeaks – the website that recently leaked thousands of confidential government cables and whose founder has been arrested on rape charges – successfully attack one of the world's largest credit-card companies? MasterCard cardholders could still use their credit cards, but the Purchase, N.Y., company's website was down.
It was reported Tuesday that MasterCard and Visa were no longer allowing payments to WikiLeaks via their credit cards, following in the footsteps of PayPal, Amazon, and PostFinance.
On Wednesday, a largely anonymous Internet group, called Operation Payback, claimed responsibility for the attack. It announced, via Twitter, "WE ARE GLAD TO TELL YOU THAT http://www.mastercard.com/ is DOWN AND IT'S CONFIRMED!"
Its Facebook page and website proclaimed the need for unfettered freedom to "share, know, choose," asking visitors to "Heat [sic] our wish for uncensored internet." Images of Guy Fawkes masks and clenched fists accompanied banners like, "We are the people. We are [unprintable] tired of these rich greedy corporations [unprintable] over our lives to fill their pockets. It is time to fight back."
As of noon Eastern Time Wednesday, MasterCard's website had been down for hours. The problem wasn't uniform – the rate of failure depended partly on where one attempted to access the website, as this website shows in real time.
"MasterCard is experiencing heavy traffic on its external corporate website – MasterCard.com," MasterCard announced in a statement released just before 8 a.m. ET. "We are working to restore normal speed of service. There is no impact whatsoever on our cardholders ability to use their cards for secure transactions."
MasterCard stopped short of calling it an attack. Company spokesman James Issokson described it as "a concentrated effort to flood our corporate website with traffic and slow access." He wouldn't comment on who might be behind the "effort."
Operation Payback said it planned its MasterCard campaign for 5:30 a.m., which appears to be when the failures began. Its Facebook page offered a link to detailed instructions for how to participate in what's known as a distributed denial of service attack.
A traditional DDoS attack happens when scores of computers are instructed to visit a website simultaneously. This massive, instantaneous demand can overwhelm a server, rendering service slow or even knocking a website offline entirely, as appears to have happened to MasterCard.
Operation Payback calls this collective computing power "HIVEMIND." A medieval metaphor for this decidedly 21st-century attack: These computers function as battering rams, breaking down the doors – or walls – of digital castles. When knights used the giant trees to bash their way into ancient fortresses, they knew that the bigger the ram, and the more people pushing it, the faster they'd break through. The more computers that join into this shared system, the bigger the battering ram gets.