How Anonymous took down the DoJ, RIAA, MPAA and Universal Music Websites

How Anonymous took down the DoJ, RIAA, MPAA and Universal Music Websites

Summary: Anonymous, the Internet-based hacker and protest group, did it with a distributed denial of service attack, here's how they did it.

SHARE:
TOPICS: Security, Browser
27

Who is behind the Anonymous DDOS attack? Maybe you.

Who's behind the Anonymous DDoS attack? Maybe you.

When the U.S. Department of Justice working in conjunction with New Zealand's law enforcement agencies took down the popular file-storage and sharing site Megaupload and arrested its executives, they never counted on the Internet-based hacker and protest group, Anonymous, attacking the Department of Justice (DoJ), Recording Industry Association of America (RIAA), Motion Picture Association of America (MPAA), Universal Music, and other Websites. And, they certainly didn't expect for many of these sites to be taken down by this assault.

Anonymous declared this attack was being made in reaction to Megaupload being taken down. The loosely knit group also said that this was its "largest attack ever, crippling government and music industry sites. Hacktivists with the collective Anonymous are waging an attack on the website for the White House after successfully breaking the sites for the Department of Justice, Universal Music Group, RIAA and Motion Picture Association of America."

In the event, the White House's site never went down. At this time, 11:30 AM EST, January 20th, the Universal Music site is still off the air but the others are back up.

The group managed this by the use of a Distributed Denial of Service (DDoS) attack. Specifically, Anonymous is using their old favorite DDoS tool: Low Orbit Ion Cannon (LOIC).

There's nothing subtle about the open-source LOIC attack tool. It's a brute-force site-smashing program. All it does is crank out multiple simultaneous requests to the site that it's attacking for a Web page that's unlikely to exist. Individually such request is harmless, but when there are tens or hundreds of thousands of simultaneous requests, even the biggest Web server farms will break.

To co-ordinate these attacks for maximum damage, LOIC uses a "Hivemind" feature. What this means is that while you're running LOIC you can allow someone on an Internet Relay Chat (IRC) or other online communication service, such as Twitter, to direct your PC's LOIC attack on its designated target. This gives Anonymous the sheer volume of traffic it needs to knock off major Websites.

There are ways to defend against most DDoS attacks that target network protocol weaknesses. Sadly, against attacks like LOIC that rely on nothing fancier than over-running your site there's little you can do except add more bandwidth, more Web servers, and use lightweight Web servers such as NGINX that can handle heavy laws-and then pray that's it's enough.

One thing that struck me odd about this particular attack though was how successful it was. After all the MPAA and RIAA are often targeted by DDoS attacks. Heck, they're the poster-children for DDoS attacks. So, why was this one so successful?

Someone, perhaps Anonymous, but there's no proof of their responsibility, has been spamming a message about Anonymous and/or Megaupload and a link to a Web site on Twitter and IRC rooms. If you click on the link you'll find that you've opened a Web browser window to a site that invites you to "Join the hive!" It's not actually asking you to join the attack though. Once you've on the page, your PC will be used in the DDoS attack. So long as you're on the page, your Web browser will continue to hammer the selected target site. When I tried it, the DoJ site was being attacked.

The DDoS attack Web page at work. Note the targetted site in the lower right corner.

The DDoS attack Web page at work.

With this, many unwitting people are joining in on a DDoS attack without even realizing it. This, in turn, gives the attack even more force and may help explain why the MPAA and RIAA sites went under.

While DDoS attacks have long relied on Windows botnets to mass their virtual troops, this Website-based approach represents a new wrinkle on co-coordinating DDoS attacks. Given how effective Anonymous and its "allies" have been with this attack. I expect we'll see this method used again... soon. There's every reason to believe that Anonymous will be continuing its Megaupload protest DDoS attacks.

Anonymous mask image by Domenico / Kiuz, CC 2.0.

Related Stories:

Anonymous hacks DOJ, RIAA, MPAA and Universal Music websites

Megaupload assembles worldwide criminal defense

FBI charges Megaupload operators with piracy crimes

How to try to stop DDoS Attacks

DDoS: How to take down WikiLeaks, MasterCard or any other Web site

Topics: Security, Browser

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

27 comments
Log in or register to join the discussion
  • Yawn.

