As WikiLeaks supporters and hackers hit PayPal and PostFinance with denial-of-service attacks for anti-WikiLeaks behavior, the group is also targeted in a DoS counter-attack.
The anonymous group of hackers that launch denial-of-service
attacks against the entertainment industry refocused their campaign to target
companies perceived to be anti-WikiLeaks. In response, the same group is also
currently under a DoS attack for supporting the whistle-blowing site.
"We fight for the same reasons," such as more
transparency and stopping censorship, and will "attack those against"
WikiLeaks, the group said in a statement on its Website on Dec. 5. The group
plans to do several things, including organizing distributed DoS attacks on "various
targets related to censorship," according to the statement.
Dubbed Anonymous, the group has an ongoing "
Operation
Payback" campaign against "anti-piracy groups," and have
targeted Motion Picture Association of America and the Recording Industry
Association of America in the past.
The group's first victim was PayPal, knocking the payment
service's blog offline by early morning on Dec. 4, according to the
cyber-security
researchers at Panda Labs. PayPal had posted a statement on the blog that
it had restricted the whistle-blowing site's account for violating the
Acceptable Use Policy with "activities that encourage, promote, facilitate
or instruct others to engage in illegal activity." Supporters had been
using the PayPal account to make donations to keep the site going.
After the blog went down, there was an announcement on
Twitter: "TANGO DOWN-thepaypalblog.com-Blog of Paypal, company that has
restricted Wikileaks' access to funding."
PayPal got the blog back online after 8 hours and 15
minutes of total downtime and 75 service interruptions, according to the Panda
Labs researchers. It wasn't over, as the second attack hit the main PayPal site
on Dec. 6. Shortly after, Anonymous' Website became unavailable, "presumably
under counter DDoS attack," said Panda Labs. The site currently has a note
up confirming that it was under "heavy" DoS attack, more than 6 hours
after it began.
Despite being hit, Anonymous targeted PostFinance, the
Swiss bank that froze $41,000 in an account set up as a legal defense fund for
WikiLeaks founder Julian Assange, on Monday afternoon. PostFinance's Website
went offline around 12 p.m. EST,
according to Panda Labs. It is still inaccessible, more than 10 hours
later.
DoS attacks are becoming the tool of choice for making a
statement to protest "hacker injustice," according to Noa Bar Yossef,
a senior security strategist at Imperva. In a classic example, hackers are
trying to make money, but Operation Payback's supporters are using the attacks
to "cripple a service, disrupt services, protest their cause and cause
humiliation," said Yossef.
In the classical scenario, the DoS attacks are carried
out by botnets comprising zombies, computers belonging to innocent individuals
who'd been tricked into downloading bot malware, she said. In Operation
Payback, however, participants are "knowingly" downloading the "DDoSing
malware itself," and there is "no victimized machine" in this "act
of defiance," she said.
WikiLeaks was hit by a DoS attack hours before the whistle-blowing
site was set to post more than 250,000
diplomatic
documents. The attack was to punish WikiLeaks for "attempting to
endanger the lives of our troops, 'other assets' & foreign relations,"
according to "th3ef35t3r," who claimed responsibility on Twitter. The
WikiLeaks.org Website was down for "1 day 3 hours and 50 minutes,"
according to Panda Labs. After a
second
DoS attack by an unknown attacker,
Amazon
terminated its hosting services. On Dec. 3, the site's DNS provider stopped
service after yet another
DoS
attack hit everyDNS.
The first attack was a "simple DoS," as he
doesn't use "intermediaries or botnets," according to th3ef35t3r's
Twitter account. The attack was carried out by the XerXeS tool, which can
produce an automated DoS attack from a single low-spec computer, according to
Anthony M. Freed, of security site
Infosec
Island.
An Anonymous member posted on Twitter, "I'm not
anti-government, anti-establishment, or anything of that sort. I'm just
anti-...anti-WikiLeaks."
Anonymous is also circulating a statement titled "Operation
Avenge Assange," asking for supporters to join in the DoS attacks and
mirror WikiLeaks, among other actions. According to the WikiLeaks site, there
are already more than 350 mirror sites helping to keep the site's content
online.
Anonymous has not said who the next targets will be or
whether the list will include Amazon and everyDNS. There is some speculation
that the group will somehow target the French government for pressuring OVH to
stop hosting the site.
"Whoever tries to silence or discourage WikiLeaks
favors world domination rather than freedom and democracy," the group said.
Email
Print
