Anonymous and DDoS: I predict a riot

Summary:The recent denial-of-service attacks on MasterCard and PayPal may be a mere taste of what is to come, says Rik Ferguson

The online attacks on MasterCard and PayPal attributed to the Anonymous activist group could be a portent of more serious developments. In fact, we could soon see the first global digital riot, says Rik Ferguson.

Is this is the new revolution? Are online protests happening on a huge scale, involving tens of thousands of volunteers? I am talking about the actions taken by Anonymous, the loose online collective and its growing army of hangers-on and coattail-riders.

Something that began on message boards such as the infamous 4chan, for the purposes of attacking the Church of Scientology, has with generous media coverage evolved into a bigger deal. Tens of thousands of volunteers are downloading tools that enable them to participate in the global assault on businesses with which they feel personally aggrieved.

The latest version of this tool includes functionality that means the user can hand of control of their weaponised computer to a central authority to direct and control the attacks.

In addition to the Low Orbit Ion Cannon, or Loic, other variants are being developed and released, including JS-Loic, a JavaScript version; a completely rewritten version called Loic-2, which supports alternative command-and-control methods such as RSS, Twitter and Facebook; and the Hoic and Goic versions that support more sophisticated attack methods, designed for simultaneous attacks on multiple victims and a plug-in architecture.

Clearly cause for concern
With the right tools it doesn't take more than a couple of hundred well connected hosts to overwhelm most mid-sized web farms. So although the statistics on the real size of these recent attacks are not yet worthy of the "cyberwar" headlines they have attracted, this new trend is clearly cause for concern.

These electronic attacks are no different to attacks on physical infrastructure. The attacks are designed to inconvenience and to disrupt; to cause financial impact to the victim and to anyone relying on that victim's services. In the real world we would call such attacks terrorism, and in the digital world, as in meatspace, terrorist attacks are far easier to launch than they are to defend against.

A DDoS attack, despite being nothing new, is still one of the trickiest attacks to mitigate. The resources of the victim are finite, the resources of the attacker, while not limitless, are exponentially greater, especially with a growing army of volunteer zombies.

What does this issue mean to you, me and that shady concept, internet freedom?...

Topics: Government, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.