    Yawn. Cowards ohhhhh they took down some web sites, ya thats real brave of them.
    Stan57
    • RE: How Anonymous took down the DoJ, RIAA, MPAA and Universal Music Websites

      @Stan57

      It's the REASON they took the sites down that counts, not the fact that they did take the sites down. And if you use the internet at all you SHOULD be against SOPA and PIPA.
      benched42
      • So they took down the sites because the property's owners

        @benched42
        are against people pirating and giving their products away for free?
        William Farrel
      • RE: How Anonymous took down the DoJ, RIAA, MPAA and Universal Music Websites

        @William Farrel<br><br>There are additional factors in this situation that made the situation worse. Megaupload was just the trigger in this case. SOPA/PIPA is partially at fault here, but that goes back to the MPAA/RIAA attempting to bribe politicians in exchange for favors (laws) as usual.
        DonRupertBitByte
      • Agreed!

        @benched42
        bobwatts@...
      • RE: How Anonymous took down the DoJ, RIAA, MPAA and Universal Music Websites

        @benched42 I'm certainly against SOPA/PIPA, but that doesn't mean I endorse these kind of tactics, sorry.
        CobraA1
  • Now they don't need Windows botnets to take down sites

    they've switched to Linux botnets.

    That is what SJVN was saying. And how's that a good thing for Linux?
    William Farrel
    • they've switched to Linux botnets.

      @William Farrel

      Where did he mention that? or are you just upset over windows botnets so you thought you would try and spread some FUD on Linux?
      guzz46
    • RE: How Anonymous took down the DoJ, RIAA, MPAA and Universal Music Websites

      @William Farrel Cluelessly trolling again, William?<br>1) Like guzz46 says, no Linux botnets involved, cause there aren't any. I think Windows has 100% of that market. Lucky for us, too, cause a Linux botnet would be to a Windows botnet as a cannon is to a peashooter.<br>2) SOPA and PIPA give the recording industry absolute power to control U.S. access to the internet. A single e-mail from the RIAA to the DOJ and access to thousands web sites is cut. No court order, or evidence, required. SOPA + PIPA = America: the new China.
      anothercanuck
      • RE: How Anonymous took down the DoJ, RIAA, MPAA and Universal Music Websites

        @anothercanuck He was being sarcastic, because SJVN is a rabid Linux fanboy and hater of all things Microsoft. Every article he writes here is either pro-Linux or anti-Microsoft.

        Again, he was using sarcasm to make a joke.
        jhammackHTH
      • RE: How Anonymous took down the DoJ, RIAA, MPAA and Universal Music Websites

        @anothercanuck: Also no windows botnets involved here, either. That was old school and your lovely Linux system, which can most certainly be compromised (if you don't know how, you will not even understand the answer) can also be part of the scam... it works with all browsers and operating systems (or had you missed that fact in the articles explanation?). Heh... Linux versus Windows... both written in C and full of cruft and sputz.
        RyuDarragh
  • RE: How Anonymous took down the DoJ, RIAA, MPAA and Universal Music Websites

    So, I'm certainly not a proponent of SOPA or PIPA, but... What is the incentive for artists to continue their craft? What way should they make and protect their intellectual property (sure, if IP isn't in your vocabulary, their hard earned, personal works)? So that others may steal and share at will? Only people that have not created a work of importance would feel nothing about this ingracious indignation. To feel no remorse for copying, or in much more true definition, stealing. To me, republishing someone's heart felt, hard earned works is an act unworthy of any defense. It isn't the government that has pushed to this questionable moment, it is borne of too many people feeling some irrational entitlement to the work of others. Nothing in this world is free, nothing comes easy, and if someone else owns it, it is NOT yours to desseminate freely. If you create something, feel free to give it away. Don't feel entitled to do the same for others' work.

    If we go beyond our own methods of self-governing, then we have no right to expect another entity to not step in and imply governance.
    TechNickle
    • Sopa + pipa + ndaa = attack on Constitution, High Treason and Tyranny!

