Anonymous and DDoS: I predict a riot
Summary: The recent denial-of-service attacks on MasterCard and PayPal may be a mere taste of what is to come, says Rik Ferguson
The online attacks on MasterCard and PayPal attributed to the Anonymous activist group could be a portent of more serious developments. In fact, we could soon see the first global digital riot, says Rik Ferguson.
Is this is the new revolution? Are online protests happening on a huge scale, involving tens of thousands of volunteers? I am talking about the actions taken by Anonymous, the loose online collective and its growing army of hangers-on and coattail-riders.
Something that began on message boards such as the infamous 4chan, for the purposes of attacking the Church of Scientology, has with generous media coverage evolved into a bigger deal. Tens of thousands of volunteers are downloading tools that enable them to participate in the global assault on businesses with which they feel personally aggrieved.
The latest version of this tool includes functionality that means the user can hand of control of their weaponised computer to a central authority to direct and control the attacks.
In addition to the Low Orbit Ion Cannon, or Loic, other variants are being developed and released, including JS-Loic, a JavaScript version; a completely rewritten version called Loic-2, which supports alternative command-and-control methods such as RSS, Twitter and Facebook; and the Hoic and Goic versions that support more sophisticated attack methods, designed for simultaneous attacks on multiple victims and a plug-in architecture.
Clearly cause for concern
With the right tools it doesn't take more than a couple of hundred well connected hosts to overwhelm most mid-sized web farms. So although the statistics on the real size of these recent attacks are not yet worthy of the "cyberwar" headlines they have attracted, this new trend is clearly cause for concern.
Read this
ITU head: Cyberwar could be 'worse than tsunami'
Hamadoun Toure, the UN agency's secretary-general, has called for a global 'cyber peace treaty' in the context of the 'new world order' of cyberspace
These electronic attacks are no different to attacks on physical infrastructure. The attacks are designed to inconvenience and to disrupt; to cause financial impact to the victim and to anyone relying on that victim's services. In the real world we would call such attacks terrorism, and in the digital world, as in meatspace, terrorist attacks are far easier to launch than they are to defend against.
A DDoS attack, despite being nothing new, is still one of the trickiest attacks to mitigate. The resources of the victim are finite, the resources of the attacker, while not limitless, are exponentially greater, especially with a growing army of volunteer zombies.
What does this issue mean to you, me and that shady concept, internet freedom?...
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
In truth the number of participants was below 3000, the effect was that the websites went down only for a few hours without causing any harm to the hardware nor disrupting the targeted businesses in any significant way at all.
The effect it was aiming for and that it achieved was media attention for the cause of these activists.
The author has a vested interest to blow this all out of proportion and engage in baseless fear mongering, because he works in the IT security industry and wants to sell his DDOS mitigation solutions to corporations and governments.
"These electronic attacks are no different to attacks on physical infrastructure."
There is a big difference between overloading a server with data or bashing it in with a hammer... True, the first one isn't that healthy for a server and the second is a bit exaggerated, but I think (most) people will get my point...
To contribute further and confirm to Eagel6709's comment:
If I am correct, the Author of this article works at Trend Micro: an Anti-virus, anti-spam, etc firm.
Since WikiLeaks, it seems that a lot of people don't know the difference between a terrorist and a activist/protester anymore. I'm not pro DDOS-activists, but this is just false 'marketing' in my eyes. Shame...
@ Eagel6709 "The author is largely exaggerating the number of participants in the DDOS, the effect of the DDOS and the "threat" that this poses in reality" - At no point did I make any suggestion as to the amount of participants in this DDoS activity. I opened with the question "Are online protests happening on a huge scale, involving tens of thousands of volunteers?" and later on went on to offer my answer, likening these attacks to the online equivalent of a student sit-in and to rubbish the cyberwar headlines we have seen in relation, hardly exaggerating I hope you'll agree.
@ g_lam To my mind an electronic attack designed with a specific target in mind with the aim of causing disruption to business and to cash flow is undeniably terrorism. In the same way the terrorist groups in the past have often made it a policy to phone in bomb warnings, ostensibly to attempt to avoid human casualties, their main aim being damage to infrastructure and the ability to carry on "business as usual". Again these particular attacks were successful in that aim, albeit in a limited fashion. To extend your own metaphor if a server comes under continual and sustained DDoS, there is very little difference in end result over hitting it with a hammer, both servers, to all intents and purposes, stop working.
"a lot of people don't know the difference between a terrorist and a activist/protester anymore" - Surely the only difference is which side of the fence you're on?
Finally, yes I work for Trend Micro, that is as far as I know no secret. Perhaps you will be more willing to accept my column as simply "comment" if you look at the product portfolio and note that we do not offer any form of DDoS mitigation technology.
