DDOS Attacks

2011-01-04 Convictions of an Anonymous Legion

ImageUnless the sources of the DDoS attacks being carried out by Anonymous are identified and stopped, there seems to be no end in sight for their deluge of operations. These 'AnonOps' are presented as global outreach operations of sorts, aimed at assisting individuals and organizations subjected to persecution by governments and other institutions aiming to silence free expression and dissent.

The Tunisian people are perceived by Anonymous to be in need of global support and the same can be said of Wikileaks. In particular, the consensus seems to be that governments and other powerful bodies have chosen to pursue Julian Assange and his collaborators for having exposed crimes committed by those same institutions. As Assange has often pointed out himself, it is a disturbing fact about the current situation that upon learning about the horrendous crimes exposed through the leaks, the first impulse has not been to pursue the culprits, but instead to punish individuals who acted on conscience to make those crimes known.

Whether the Anonymous group can succeed in its attempts to raise awareness of these issues and to discourage censorship hangs on the question of whether its members can be stopped. How likely is it that Anonymous members will be identified prosecuted?

2011-01-04 Nonoperational Site Update: Wrath of Anon in Tunisia

As of yesterday, the following 7 Tunisian sites appeared to be down. They remain nonoperational at this time.

The following 2 sites have been down for longer than 24 hours:

In addition to these, the following sites are also down today:

It is likely that the DDoS attacks are being continually carried out on sites that have managed to regain temporary functionality. To verify whether a site is only inaccessible in your own area or more generally, you may enter the site URL here.

Go to: Convictions of an Anonymous Legion

2011-01-03 Update: The Wrath of Anon in Tunisia

If you thought the The Anonymous Group had hung their suits for the night, think again. The following is a list of additional Tunisian government and financial sites that have been rendered nonoperational; at the time of this publication, each is still down:

www.bmvt.com.tn - Tunisian Stock Exchange

www.sicad.gov.tn - Tunisian Foreign Relations

www.industrie.gov.tn - The Ministry of Industry

www.commerce.gov.tn - Tunisian Government Commerce

www.carthage.tn - The Carthage Palace: Presidency of The Republic of Tunisia

benali.tn - Presidential Elections Site

www.ministeres.tn - Tunisian government site listing various ministries

Expressed motivations for these attacks, as well as yesterday's DDoS attack updates, can be found here.

2011-01-02 Update: Anonymous Attacks on Tunisian Government Sites

Update 1 :

Anonymous hacktivists have been busy today carrying out attacks on the Tunisian government site located here (IP address: The site is still down as of the publication of this update, and has been down for several hours.

According to IRC chats with various Anonymous members who appear to be well-informed regarding current events in Tunisia, the motivations for the attacks are numerous, ranging from Tunisia's general and long-standing affinity to Internet censorship, to recent riots in Sidi Bouzid and surrounding towns being covered by various media sources.

Another relatively recent act of censorship that seems to have served as the basis for the present call to arms is the Tunisian government's decision to censor online access to Wikileaks and other whistleblowing sites (like TuniLeaks) that make reference to Tunisia or contain certain keywords that might suggest reference to Tunisia.

The Anonymous group, while diverse, intractable and virtually indefinable in terms of a steady membership class, is nevertheless united in its ideals pertaining to freedom of expression and a collective distaste for censorship, inspiring this most recent declaration:

The Tunisian government wants to control the present with falsehoods and misinformation in order to impose the future by keeping the truth hidden from its citizens. We will not remain silent while this happens. - Anonymous

There have been rumors of possible imminent attacks on 3 further Tunisian sites but they do not appear to be in progress at this time.

Read more here and here. For those who are unable to access media sources due to censorship in their own area, this screenshot may be accessible as an alternative (c/o @AnonymousIRC via Twitter).

Update 2 :

The following sites have also been taken down: www.marchespublics.gov.tn and www.pm.gov.tn. As of 9:05 Eastern Standard Time, the former site displayed this message. This is the welcome page for Mohamed Ghannouchi, the Tunisian Prime Minister. A cached version of the page can be viewed here.

Go to the third update, containing a more exhaustive list of sites taken down.

2010-12-30 From Ion Cannon to BotTorrent: Potential new paradigm in hacktivism

The Low Orbit Ion Cannon, or LOIC, is a popular tool for taking down websites these days. It was used on Visa, Master Card, Paypal and other institutions by "Anonymous" hacktivists.

LOIC is easy to download and requires minimal technological savvy for its use. One runs the program, enters a targeted IP address, confirms, and watches as the program floods a site's host with TCP packets, UDP packets, or HTTP requests. Eventually, the ability to handle further requests is lost and the site goes down, becoming unresponsive. This is termed denial of service and the attack is a distributed denial of service (DDoS) attack on the basis that the attacks are distributed across various sources.

The resulting downtime of the site is temporary, of course, but the attack's perceived consequences can range from slight inconvenience to severe paralysis. As is widely known, the stability of a web site is a strong determinant of its popularity. Yet the goal of such attacks, as articulated by some of the Anonymous group members, is not terminal destruction but to raise awareness.

A new weapon of mass awareness is in the horizon, however, that may very well step up the severity and efficiency of these attacks. If effective, it will set into motion attacks originating from thousands of computers worldwide. The difference? End-users will not necessarily know they are participating in the attacks. Here's how it would work.

A home user navigates to a torrent search engine to download a popular file (a film or TV show, for instance). As this image illustrates, the file may have several thousands of leechers or seeders; these numbers may increase to the hundreds of thousands in some cases, depending on the popularity of the file. For simplicity, think of each leecher as one computer attempting to download the file.

As a presenter at the most recent Chaos Communications Congress articulated, by manipulating the data being communicated through BitTorrent clients, one can create the appearance of availability for a given file and cause leechers to attempt a download. The leecher would not actually be downloading the intended file, but attacking a target IP without their knowledge. This would result in the flooding of the target host and, in many cases, eventual take-down of the target site.

This new technology, termed BotTorrent by TorrentFreak's editor-in-chief, would have revolutionary significance not merely in virtue of its creative underpinnings,* but in terms of legal responsibility. Clearly, it is unlikely that end-users would prosecuted for carrying out an attack of which they had no knowledge. Furthermore, given the number of unknowing users carrying out the attacks, the magnitude of the attacks would expand massively. Word on the tweets is the technology is capturing the imagination of developers.

* Addendum: This new derivative technology may clearly be used for a variety of other purposes that do not involve hacktivism. (Many thanks to Kris Kotarski for highlighting the importance of this fact.)

2010-12-28 Operation Payback DDoS attacks on Bank of America

Shortly after Bank of America decided to halt the processing of Wikileaks-related transactions, it became the newest target for the anonymous group who set into motion Operation Payback, a hacktivist movement aiming to "raise awareness about WikiLeaks and the underhanded methods employed by ... companies to impair WikiLeaks' ability to function." (Press release in pdf format)

On Monday, Bank of America's web site suffered sporadic downtimes, apparently as a result of DDoS attacks--the same kind of attacks that also plagued Visa, Master Card and Paypal, each of which also recently halted its financial services to Wikileaks.

Raw Story was able to confirm, via two third party website verification services, [Bank of America's] site difficulties on Monday (with screenshots here and here).

Greg Mitchell, who pens The Nation's media blog, also noted sporadic outages on Bank of America's domain.

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer