Anonymous and DDoS: I predict a riot

Anonymous and DDoS: I predict a riot

Summary: The recent denial-of-service attacks on MasterCard and PayPal may be a mere taste of what is to come, says Rik Ferguson

TOPICS: Government, Security

The online attacks on MasterCard and PayPal attributed to the Anonymous activist group could be a portent of more serious developments. In fact, we could soon see the first global digital riot, says Rik Ferguson.

Is this is the new revolution? Are online protests happening on a huge scale, involving tens of thousands of volunteers? I am talking about the actions taken by Anonymous, the loose online collective and its growing army of hangers-on and coattail-riders.

Something that began on message boards such as the infamous 4chan, for the purposes of attacking the Church of Scientology, has with generous media coverage evolved into a bigger deal. Tens of thousands of volunteers are downloading tools that enable them to participate in the global assault on businesses with which they feel personally aggrieved.

The latest version of this tool includes functionality that means the user can hand of control of their weaponised computer to a central authority to direct and control the attacks.

In addition to the Low Orbit Ion Cannon, or Loic, other variants are being developed and released, including JS-Loic, a JavaScript version; a completely rewritten version called Loic-2, which supports alternative command-and-control methods such as RSS, Twitter and Facebook; and the Hoic and Goic versions that support more sophisticated attack methods, designed for simultaneous attacks on multiple victims and a plug-in architecture.

Clearly cause for concern
With the right tools it doesn't take more than a couple of hundred well connected hosts to overwhelm most mid-sized web farms. So although the statistics on the real size of these recent attacks are not yet worthy of the "cyberwar" headlines they have attracted, this new trend is clearly cause for concern.

Read this

ITU head: Cyberwar could be 'worse than tsunami'

Hamadoun Toure, the UN agency's secretary-general, has called for a global 'cyber peace treaty' in the context of the 'new world order' of cyberspace

Read more+

These electronic attacks are no different to attacks on physical infrastructure. The attacks are designed to inconvenience and to disrupt; to cause financial impact to the victim and to anyone relying on that victim's services. In the real world we would call such attacks terrorism, and in the digital world, as in meatspace, terrorist attacks are far easier to launch than they are to defend against.

A DDoS attack, despite being nothing new, is still one of the trickiest attacks to mitigate. The resources of the victim are finite, the resources of the attacker, while not limitless, are exponentially greater, especially with a growing army of volunteer zombies.

What does this issue mean to you, me and that shady concept, internet freedom?...

Topics: Government, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • The author is largely exaggerating the number of participants in the DDOS, the effect of the DDOS and the "threat" that this poses in reality.
    In truth the number of participants was below 3000, the effect was that the websites went down only for a few hours without causing any harm to the hardware nor disrupting the targeted businesses in any significant way at all.
    The effect it was aiming for and that it achieved was media attention for the cause of these activists.
    The author has a vested interest to blow this all out of proportion and engage in baseless fear mongering, because he works in the IT security industry and wants to sell his DDOS mitigation solutions to corporations and governments.
  • I second the motion of Eagel6709.

    "These electronic attacks are no different to attacks on physical infrastructure."
    There is a big difference between overloading a server with data or bashing it in with a hammer... True, the first one isn't that healthy for a server and the second is a bit exaggerated, but I think (most) people will get my point...

    To contribute further and confirm to Eagel6709's comment:
    If I am correct, the Author of this article works at Trend Micro: an Anti-virus, anti-spam, etc firm.

    Since WikiLeaks, it seems that a lot of people don't know the difference between a terrorist and a activist/protester anymore. I'm not pro DDOS-activists, but this is just false 'marketing' in my eyes. Shame...
  • Hi both, thanks for reading the article and for commenting, I'd like though to make a couple of points in response to what you have said.

    @ Eagel6709 "The author is largely exaggerating the number of participants in the DDOS, the effect of the DDOS and the "threat" that this poses in reality" - At no point did I make any suggestion as to the amount of participants in this DDoS activity. I opened with the question "Are online protests happening on a huge scale, involving tens of thousands of volunteers?" and later on went on to offer my answer, likening these attacks to the online equivalent of a student sit-in and to rubbish the cyberwar headlines we have seen in relation, hardly exaggerating I hope you'll agree.

    @ g_lam To my mind an electronic attack designed with a specific target in mind with the aim of causing disruption to business and to cash flow is undeniably terrorism. In the same way the terrorist groups in the past have often made it a policy to phone in bomb warnings, ostensibly to attempt to avoid human casualties, their main aim being damage to infrastructure and the ability to carry on "business as usual". Again these particular attacks were successful in that aim, albeit in a limited fashion. To extend your own metaphor if a server comes under continual and sustained DDoS, there is very little difference in end result over hitting it with a hammer, both servers, to all intents and purposes, stop working.

    "a lot of people don't know the difference between a terrorist and a activist/protester anymore" - Surely the only difference is which side of the fence you're on?

    Finally, yes I work for Trend Micro, that is as far as I know no secret. Perhaps you will be more willing to accept my column as simply "comment" if you look at the product portfolio and note that we do not offer any form of DDoS mitigation technology.
  • I am certainly no expert on such things so forgive my ignorance but I have to agree with Rik on at least one point, if a criminal could exploit these software sources then this is very dangerous.
    Again forgive me if I'm talking potential rubbish here but, if a criminal was able to deceive others into joining him in some kind of on-line crusade and if he was in some way able to take control of the LOIC, etc, software, then could he not simply point all of these innocent protesters synchronised attacks at any site he wanted to? Perhaps in order to allow some kind of backdoor/exception attack? A bank for instance?
    I'm not against protesting and am not entirely against these types of protest but there is always someone out there with an agenda who might be able to convince others to join them and hoodwink them in the process!
  • ZD is exactly what WikiLeaks is not: a protector of the status quo. Mr. Ferguson appears to be just like all the rest of the sock puppets from this website. Just more BS from self appointed keepers of the news. Why not poll the 600,000 people who signed the petition to free Julian Assange? That reveals a lot more about public sentiment than your self serving opinions. Try a freedom of the press tack next time.
  • re: Mr Ferguson's "comments"
    comments they may be but you have a forum and much larger audience with which to spread them than anyone commenting so far. some people may actually believe your BS ideas which quietly add fodder to the sham case of "terrorism" the US government is trying to build against assange. if you are even remotely aware of the double standard our government uses to justify some of the actions they take to shut down privacy and freedom you certainly do not reveal it. perhaps you should concentrate on the unassailable proof of government lies instead.
  • @dixienormous

    Rik Ferguson is a real person with a real job and a real life. You are an anonymous coward with a childishly crude "handle". You surely see the irony of calling him a "sock puppet"....
    Jack Schofield
  • It is not possible to use this software in anyway
    to download information from a Bank or any other things,
    if this was possible why isn't it happening?
    and the group of hackers have a website where they set up thse attacks
    and people get to vote on them this isn't just random hacking/ddosing
  • Hi,

    @rikferguson: My sincere appologies, disrupting specific targets like u said can indeed be labelled as terrorism. But I (or maybe: want to) believe that most participating people in the wikileaks-related DDOS-attacks do this as a form of protest, showing their dissaproval of how this WikiLeaks situation is handled by the (US) authorities. And if that's the case, most of those people don't realise the full consequenses of their action's (something that humankind in general is lacking). Maybe that's the reason I was a bit irked by you calling all those people terrorists while most of them do it out of protest, not fully understanding what they where doing.

    And of course, while most do it out of protest, there are some who are intelligent enough to use that to their (personal) interest. I know I'm speculating like a mad man now but after a bit more thinking I must agree that there is indeed a reason for concern.

    Also my apologies for labeling this as 'false marketing', that was uncalled for. I shall put more care in evaluating an article before submitting a comment.
  • These DDoS can in no way be compared to terrorism. A sit-in protest (if it's for political reasons and no money is demanded) or blackmail (if money is demanded) are the only accurate comparisons. Vandalism could be a valid comparison if damage to property arises as a result.

    The key defining point of terrorism in my mind is the threat to life and limb. Otherwise it could also be applied where *significant* physical damage occurs to national infrastructure (with there is an potential threat to life and limb, if not actual or intended). It is specious and dangerous to call this terrorism. First, where is the terror? Second, it's dangerous to lump legitimate protesters or those who, despite using civil disobedience as part of their arsenal have good intentions in mind, in with actual terrorists out to cause real harm. The comparison allows repressive governments to come down on protesters and dissenters with significantly harsher penalties and restrictions on civil liberties and has the intentional psychological effect of dissuading many others from protesting and dissenting when they see wrongdoing in government or in corporations.