Again forgive me if I'm talking potential rubbish here but, if a criminal was able to deceive others into joining him in some kind of on-line crusade and if he was in some way able to take control of the LOIC, etc, software, then could he not simply point all of these innocent protesters synchronised attacks at any site he wanted to? Perhaps in order to allow some kind of backdoor/exception attack? A bank for instance?
I'm not against protesting and am not entirely against these types of protest but there is always someone out there with an agenda who might be able to convince others to join them and hoodwink them in the process!
Cheers
Russ
comments they may be but you have a forum and much larger audience with which to spread them than anyone commenting so far. some people may actually believe your BS ideas which quietly add fodder to the sham case of "terrorism" the US government is trying to build against assange. if you are even remotely aware of the double standard our government uses to justify some of the actions they take to shut down privacy and freedom you certainly do not reveal it. perhaps you should concentrate on the unassailable proof of government lies instead.
Rik Ferguson is a real person with a real job and a real life. You are an anonymous coward with a childishly crude "handle". You surely see the irony of calling him a "sock puppet"....
to download information from a Bank or any other things,
if this was possible why isn't it happening?
and the group of hackers have a website where they set up thse attacks
and people get to vote on them this isn't just random hacking/ddosing
@rikferguson: My sincere appologies, disrupting specific targets like u said can indeed be labelled as terrorism. But I (or maybe: want to) believe that most participating people in the wikileaks-related DDOS-attacks do this as a form of protest, showing their dissaproval of how this WikiLeaks situation is handled by the (US) authorities. And if that's the case, most of those people don't realise the full consequenses of their action's (something that humankind in general is lacking). Maybe that's the reason I was a bit irked by you calling all those people terrorists while most of them do it out of protest, not fully understanding what they where doing.
And of course, while most do it out of protest, there are some who are intelligent enough to use that to their (personal) interest. I know I'm speculating like a mad man now but after a bit more thinking I must agree that there is indeed a reason for concern.
Also my apologies for labeling this as 'false marketing', that was uncalled for. I shall put more care in evaluating an article before submitting a comment.
The key defining point of terrorism in my mind is the threat to life and limb. Otherwise it could also be applied where *significant* physical damage occurs to national infrastructure (with there is an potential threat to life and limb, if not actual or intended). It is specious and dangerous to call this terrorism. First, where is the terror? Second, it's dangerous to lump legitimate protesters or those who, despite using civil disobedience as part of their arsenal have good intentions in mind, in with actual terrorists out to cause real harm. The comparison allows repressive governments to come down on protesters and dissenters with significantly harsher penalties and restrictions on civil liberties and has the intentional psychological effect of dissuading many others from protesting and dissenting when they see wrongdoing in government or in corporations.
I hope people will, once and for all, stop equating the act of preventing a few people accessing a website for a few hours with people who actually want to maim, kill and explode bombs on and around people. It's plainly ridiculous. Those who do it just become, willingly or unwillingly, stooges for repressive authoritarian governments and corrupt corporations.
This is happening to kids who ran a poorly written program that automates pressing the refresh button on a browser? FBI raids? Meanwhile, the media is lazy enough to copy+paste government press releases - a fact difficult to ignore while they use the same blocks of text and ridiculous terminology to describe the situation.
Is there anyone left who has the power to be heard and sane enough to recognize this absurdity and say something? These poor kids are being compared to terrorists. Strange world we live in - be careful with that 'Refresh' button on your browser, folks!
I've been shut out of my class by sit-ins. It was my loss. I was not able to get a refund.
I have to drive a 30 mile round trip to access the 'Net for a short time. If I'm shut out by protesters, it is my loss. So much for it harms no one. Thanks guys. Are any of you willing to set up a paypal account and send me travel and time money? Note that I'm deaf and the 'Net is usually my ONLY way of communication. Or are you willing to build a tower to reach my small hamlet?
I care for free speech, but why do some think that standing in my face and forcing it down my throat is what free speech is? May I protest by finding out where your connection is and hit it with a numerous requests? Suddenly your tune will change. Be honest.
The story has a good point. What do we do when people decide that they may trample others. Gov't or individuals--it doesn't matter.
But, you know, the replies here ARE free speech, aren't they?
Give the kiddies a good fine, take their computers, and tell 'em to grow up.
This is hyperbole that spoils what is otherwise, by and large, a well written, thought provoking article.
If large, but peaceful and lawful, public demonstrations against the venality of bankers in the City of London were to cause by blocking the streets for the day considerable inconvenience to all who worked in the City of London, would it follow that the bankers were the innocent victims of a terrorist mob? Hardly. Peaceful and lawful activities that caused inconvenience to the life of those who work in the City for the day - couriers, people coming and going from work and appointments and the like - hardly constitutes terrorism.
