If you’ve been following the Wikileaks saga, you’ve probably heard that Paypal, Visa, and Mastercard have stopped processing donations to Wikileaks. In retaliation, Wikileaks supporters, operating under the collective name “Operation Payback”, have launched attacks on the 3 sites. They succesfully knocked both Visa and Mastercard’s sites offline for several hours yesterday, and apparently Paypal’s blog was down for a bit as well. So how are they doing this?
Major news sites throw the word “hacker” around, and I’d imagine most people picture a Russian guy in a dimly lit basement chains moking cigarettes and moving back and forth between 10 different computers.
The reality of the situation is that there are thousands of people responsible for these attacks… Responsible for not only the execution, but the selection of targets.
Imagine that a web server is a library of data. When you want information, you go to the front door. You knock on the door (enter the website address), and when the door is open (the server responds) you are handed the information that you’ve requested (download the site data from the server).
Now imagine that 50,000 people all show up to the library and simultaneously and knock on the door. They can’t all be accommodated at once, and this prevents people who are legitimately trying to access the site from being able to do so. This, more or less, is how a denial-of-service (DoS) attack works.
A distributed denial of service attack (DDos) is when multiple computers are responsible for the attack. A computer can be compromised (often via malware) and used as a “zombie”. Someone can remotely control a network of these zombie computers to launch an attack on a site.
This is not the case with “Operation Payback”, though. Supporters of Wikileaks are volunteering their computers (and bandwidth) to take part in these attacks.
LOIC (Low Orbit Ion Cannon) is basically a DoS tool for dummies. It allows people with little “hacker” knowledge to launch denial-of-service attacks by sending TCP, UDP, or HTTP requests to the target. To dumb it down a bit, it basically “spams” the server with requests from your computer.
LOIC attacks were being coordinated via Operation Payback’s Twitter account (@Anon_Operation). This account was removed by Twitter yesterday, but you can view Google’s cached version here. Once that expires, you can see a screenshot of some of the tweets here.
“Hivemind” LOIC allows volunteers to be even less involved in the process. Once installed, you simply point the application at an IRC server, and someone else controls the attacks. It’s like volunteering your computer as a soldier in a virtual army. When thousands of people do this, the person controlling the attacks has a pretty serious “army” at their disposal.
The risks involved in using Hivemind LOIC seem pretty slim. A “virus” could have caused your computer to launch similar attacks – this sort of thing happens more often than you’d think. Your computer illiterate aunt’s Gateway PC that is still running Windows 98 may very well be involved in hundreds of these attacks. Also, once a succesful DDoS attack knocks a server offline, the log files that’d normally be used to determine where connections were coming from most likely won’t be accurate.
Please note that I don’t condone committing a federal crime, nor am I participating in the attacks myself. But it’s pretty exciting to watch this all unfold, isn’t it?
Operation Payback is back on Twitter with a new account (Op_Payback), and as expected, they are coordinating attacks against Paypal and Amazon (who used to host Wikileaks, but pulled the plug on them last week). As of writing this, api.paypal.com is down.
Facebook and Twitter also dealt blows to Wikileaks by removing the Operation Payback accounts from these sites – are the two major social media sites the next targets?