How Anonymous took down the DoJ, RIAA, MPAA and Universal Music Websites
Summary: Anonymous, the Internet-based hacker and protest group, did it with a distributed denial of service attack, here's how they did it.
Who's behind the Anonymous DDoS attack? Maybe you.
When the U.S. Department of Justice working in conjunction with New Zealand's law enforcement agencies took down the popular file-storage and sharing site Megaupload and arrested its executives, they never counted on the Internet-based hacker and protest group, Anonymous, attacking the Department of Justice (DoJ), Recording Industry Association of America (RIAA), Motion Picture Association of America (MPAA), Universal Music, and other Websites. And, they certainly didn't expect for many of these sites to be taken down by this assault.
Anonymous declared this attack was being made in reaction to Megaupload being taken down. The loosely knit group also said that this was its "largest attack ever, crippling government and music industry sites. Hacktivists with the collective Anonymous are waging an attack on the website for the White House after successfully breaking the sites for the Department of Justice, Universal Music Group, RIAA and Motion Picture Association of America."
In the event, the White House's site never went down. At this time, 11:30 AM EST, January 20th, the Universal Music site is still off the air but the others are back up.
The group managed this by the use of a Distributed Denial of Service (DDoS) attack. Specifically, Anonymous is using their old favorite DDoS tool: Low Orbit Ion Cannon (LOIC).
There's nothing subtle about the open-source LOIC attack tool. It's a brute-force site-smashing program. All it does is crank out multiple simultaneous requests to the site that it's attacking for a Web page that's unlikely to exist. Individually such request is harmless, but when there are tens or hundreds of thousands of simultaneous requests, even the biggest Web server farms will break.
To co-ordinate these attacks for maximum damage, LOIC uses a "Hivemind" feature. What this means is that while you're running LOIC you can allow someone on an Internet Relay Chat (IRC) or other online communication service, such as Twitter, to direct your PC's LOIC attack on its designated target. This gives Anonymous the sheer volume of traffic it needs to knock off major Websites.
There are ways to defend against most DDoS attacks that target network protocol weaknesses. Sadly, against attacks like LOIC that rely on nothing fancier than over-running your site there's little you can do except add more bandwidth, more Web servers, and use lightweight Web servers such as NGINX that can handle heavy laws-and then pray that's it's enough.
One thing that struck me odd about this particular attack though was how successful it was. After all the MPAA and RIAA are often targeted by DDoS attacks. Heck, they're the poster-children for DDoS attacks. So, why was this one so successful?
Someone, perhaps Anonymous, but there's no proof of their responsibility, has been spamming a message about Anonymous and/or Megaupload and a link to a Web site on Twitter and IRC rooms. If you click on the link you'll find that you've opened a Web browser window to a site that invites you to "Join the hive!" It's not actually asking you to join the attack though. Once you've on the page, your PC will be used in the DDoS attack. So long as you're on the page, your Web browser will continue to hammer the selected target site. When I tried it, the DoJ site was being attacked.
The DDoS attack Web page at work.
With this, many unwitting people are joining in on a DDoS attack without even realizing it. This, in turn, gives the attack even more force and may help explain why the MPAA and RIAA sites went under.
While DDoS attacks have long relied on Windows botnets to mass their virtual troops, this Website-based approach represents a new wrinkle on co-coordinating DDoS attacks. Given how effective Anonymous and its "allies" have been with this attack. I expect we'll see this method used again... soon. There's every reason to believe that Anonymous will be continuing its Megaupload protest DDoS attacks.
Anonymous mask image by Domenico / Kiuz, CC 2.0.
Related Stories:
Anonymous hacks DOJ, RIAA, MPAA and Universal Music websites
Megaupload assembles worldwide criminal defense
FBI charges Megaupload operators with piracy crimes
How to try to stop DDoS Attacks
DDoS: How to take down WikiLeaks, MasterCard or any other Web site
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Yawn.
RE: How Anonymous took down the DoJ, RIAA, MPAA and Universal Music Websites
It's the REASON they took the sites down that counts, not the fact that they did take the sites down. And if you use the internet at all you SHOULD be against SOPA and PIPA.
So they took down the sites because the property's owners
are against people pirating and giving their products away for free?
RE: How Anonymous took down the DoJ, RIAA, MPAA and Universal Music Websites
Agreed!
