Attackers hit the Website for MasterCard in an apparent cyber-retaliation for the company’s decision to stop processing donations to WikiLeaks.
MasterCard joined a growing list of companies targeted by hacktivists associated with Anonymous, a loosely affiliated group tied to the 4chan message board. The attack was confirmed in a tweet this morning by user @Anon_Operation: “WE ARE GLAD TO TELL YOU THAT http://www.mastercard.com/ is DOWN AND IT’S CONFIRMED! #ddos #wikileaks Operation:Payback(is a b***h!) #PAYBACK.”
MasterCard has said it decided to cancel its business with WikiLeaks because the company’s rules prohibit customers from directly or indirectly engaging in or facilitating criminal behavior. The credit card company has become the latest in a string of companies and institutions being targeted in retaliation for recent actions against the site.
On Dec. 7, attackers struck back at the Swedish prosecutor by launching a denial-of-service (DoS) attack on www.aklagare.se, making it impossible to access the site until recently. Swedish authorities pushed for the arrest of WikiLeaks founder Julian Assange, who was taken into custody in the U.K. earlier this week on sexual assault charges.
In a statement, the prosecutor’s office confirmed the DoS attack and said the incident has been reported to police. In addition, the office warned the Website may continue to be unstable due to future attempts to overload it.
Preceding the assault on the prosecutor’s site, defenders of WikiLeaks went after PayPal in retaliation for the company blocking WikiLeaks’ donation account. The PayPal blog was knocked offline for more than eight hours Dec. 4. A second attack targeted the main PayPal site Dec. 6.
Also targeted was the Website for PostFinance, a financial institution in Switzerland, that froze Assange’s account, claiming he had lied about his residency. That site is now back online.
WikiLeaks has been victim to DoS attacks itself recently, and decisions by Amazon and EveryDNS.net to cut service have forced site operators to adjust. The site is now mirrored on more than 1,000 sites, according to information from WikiLeaks.
“Attacking a Website because you disagree with its politics or business decisions is a criminal activity,” opined Chet Wisniewski, senior security adviser at Sophos. “While those who are participating in these attacks are lashing out against practices they feel are unjust, this does not make it legal. People who feel strongly about the right to publish information that exposes the government’s secrets would be better spending their time, effort and resources to provide a safe, reliable home for the WikiLeaks data. Resorting to (distributed-denial-of-service attacks) and use of malware diminishes their political goals and harms the larger innocent public without any justification.”
Paul Mutton of Netcraft blogged that as more companies cut ties with WikiLeaks, he would not be surprised to see additional attacks.
“Concurrent attacks against the online payment services of MasterCard, Visa and PayPal would have a significant impact on online retailers, particularly in the run-up to Christmas,” he noted. “Although (DoS attacks) are illegal in most countries, Operation Payback clearly has a sufficient supply of volunteers who are willing to take an active role in the attacks we have seen so far.”