Operation 'Avenge Assange': How anonymous is 'Anonymous'?

Operation 'Avenge Assange': How anonymous is 'Anonymous'?

Summary: A report by the University of Twente, Netherlands, proves that 'Anonymous' attackers who hit Visa, Mastercard and PayPal, are not at all anonymous due to the lack of IP-spoofing capabilities in the software used to carry out the attacks.

TOPICS: Security, Networking

A new study by the University of Twente (UT) discovered that those conducting distributed denial-of-service attacks against major organisations, including Mastercard, Visa, and PayPal, though describe themselves as 'Anonymous', they are not in fact anonymous.

The 'Low Orbit Ion Cannon' (LOIC) application used to conduct the distributed denial-of-service attack makes no attempt to block the originating IP address and can unveil the identity of individual attackers, the report says.

Image via Flickr.

One of the attacks originated from a Twitter account, @Anon_Operation which tweeted the link to take out Visa.com. In the short space of time, over 38,000 people accessed the site with the setup utility and instructions, causing the massive attack to cripple the site.

The report summarises its finding by stating that, "It became clear, already with the first analysis, that [LOIC] does not take any precautions to obfuscate the origin of the attack."

Perhaps more worryingly for attackers, the report states quite clearly that the attackers behind the DDoS attacks are vulnerable to detection not only for the duration of the attack, but even longer.

"In this report we present an analysis of the two versions of the tool named LOIC (Low Orbit Ion Cannon, which is used by the hacktivists to perform their attacks. The main conclusion is that the attacks generated by the tool are relatively simple and unveil the identity of the attacker. Therefore, the name of this hacktivists group, "Anonymous", is misleading: the hacktivists' original IP address is shown in clear."

Describing the data that can be retrievedfrom ISP's servers:

"The European directive on "the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks" (Directive 2006/24/EC) reports that, taking into account privacy legislation, telecommunication data must be "retained for periods of not less than six months and not more than two years from the date of the communication".

Such data should be made available 'for the purpose of the investigation, detection and prosecution of serious crime'. This means that data are technically available, but only to public forces in case that they need to undertake an investigation."

One of the snippets from the research shows a Wireshark trace of a LOIC operation, and how simple it is to retrace the steps back to the attacker:

4chan and Anonymous are not mutually exclusive, as Christopher Poole ('moot') explained to me last year:

"'Anonymous' imageboard culture started with 4chan. 'Anonymous' the group traces its roots to 4chan, but splintered off after the whole Scientology thing. 4chan's '/b/' board in relation to 'Anonymous' the group; they aren't the same thing. I can’t speak for the 'Anonymous' group."

As Violet Blue describes it:

"It's important to note that Operation Payback and Anonymous are not the same thing, and they are also not the same as 4chan, nor do they act as Wikileaks or Pirate Bay. This confuses mainstream media, who is used to simple, take-me-to-your-leader answers - but distributed and decentralized are not simple concepts."

So how anonymous are 'Anonymous'? Not very, it seems.

Topics: Security, Networking

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • OK you got an IP, so what?

    Now that IP is shared by countless users behind that NAT firewall, what's your plan now?
    • RE: Operation 'Avenge Assange': How anonymous is 'Anonymous'?

      @cym104 It depends on where you are. In many countries, the person who signed the contract for the connection (with the ISP) is responsible for all traffic that goes through that connection, unless they keep a log of who accessed their LAN and what they did.

      This came about after people started using unsecured Wi-Fi as an excuse for not being liable.

      In Germany, for example, if you run an unprotected Wi-Fi, you are now liable to a statutory fine. Before that, you were considered to be acting as an ISP, if you had an open Wi-Fi and were responsible for all criminal activity on your network, unless you kept a log of who accessed the network, when and what they uploaded / downloaded.

      For a business, they are legally responsible for their network, which is why they generally have policies in place, which restrict the installation of non-approved software, resulting in disciplinary action.

      I've witnessed several people escorted off site, following instant dismissal for misuse of the company network / computing resources.
  • RE: Operation 'Avenge Assange': How anonymous is 'Anonymous'?

    Anyone notice that both the source and destination IP in the graphic are Localhost? WTF? Running Wireshark on his own machine while it's running LOIC?
    • RE: Operation 'Avenge Assange': How anonymous is 'Anonymous'?

      @justthinking Frankly it doesn't make sense to me - I also spotted this - but nevertheless, the image is irrelevant in regard to the wider report.
    • RE: Operation 'Avenge Assange': How anonymous is 'Anonymous'?


      I'm guessing this was just to show an example of what Wireshark would show while running LOIC. I doubt they want to give out actual IP addresses of those involved.
      • And why not? Is not the whole argument here

        that all should be transparent, and that information obtained should be posetd on the web for all to see.

        Why not just post the IP addresses on the Internet for all to see and use at their leisure?
        After all, it would be keeping within the spirit of what these people are "fighting" for?
        Tim Cook
      • RE: Operation 'Avenge Assange': How anonymous is 'Anonymous'?

        @Mister Spock According to the article that is what is happening.
  • And suppose they did collect the names

    of 38,000 people who ran the program. Now what? You going to haul them all in to court and try them all? What, the police and courts have nothing better to do with their already scarce resources? Going to stop investigating robberies and child abuse cases to go after Assange protesters?
    • That is their job, is it not?