As Ferguson points out elsewhere in his piece, Denial of Service attacks are currently akin to a Student Sit-in. Increase the magnitude therefore and perhaps you have then the equivalent of a national day of disobedience. You don't have the equivalent of the IRA detonating their bomb at Enniskillen on 8 November 1987.
Further, since Ferguson chooses to introduce the now tediously all too familiar slur of "terrorism" to describe conduct that is nothing of the sort, let me remind Ferguson that the prototype Terrorists of modern times were senior government officials, members of the Jacobins and their initial allies the Enrages, who together with the Paris Mob, the Sans-culottes, drove The Terror that began in the summer of 1793.
The Terror, an artefact of the overthrow of the old order by the new in Revolutionary France, was a Government initiative began by the likes of Jacques Roux and Jacques Hébert, leaders of the Enrages faction, closely allied at first to the Jacobins, to overthrow their mutual opponents within the Revolutionary Government, the Girondins. On 27 July 1793, Robespierre joined the Committee of Public Safety and added his weight to The Terror. The Terror lasted from 27 June 1793 – 27 July 1794 and eventually consumed even its own.
True Terror is always an instrument of government, and of its cowardly functionaries and fellow travellers. This is because only governments are truly powerful enough to terrorise their citizens. Thus think of Nazi Germany. Think of Stalin's Soviet Union. In a western democracy where the rule of law still held, think of the rabid self-promoter and self-styled anti-communist Joseph McCarthy, U.S. Senator, 1908–1957 who while he headed up the powerful Senate Committee on Government Operations (which included the Senate Permanent Subcommittee on Investigations) was an example of a US terrorist. And McCarthy was a terrorist because, with the powerful backing and approval of most of the US Irish-American Roman Catholic community who constituted 20% of the US population, McCarthy terrorised people whom McCarthy alleged were communists – in many cases ruining their lives.
When I was growing up, and the IRA was setting off bombs in London and Belfast, and shooting soldiers in Northern Ireland, we used to refer to the IRA exactly as they were: as bombers and gunmen. We didn’t need to use the word “terrorist” to describe the IRA because neither we nor anyone else, in mainland UK at least, were terrified by the IRA. That is the IRA failed to terrorise us. And since in those days we didn’t just go along unthinkingly with the latest propaganda release from our elected overlords we didn’t call the IRA terrorists.
Crackers who crack into websites and steal our credit card details are undoubtedly a royal pain in the backside. But they are common thieves – not terrorists. Those who publicly demonstrate and curtail public or private services for a day or two may or may not inconvenience the rest of us directly. Again that does not render such demonstrators and curtailers of services into terrorists - nor those organisations they target their "victims". Those who publicly demonstrate online using Denial of Service attacks on web servers and curtail public or private services for a day or two may or may not inconvenience the rest of us directly. Again it does not follow that the demonstrators are terrorists nor those organisations they target their "victims". This habit in the mainstream media of referring to all and sundry targets as “victims” is another example of taking the culture of the victim too far.
I’m going to continue to reserve the term TERRORIST for those who really deserve it - those governments and their paid public officials, functionaries and stooges who engage in the use of terror to try to intimidate their entire populations and cow them into abject silence. Hence the illegal military regime in Burma are terrorists; the thugs running the Russian Federation are terrorists; the goons running the PRC are terrorists. Compared to these latter very powerful and dangerous sociopaths who murder and imprison their citizens, those members of Anonymous who disrupt PayPal services and the like for a few hours are innocent babes in arms.
I feel the need to make my point again more succinctly - the defining component of terrorism is "terror" (obvious really).
If "designed to inconvenience and to disrupt; to cause financial impact to the victim and to anyone relying on that victim's services" were the defining components of terrorist then nearly ALL protests could be redefined as terrorism. Protests are, by nature, designed to inconvenience and disrupt to some extent because they are intended to get notice (with loss of finance either a primary goal or a by-product). If we ever allow ourselves to get to the point where this is called terrorism we are in BIG TROUBLE!
Now let's say your web server farm can support 100,000 simultaneous connections, with 1Gb of available bandwidth & a 5 min connection timeout setting. How does your ecommerce business handle 2GB of nothing but syn traffic, non-stop for a week our two? You were just hit in the pocket book right or do you inconvenience your customers and make them phone in their orders?
Malicious intent, is just that, whether it's flying planes into buildings or trying to take out companies by destroying the paths needed to generate revenue. I don't agree with the way the US government is slandering/persecuting Americas' misguided youth, but I'm not the HMFIC of the FBI/CIA.