      @FuzzyBunnySlippers
      The problem is simple: No right is bigger then the ones Constitution Defends.
      Among Those are Freedom of Speech, privacy and so many other basic Human Rights.
      sopa+pipa are Far reaching against the most elementary basic rights.
      sopa + pipa and ndaa, already approved by the president, are today's Nazi + Stalin + North Korea dream in America no more!
      Hitler, Stalin and all those would have not conceived a more drastic law against human Rigths.
      About the attacks, I am not an Anonymous but I sincerely hope they do not stop and intensify until all those absurd Unconstitutional laws are put out for good.
      Also the problem about IP claims can not take Other Individual Personal Freedom rights.
      The music/movie industries do not want to adapt to the internet, that is the problem.
      They shall not do for whatever reason fit their own Private interests, whatever they are, by killing every one Basic Human and Constitutional Rights.
      What if the Horse Chariot builder would complaint against Ford Motor company ?
      By saying people can not go about where they want to unless they buy a Horse Chariot as We (Chariot builders) are loosing profit over to Ford Motor Company ???
      Is the right of the Chariot carrier More important then the Freedom to Choose transportation and freedom of movement from every single American ?
      No. No matter how you look at it the answer is always No.

      If the internet Law Bankrupts all RIAA and movie industry Combined , so be it!
      Wonderful! Let those capable of adapting survive. It is also about basic Capitalism.
      That's what the Constitution of USA says. And I think a lot of people in here sworn over the Constitution, not to politicians in Washington ...
      And yes, you can Lend your Legal copy of music to all your friends that is not illegal.
      Also Distributing music with No Profit is not Piracy!
      The Laws about that subject are completely distorted and made only for the purpose to protect RIAA and friends.
      I think it is time to say enough is enough.

      Regards.
      p_msac@...
    • RE: How Anonymous took down the DoJ, RIAA, MPAA and Universal Music Websites

      @FuzzyBunnySlippers
      "their hard earned, personal works"

      Seriously? Do you realise the rubbish you are stepping in to defend? There is nothing good about 95% of the garbage spewed out by media. Good music is almost a distant memory, replaced by largely manufactured pretty boy/girl bands who have no more artistic talent than the poor beetles they squish while prancing onstage. Films are becoming progressively worse - most are painful. Computer games have also moved more and more toward recycled, repetitive 'story-line' laden bore-fests.

      There are exceptions to the above rule and when you hear/see that gem, you get quite excited, but suffice to say almost all popular TV, games, music and film is definitely NOT providing income to real artists.

      In a hard economic climate I think these industries should expect a slip in income just like everyone else. Instead, they have pursued bullying tactics, which in the course of time have been classified as ILLEGAL (at least in civilised countries), on top of producing crap. I would be happy to see them get some well deserved payback. 'Piracy' has virtually nothing to do with the 'poor' artists income and it never has.
      12312332123
    • RE: How Anonymous took down the DoJ, RIAA, MPAA and Universal Music Websites

      @FuzzyBunnySlippers Man you need to lay off the Flax... it's suffocating your "gimme money" side of your brain! Better yet, stfu with your baloney! This isn't Germany 1941 dude!
      SpankyFrost
  • You're partly right

    @anothercanuck As SJVN stated in the article, botnets do not appear to be involved in this particular DDoS attack. However, Linux botnets do exist. They tend to be comprised of compromised Linux servers. You can take some solace in that there aren't very many Linux botnets and that they are quite small in comparison to their Windows brethren. In addition, compromised Linux servers are favoured for command and control roles in large botnets. Sadly, ZDNet will not allow me to post links to Linux botnet articles. :(

    P.S. 'Compromised' does not necessarily mean 'rooted' as the dirty work can often (not always) be accomplished quite nicely via a non-root account.
    Rabid Howler Monkey
    • RE: How Anonymous took down the DoJ, RIAA, MPAA and Universal Music Websites

      @Rabid Howler Monkey

      Botnets were not needed; just someones believe they are trying to help the cause. Click a link and without out really knowing you were tricked into DDos.
      daikon
      • RE: How Anonymous took down the DoJ, RIAA, MPAA and Universal Music Website

        @daikon Oh, I know (see my first sentence). I couldn't resist responding to anothercanuck's flame that was in response to William Farrel's flame ...
        Rabid Howler Monkey
  • RE: How Anonymous took down the DoJ, RIAA, MPAA and Universal Music Websites

    `If you click on the link you???ll find that you???ve opened a Web browser window to a site that invites you to ???Join the hive!??? It???s not actually asking you to join the attack though. Once you???ve on the page, your PC will be used in the DDoS attack.` - How is it possible without installing the LOIC on the PC? Clicking on the link just sends one request to the server.
    praveensripati@...
    • RE: How Anonymous took down the DoJ, RIAA, MPAA and Universal Music Websites

      @praveensripati@...
      Not sure if you are stating it was done or how it was done.

      Clicking a link was part of the DDOS, lets all it took.
      daikon