Social Networks as a Breeding Ground?
Such tactics are growing in prevalence as hacktivists take their causes to the Web. WikiLeaks itself has been the victim of denial-of-service attacks as well, starting with one that occurred just hours before the site leaked U.S. diplomatic cables. According to Ollmann, the researcher with Damballa, opt-in botnets were involved in cyber-attacks that occurred during the controversial elections in Iran in 2009. Twitter found itself in the center of discussions during the Iran controversy as many users leveraged the micro-blogging service to organize protests. Its role as a digital gathering ground has continued in the latest WikiLeaks' controversy. Facebook has been at the eye of the storm as well, and recently took down a page associated with Anonymous' "Operation Payback" for violating the social network's terms of service."We haven't received any official requests to disable the WikiLeaks page, or any notification that the articles posted on the page contain unlawful content," he said. "If we did, of course, we would review the material according to our rules and standards, and take it down if appropriate. The mere existence of a WikiLeaks fan page on Facebook doesn't violate any law and we would not take it down just like we don't take down other pages about controversial topics." He added that Facebook is continuing to monitor the situation. Joe Stewart, director of malware research at SecureWorks, said it is not fair to ask social networks to take a proactive role in detecting attempts by attackers to coordinate illegal activity because it would be impractical and set a "bad precedent" by forcing providers to spy on their users. If someone reports a terms-of-service violation however, social networks should act appropriately, he said. The bulk of the members of these groups, Stewart said, "don't realize the level of forensics that can be performed on their computers to show the evidence where and when the (bot) file was manually downloaded - they are just following instructions, and those instructions often suggest that a) you can just claim your computer was infected by a virus and b) if there are thousands of people involved, law enforcement can't arrest everyone." Traditionally however, the people targeted by law enforcement are the organizers - often using laws related to promoting or endorsing a criminal act, Ollmann told eWEEK. "As for participants - if there are a lot of individual protest members - it will be difficult for law enforcement to proceed with a case against them beyond a warning," he said. Still, HD Moore, chief security officer at Rapid7, opined that the people behind the denial-of-service attacks are not helping their cause, and may inadvertently discourage other corporations and banks from doing business with WikiLeaks in the future. A 16-year-old boy has already reportedly been arrested by Dutch authorities for his involvement in the attacks. "If you're joining the botnet or the voluntary botnet...your IP address is going to show up in MasterCard's logs and be logged with everybody else who participated...So I hope those folks realize that they may have the FBI knocking on the door in about two months," Moore said.
The page was disabled because it was being used to organize denial-of-service attacks, Facebook spokesperson Andrew Noyes said. The WikiLeaks page, however, has yet to violate any policies, he noted.