RE: How Anonymous took down the DoJ, RIAA, MPAA and Universal Music Websites
Now they don't need Windows botnets to take down sites
That is what SJVN was saying. And how's that a good thing for Linux?
they've switched to Linux botnets.
Where did he mention that? or are you just upset over windows botnets so you thought you would try and spread some FUD on Linux?
RE: How Anonymous took down the DoJ, RIAA, MPAA and Universal Music Websites
RE: How Anonymous took down the DoJ, RIAA, MPAA and Universal Music Websites
Again, he was using sarcasm to make a joke.
RE: How Anonymous took down the DoJ, RIAA, MPAA and Universal Music Websites
RE: How Anonymous took down the DoJ, RIAA, MPAA and Universal Music Websites
If we go beyond our own methods of self-governing, then we have no right to expect another entity to not step in and imply governance.
Sopa + pipa + ndaa = attack on Constitution, High Treason and Tyranny!
The problem is simple: No right is bigger then the ones Constitution Defends.
Among Those are Freedom of Speech, privacy and so many other basic Human Rights.
sopa+pipa are Far reaching against the most elementary basic rights.
sopa + pipa and ndaa, already approved by the president, are today's Nazi + Stalin + North Korea dream in America no more!
Hitler, Stalin and all those would have not conceived a more drastic law against human Rigths.
About the attacks, I am not an Anonymous but I sincerely hope they do not stop and intensify until all those absurd Unconstitutional laws are put out for good.
Also the problem about IP claims can not take Other Individual Personal Freedom rights.
The music/movie industries do not want to adapt to the internet, that is the problem.
They shall not do for whatever reason fit their own Private interests, whatever they are, by killing every one Basic Human and Constitutional Rights.
What if the Horse Chariot builder would complaint against Ford Motor company ?
By saying people can not go about where they want to unless they buy a Horse Chariot as We (Chariot builders) are loosing profit over to Ford Motor Company ???
Is the right of the Chariot carrier More important then the Freedom to Choose transportation and freedom of movement from every single American ?
No. No matter how you look at it the answer is always No.
If the internet Law Bankrupts all RIAA and movie industry Combined , so be it!
Wonderful! Let those capable of adapting survive. It is also about basic Capitalism.
That's what the Constitution of USA says. And I think a lot of people in here sworn over the Constitution, not to politicians in Washington ...
And yes, you can Lend your Legal copy of music to all your friends that is not illegal.
Also Distributing music with No Profit is not Piracy!
The Laws about that subject are completely distorted and made only for the purpose to protect RIAA and friends.
I think it is time to say enough is enough.
Regards.
RE: How Anonymous took down the DoJ, RIAA, MPAA and Universal Music Websites
"their hard earned, personal works"
Seriously? Do you realise the rubbish you are stepping in to defend? There is nothing good about 95% of the garbage spewed out by media. Good music is almost a distant memory, replaced by largely manufactured pretty boy/girl bands who have no more artistic talent than the poor beetles they squish while prancing onstage. Films are becoming progressively worse - most are painful. Computer games have also moved more and more toward recycled, repetitive 'story-line' laden bore-fests.
There are exceptions to the above rule and when you hear/see that gem, you get quite excited, but suffice to say almost all popular TV, games, music and film is definitely NOT providing income to real artists.
In a hard economic climate I think these industries should expect a slip in income just like everyone else. Instead, they have pursued bullying tactics, which in the course of time have been classified as ILLEGAL (at least in civilised countries), on top of producing crap. I would be happy to see them get some well deserved payback. 'Piracy' has virtually nothing to do with the 'poor' artists income and it never has.
RE: How Anonymous took down the DoJ, RIAA, MPAA and Universal Music Websites
You're partly right
P.S. 'Compromised' does not necessarily mean 'rooted' as the dirty work can often (not always) be accomplished quite nicely via a non-root account.
RE: How Anonymous took down the DoJ, RIAA, MPAA and Universal Music Websites
Botnets were not needed; just someones believe they are trying to help the cause. Click a link and without out really knowing you were tricked into DDos.
RE: How Anonymous took down the DoJ, RIAA, MPAA and Universal Music Website
RE: How Anonymous took down the DoJ, RIAA, MPAA and Universal Music Websites
RE: How Anonymous took down the DoJ, RIAA, MPAA and Universal Music Websites
Not sure if you are stating it was done or how it was done.
Clicking a link was part of the DDOS, lets all it took.