    I hope people will, once and for all, stop equating the act of preventing a few people accessing a website for a few hours with people who actually want to maim, kill and explode bombs on and around people. It's plainly ridiculous. Those who do it just become, willingly or unwillingly, stooges for repressive authoritarian governments and corrupt corporations.
  • They are being arrested for running a program on their computer that mimics pressing the "refresh" button on a browser over and over - and no faster than what you can do with your finger. It only automates the process (and poorly; it's arguably more effective to click it manually). It seems to me dishonest to call this a DDoS, which is traditionally executed using a botnet made up of 'zombie' computers. Their targets were isolated to the public storefronts of each organization and they in no way disrupted business activities or services. The 'Low Orbit Ion Cannon' application they used does nothing but load a target web page over and over. This is not complicated or require a high degree of technical understanding, yet there seems to be something about it that prevents people from speaking about the reality of it in plainly spoken and simple language.

    This is happening to kids who ran a poorly written program that automates pressing the refresh button on a browser? FBI raids? Meanwhile, the media is lazy enough to copy+paste government press releases - a fact difficult to ignore while they use the same blocks of text and ridiculous terminology to describe the situation.

    Is there anyone left who has the power to be heard and sane enough to recognize this absurdity and say something? These poor kids are being compared to terrorists. Strange world we live in - be careful with that 'Refresh' button on your browser, folks!
  • You're right, fredwillcutt, and I apologise for using the term DDoS in my post. I usually make a string point of saying only DoS in this kind of case but this time I unintentionally used the misleading term. Thank you for pointing this out.
  • Good story.

    I've been shut out of my class by sit-ins. It was my loss. I was not able to get a refund.
    I have to drive a 30 mile round trip to access the 'Net for a short time. If I'm shut out by protesters, it is my loss. So much for it harms no one. Thanks guys. Are any of you willing to set up a paypal account and send me travel and time money? Note that I'm deaf and the 'Net is usually my ONLY way of communication. Or are you willing to build a tower to reach my small hamlet?

    I care for free speech, but why do some think that standing in my face and forcing it down my throat is what free speech is? May I protest by finding out where your connection is and hit it with a numerous requests? Suddenly your tune will change. Be honest.

    The story has a good point. What do we do when people decide that they may trample others. Gov't or individuals--it doesn't matter.

    But, you know, the replies here ARE free speech, aren't they?

    Give the kiddies a good fine, take their computers, and tell 'em to grow up.
  • "These electronic attacks are no different to attacks on physical infrastructure. The attacks are designed to inconvenience and to disrupt; to cause financial impact to the victim and to anyone relying on that victim's services. In the real world we would call such attacks terrorism, and in the digital world, as in meatspace, terrorist attacks are far easier to launch than they are to defend against. "

    This is hyperbole that spoils what is otherwise, by and large, a well written, thought provoking article.

    If large, but peaceful and lawful, public demonstrations against the venality of bankers in the City of London were to cause by blocking the streets for the day considerable inconvenience to all who worked in the City of London, would it follow that the bankers were the innocent victims of a terrorist mob? Hardly. Peaceful and lawful activities that caused inconvenience to the life of those who work in the City for the day - couriers, people coming and going from work and appointments and the like - hardly constitutes terrorism.

    As Ferguson points out elsewhere in his piece, Denial of Service attacks are currently akin to a Student Sit-in. Increase the magnitude therefore and perhaps you have then the equivalent of a national day of disobedience. You don't have the equivalent of the IRA detonating their bomb at Enniskillen on 8 November 1987.

    Further, since Ferguson chooses to introduce the now tediously all too familiar slur of "terrorism" to describe conduct that is nothing of the sort, let me remind Ferguson that the prototype Terrorists of modern times were senior government officials, members of the Jacobins and their initial allies the Enrages, who together with the Paris Mob, the Sans-culottes, drove The Terror that began in the summer of 1793.

    The Terror, an artefact of the overthrow of the old order by the new in Revolutionary France, was a Government initiative began by the likes of Jacques Roux and Jacques Hébert, leaders of the Enrages faction, closely allied at first to the Jacobins, to overthrow their mutual opponents within the Revolutionary Government, the Girondins. On 27 July 1793, Robespierre joined the Committee of Public Safety and added his weight to The Terror. The Terror lasted from 27 June 1793 – 27 July 1794 and eventually consumed even its own.