      @HollywoodDog, those "protesters" are criminals, and should be prosecuted to the fullest extent of the law, along with Assange himself.
      • RE: Operation 'Avenge Assange': How anonymous is 'Anonymous'?

        @itpro_z Amen!
      • RE: Operation 'Avenge Assange': How anonymous is 'Anonymous'?

        And People who did DDoS on Wikileaks should not?
      • RE: Operation 'Avenge Assange': How anonymous is 'Anonymous'?

        and they should have there court date right AFTER the court date for the perpetrators of the DDoS attacks on the wikileaks website(s).
      • That's their job...

        @ HollywoodDog & @itpro_z

        There are crimes and there are crimes.

        HollywoodDog's examples of robberies and child abuse cases, however important they be, will not be as high on the list as stopping the posting of classified material. The US government has enough operatives to work on Mr Assange's case while simultaneously dealing with robberies and child abuse that falls under federal jurisdiction.
      • No, the DDoS people are protesters

        @itpro_z ... it would be like a large crowd assembling outside a government building and making it hard for the workers to get inside. It's an act of civil disobedience, not of destruction.

        Hearing these voices of authority-worship designating anyone who criticizes the government a terrorist and howling for murdering them is reprehensible. I imagine these folks just haven't sufficiently thought through what they are saying.

        The people who run denial of service attacks against MasterCard, for example, are not terrorists nor are they in any way involved with leaking any information.

        And the US government has enough 'operatives' does it? To gather evidence against, arrest, hold, prosecute, and convict 38,000 kids for running programs on their computers? Have you ever been a part of a criminal investigation, or any investigation?

        Every investigation is a resource issue. The prosecutors have to determine whether a crime has been committed, how serious is the crime, how much money and time will be spent investigating the crime, and what are the odds that the prosecution will succeed.

        If I go to the prosecutor with two cases; one a child abuse case and the other a 16 year old who we think might have run LOIC against MasterCard, the prosecutor is going to take the child abuse case. There is an actual victim in that case, not a corporation who was mildly inconvenienced for a brief period of time.

        I live in a town where in the 60's blacks weren't allowed to eat in whites only restaurants. So the blacks, as a form of protest, went in there and sat down anyway. The police came and put them in jail. More of them went in to the restaurant, and got arrested. Soon the jail was overflowing with people who were in there for the crime of going in to restaurants they weren't supposed to. The city wasn't at all prepared for that number of prisoners, and to prosecute them all would have meant stopping all other business. Then the blacks did this day after day after day. Eventually they gave up and decided to drop the whites-only restriction. That is how civil disobedience works.
      • That's one lame excuse, HollywoodDog: "protestors"

        and the guy in Florida that took over the school board meeting with a gun should be allowed to walk away, as he was just "protesting"?

        You know, it is illegal to bar someone from freely going about their business. You can't detain me from entering my work anymore then you are allowed to detain me from going into my home, so you're argument lost all it's water there.
        John Zern
      • OK John Zern...

        @itpro_z ... then I suppose the black people who went in to whites only restaurants in the 60's and were arrested were just simply criminals, nothing more to it than that. And they should all have been arrested and prosecuted and imprisoned for the crime of going in to the whites only places. And they should be given no sympathy whatsoever because of their criminal actions.

        They should have all sat home and written polite letters to Congress, and watched nothing be done, decade after decade, because civil disobedience is criminal, pure and simple. Right?
      • RE: Operation 'Avenge Assange': How anonymous is 'Anonymous'?


        Sorry to burst your bubble but DDoS particpants are NOT protesters, they're criminals. Regardless of who they target (Wikileaks, Visa/MC, government websites or ISPs with a truly sucky record), they are perpetrating a crime because the intent is revenge, not civil rights.
      • HollywoodDog, then you don't understand

        "civil disobedience" or have decided you have you're own definition of the term.

        if you are being "disobedient", yes you can be thrown in jail, [b]and[/b] fined, the only difference is that you are doing so without damaging property of any sort, still doesn't mean you wern't doing something wrong.

        If you block an ambulance in the course of "civil disobedience", and the person being rushed to the hospital dies because you stopped them from getting medical help in time, you can be responsible, even if all you were doing was an act of "civil disobedience".

        So yes, in the course of an act of "civil disobedience" in which some one [b]purposelly or intentionally[/b] cost another person something of value via a pulic display, they can be held liable, both legally, and in the case of the ambulance, criminally.
        John Zern
      • Oh excuse me Zern,

        @itpro_z ... did the DDoS attacks stop a heart attack patient from processing a payment to the doctors, resulting in his death?

        But yeah, civil disobedience is only so when its practitioners submit to legal consequences. So the government had better drop all its child abuse investigations and start getting all their lawyers ready.
      • No, HD, but what they did was to

        purposelly or intentionally cost another person something of value via a pulic display.<br>The fact that they weren't physically present on site doesn't exclude them from any wrondoing, what they did cost someone something of value.

        So what you're saying is that I can stop you from goinag out your business to the point you lose your job and everything that it pays/buys you, and you're in agreement that there's absolutelly nothing wrong with that, that I'm in the clear?

        John Zern