Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Interesting DDOS activity around Wikileaks - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Interesting DDOS activity around Wikileaks

Valentin reports that several sites related to the recent activity around Wikileaks and the prosecution of Julian Assange seem to be under DDOS, confirmed here ==> http://www.bbc.co.uk/news/technology-11935539

The main Mastercard website is offline right now - note that this outage does not affect transaction processing.  The Swedish prosecutors office was taken offline, they were back on around 12:30 GMT.  Other sites that the attackers deem to be "anti-Wikileaks" are also affected.

The attackers are rumoured to actually be asking for volunteers "for the cause' in their activity.  Since this activity is illegal in most countries, participating in these attacks may have legal implications.  Readers should use caution, participation in something like this is NOT anything like donating to a charity - it's more like smashing windows and setting fires at a peaceful demonstration.  Plus knowingly downloading code to participate in a botnet isn't the best move for the continued health of your workstation ...

If we see developments in this story, we'll update this post.  Comments of course are welcome!

=============== Rob VandenBrink Metafore ===============

Rob VandenBrink

497 Posts
ISC Handler
It is also, however, terribly common for computers to be co-opted into botnets through unpatched vulnerabilities, thus providing plausible deniability. There is also at least one open source voluntary botnet agent out there called Low Orbit Ion Cannon, which has been called into use a couple of times at least once this year for revenge DDoS. It's not impossible that someone who is sufficiently clued in and motivated to seek out and make use of such a tool would be sure to back their data up and open fire, later claiming that they'd been compromised.
No Love.

37 Posts
to me there is no known case where a botnet member (zombie pc) has been sued.

and yes, loic is used against the "anti-wikileaks" targets, as well as other tools, like slowloris and so on. they changed targets, yesterday it was postfinance.ch which was down for 2 days i think.
No Love.
27 Posts
While I find the actions of the individuals perpetuating these DDOS attacks deplorable, it is rather interesting as an observer to see something like this being driven by what some deem a 'social injustice' being done on such a large scale. Also very scary.
No Love.
1 Posts
I think this has actually impacted MC payment processing. I was purchasing airline tickets online in a routine transaction, and the mastercard securecode stage stalls and fails. The transaction eventually worked after several attempts, but I would definitely call this "affected"
No Love.
1 Posts
I think what we are witnessing is the power of the "cloud" being flexed for the first time. As people begin to understand what they can do, we may see this happening more often.

"May you live in interesting times." - Unknown
RobM

14 Posts
http://www.visa.com is down now too
RobM
2 Posts
Anybody know what IP LOIC is currently pointed at?
hacks4pancakes

48 Posts
My bank is still online. I'm lucky ;-)

Let's face it: wikileak's next target is a bank and those are nervous or maybe driven.

The reaction was foreseeable.

No related activity here.

Would be interesting to know which component does not match these attackes.
Jens

42 Posts
http://twitter.com/Anon_Operation . They link to tools etc. That's not really my point. It's pretty simple to get on their IRC server(s) and monitor C&C. Also in channels like #target they talk about "next targets". Most of the channel chatter reminds me of "herding cats". Can be interesting to read at time amongst the chaos.
Anonymous
On more thing for those who aren't aware. LOIC is a self joining "botnet" (so to speak). That is, they are just asking people to "join" the DDoS cause by downloading the DDoS client(s).
Anonymous
On more thing for those who aren't aware. LOIC is a self joining "botnet" (so to speak). That is, they are just asking people to "join" the DDoS cause by downloading the DDoS client(s).
Anonymous
Due to the global economic depression, which is ongoing, the unemployment rate among youths ages 16 to 24 is sky high (over 50%) throughout the Western world. Incidentally, the bored children that make up "anonymous" are primarily in that age bracket. And they have computers.

This is simple juvenile miscreant behavior among a generation that by and large has no future. In between their 14 hour video game sessions they are looking for lulz and, like most youth, they are mildly anti-authority in that rebel-looking-for-a-cause sort of way. So the hive mind nudges the herd in this way or that and sometimes it becomes a stampede.

What will be most amusing is when someone tries to bring criminal charges against "those responsible" for these DDoS attacks. Because there is no "one" responsible.
Anonymous
These guys... I agree with most of what you said. But seriously, "Due to the global economic depression"? IMHO 16-24 year olds have been doing similar 'stupid crap' like this for centuries. However, that'd be a interesting study :)

Unfortunately, these 'simple juvenile miscreants' can actually do damage. As a collective effort, I saw them take down visa.com in a matter of a couple of minute.
Anonymous
Da Beave,

Paypal is down at the moment so I'd say their ability to "actually do damage" is confirmed.

I'm simply saying that if these kids had jobs and direction in life and some kind of future to look forward to other than unemployment and living in their parent's basements playing WoW, maybe they'd be less likely to engage in this sort of behavior while defining their world view with the movie line, "some men just want to watch the world burn."

Idle hands and all that.

Furthermore, a substantial amount of the support for Wikileaks lies outside of the U.S. and part of the impetus behind this is various groups trying to prove that the U.S. does not own or control the internet. Interesting times we live in.
Anonymous
http://twitter.com/Anon_Operation has been suspended by twitter
Anonymous
"if these kids had jobs and direction in life and some kind of future to look forward to other than unemployment and living in their parent's basements playing WoW"

Generalise much ? And you never mentioned virgins or empty pizza boxes once !
lansalot

20 Posts
from what i read on the underground forums a lot of those kids actually have jobs and just use their computers and small botnets.

those (i call them) "internet demonstrations" are pretty impressive. with increasing DSL bandwidth we will see more attacks like this in the future and i am looking forward to this.
lansalot
27 Posts
I think we might also be underestimating how many people who took part are clued-in and feeling like they can't make a difference in the world any other way. Someone made it possible for them to make their opinions known in a measurable way and they took it. When things look bleak and people are willing to join in, some scary things can happen.

I'm waiting for reports of targeted malware attacks that used the DDoS attacks as cover to start coming out. "Never let a crisis go to waste," and all that.
No Love.

37 Posts
Amazon is next on the list... Let's see how they handle the attack...
No Love.
3 Posts
Amazon is next on the list... Let's see how they handle the attack...
No Love.
3 Posts

Sign Up for Free or Log In to start participating in the conversation!