Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • IT Management
    • PC Hardware

    WikiLeaks Supporters’ Attacks Show Power of Opt-in Botnets

    Written by

    Brian Prince
    Published December 9, 2010
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      The WikiLeaks controversy has spilled far beyond discussions of classified documents into the realm of cyber-security, where reports of denial-of-service attacks against everything from MasterCard to PayPal have flooded the press.

      Behind those reports, though, is the growing issue of opt-in botnets powered by users who intentionally install software to take part in cyber-attacks. The concept is not new; but such botnets are increasingly being used as a vehicle of protest by hacktivists looking to voice their displeasure.

      “Opt-in botnets are a different breed of threat,” said Gunter Ollmann, vice president of research at Damballa, who recently wrote a paper on the issue (PDF). “While criminal botnets require the invisible and unauthorized installation of a malware agent – which is generally illegal in most Western countries – ‘choosing’ to install the software and consenting to be part of a distributed platform is fine.”

      The software at the center of the attacks by Anonymous – a collection of hackers associated with the 4chan message board – is known as Low Orbit Ion Cannon (LOIC). According to Imperva, LOIC was originally an open source server load testing tool that was co-opted as a manual distributed-denial-of-service (DDoS) tool. As Twitter accounts have been taken offline, a hacker updated LOIC with a module that enables server command and control so that users don’t have to think about where to point the attack.

      “Operation Payback’s ability to challenge serious sites and do that simultaneously is very much coupled to the introduction of the new version with its C&C (command and control) capabilities,” said Amichai Shulman, chief technology officer, at Imperva. “My speculation is that due to the substantial increase in downloads it is highly likely this is no longer just a social movement, but also a technical movement like a botnet.”

      Anyone who wants to sign up for attacks can download LOIC from the Web and configure it to “Hive Mind” to connect to an IRC server, explained Vanja Svajcer, principal virus researcher at Sophos Labs. The attack begins when the nodes in the botnet receive the command from the IRC server.

      “The main purpose of (LOIC), allegedly, is to conduct stress tests of the Web applications, so that the developers can see how a Web application behaves under a heavier load,” Svajcer blogged. “Of course, a stress application, which could be classified as a legitimate tool, can also be used in a DDoS attack.”

      “(The tool’s) main component is a HTTP flooder module which is configured through the main application window,” he continued. “The user can specify several parameters such as host name, IP address and port as well as the URL which will be targeted. The URL can also be pseudo-randomly generated. This feature can be used to evade the attack detection by the target’s intrusion prevention systems.”

      “Using the Hive Mind mode, Anonops can launch attacks on any site, not just the one you voluntarily agreed to target,” he added.

      Social Networks as a Breeding Ground?

      Such tactics are growing in prevalence as hacktivists take their causes to the Web. WikiLeaks itself has been the victim of denial-of-service attacks as well, starting with one that occurred just hours before the site leaked U.S. diplomatic cables. According to Ollmann, the researcher with Damballa, opt-in botnets were involved in cyber-attacks that occurred during the controversial elections in Iran in 2009.

      Twitter found itself in the center of discussions during the Iran controversy as many users leveraged the micro-blogging service to organize protests. Its role as a digital gathering ground has continued in the latest WikiLeaks’ controversy. Facebook has been at the eye of the storm as well, and recently took down a page associated with Anonymous’ “Operation Payback” for violating the social network’s terms of service.

      The page was disabled because it was being used to organize denial-of-service attacks, Facebook spokesperson Andrew Noyes said. The WikiLeaks page, however, has yet to violate any policies, he noted.

      “We haven’t received any official requests to disable the WikiLeaks page, or any notification that the articles posted on the page contain unlawful content,” he said. “If we did, of course, we would review the material according to our rules and standards, and take it down if appropriate. The mere existence of a WikiLeaks fan page on Facebook doesn’t violate any law and we would not take it down just like we don’t take down other pages about controversial topics.”

      He added that Facebook is continuing to monitor the situation.

      Joe Stewart, director of malware research at SecureWorks, said it is not fair to ask social networks to take a proactive role in detecting attempts by attackers to coordinate illegal activity because it would be impractical and set a “bad precedent” by forcing providers to spy on their users. If someone reports a terms-of-service violation however, social networks should act appropriately, he said.

      The bulk of the members of these groups, Stewart said, “don’t realize the level of forensics that can be performed on their computers to show the evidence where and when the (bot) file was manually downloaded – they are just following instructions, and those instructions often suggest that a) you can just claim your computer was infected by a virus and b) if there are thousands of people involved, law enforcement can’t arrest everyone.”

      Traditionally however, the people targeted by law enforcement are the organizers – often using laws related to promoting or endorsing a criminal act, Ollmann told eWEEK.

      “As for participants – if there are a lot of individual protest members – it will be difficult for law enforcement to proceed with a case against them beyond a warning,” he said.

      Still, HD Moore, chief security officer at Rapid7, opined that the people behind the denial-of-service attacks are not helping their cause, and may inadvertently discourage other corporations and banks from doing business with WikiLeaks in the future.

      A 16-year-old boy has already reportedly been arrested by Dutch authorities for his involvement in the attacks.

      “If you’re joining the botnet or the voluntary botnet…your IP address is going to show up in MasterCard’s logs and be logged with everybody else who participated…So I hope those folks realize that they may have the FBI knocking on the door in about two months,” Moore said.

      Brian Prince
      Brian Prince

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×