    True Terror is always an instrument of government, and of its cowardly functionaries and fellow travellers. This is because only governments are truly powerful enough to terrorise their citizens. Thus think of Nazi Germany. Think of Stalin's Soviet Union. In a western democracy where the rule of law still held, think of the rabid self-promoter and self-styled anti-communist Joseph McCarthy, U.S. Senator, 1908–1957 who while he headed up the powerful Senate Committee on Government Operations (which included the Senate Permanent Subcommittee on Investigations) was an example of a US terrorist. And McCarthy was a terrorist because, with the powerful backing and approval of most of the US Irish-American Roman Catholic community who constituted 20% of the US population, McCarthy terrorised people whom McCarthy alleged were communists – in many cases ruining their lives.

    When I was growing up, and the IRA was setting off bombs in London and Belfast, and shooting soldiers in Northern Ireland, we used to refer to the IRA exactly as they were: as bombers and gunmen. We didn’t need to use the word “terrorist” to describe the IRA because neither we nor anyone else, in mainland UK at least, were terrified by the IRA. That is the IRA failed to terrorise us. And since in those days we didn’t just go along unthinkingly with the latest propaganda release from our elected overlords we didn’t call the IRA terrorists.

    Crackers who crack into websites and steal our credit card details are undoubtedly a royal pain in the backside. But they are common thieves – not terrorists. Those who publicly demonstrate and curtail public or private services for a day or two may or may not inconvenience the rest of us directly. Again that does not render such demonstrators and curtailers of services into terrorists - nor those organisations they target their "victims". Those who publicly demonstrate online using Denial of Service attacks on web servers and curtail public or private services for a day or two may or may not inconvenience the rest of us directly. Again it does not follow that the demonstrators are terrorists nor those organisations they target their "victims". This habit in the mainstream media of referring to all and sundry targets as “victims” is another example of taking the culture of the victim too far.

    I’m going to continue to reserve the term TERRORIST for those who really deserve it - those governments and their paid public officials, functionaries and stooges who engage in the use of terror to try to intimidate their entire populations and cow them into abject silence. Hence the illegal military regime in Burma are terrorists; the thugs running the Russian Federation are terrorists; the goons running the PRC are terrorists. Compared to these latter very powerful and dangerous sociopaths who murder and imprison their citizens, those members of Anonymous who disrupt PayPal services and the like for a few hours are innocent babes in arms.
  • Hear, hear fredwillcutt (00.53 29 Jan 2011)! You and authentictech (18.12 28 Jan and 08.25 29 Jan) both make excellent points.
  • I'm not positve but, I think that when someone is the cause of this type of interfernce with a legal business it that is the same as taking it hostage for your purpose. They can don't nothing untill they are allowed to do it again. They are locked down or locked up....that means they are your hostage for ever how long you keep up the programs. That sure sound illegal to me.....if I were taken hostage I woud be upset and have someone arrested too. But maybe I'm just too logical and literal....that's just me.
  • I just ask myself if the leadership behind Anonymous is not working in a big plot of net control using a scheme of social engineering. Not that I believe in every conspiracy theory, but I rarelly dout that it can be true, too.
  • Thank you, Colenso. May I also say that your comment was interesting, enlightening and pointed.

    I feel the need to make my point again more succinctly - the defining component of terrorism is "terror" (obvious really).

    If "designed to inconvenience and to disrupt; to cause financial impact to the victim and to anyone relying on that victim's services" were the defining components of terrorist then nearly ALL protests could be redefined as terrorism. Protests are, by nature, designed to inconvenience and disrupt to some extent because they are intended to get notice (with loss of finance either a primary goal or a by-product). If we ever allow ourselves to get to the point where this is called terrorism we are in BIG TROUBLE!
  • No, in the real world we would call this a blockade or a picket line. Those of us who live in the real world are sick of sensationalized 'terrorist' rubbish spread by the media and used by the government to erode our basic freedoms.
  • Fredwillcutt, it is a DDoS, since it's a distributed attack. Also, hitting refresh for your browser isn't completing the three way handshake. LOIC is introducing a syn flood & doesn't give a poo about seeing a syn ack.

    Now let's say your web server farm can support 100,000 simultaneous connections, with 1Gb of available bandwidth & a 5 min connection timeout setting. How does your ecommerce business handle 2GB of nothing but syn traffic, non-stop for a week our two? You were just hit in the pocket book right or do you inconvenience your customers and make them phone in their orders?

    Malicious intent, is just that, whether it's flying planes into buildings or trying to take out companies by destroying the paths needed to generate revenue. I don't agree with the way the US government is slandering/persecuting Americas' misguided youth, but I'm not the HMFIC of the FBI/CIA.