Following a threat posted on YouTube a month ago, the the well known malicious pattern of the "Anonymous group" failed to materialize earlier today when the group attempted to launch a distributed denial of service (DDoS) attack against the web sites of Australia's Prime Minister and the Australian Communications and Media Authority's web site as a protest against Internet censorship.
What tactics did they use, why it failed and who's behind it? Let's review the 09-09-2009.org campaign, as well as Operation Didgeridie.
From a technical perspective, the attack was a low-level crowdsourcing DDoS attack that only managed to shut down the Primer Minister's web site for only a few minutes through multiple web requests run under several different threads, a standard feature for average denial of service tools.
Despite the campaigner's propaganda site descriptive enough to point out 09-09-2009.org as the day for the attack, the use of link baiting for the purpose of increasing the load on a web server, usually has a short-lived effect, which is exactly what appears to have taken place earlier today.
Who's behind the attack, or may have something to do with the organizational efforts? Just like a previous case related to the "anonymous" group's DDoS activities on behalf of their members, where a 19-year-old teen pleaded guilty for organizing the attack against the Church of Scientology, in this very latest attack,there appears to be a teen involved in the 09-09-2009.org site.
The 09-09-2009.org CampaignData speaks for itself. A cached copy of the propaganda site from August, includes a link -- now removed -- to a MySpace profile (myspace.com/andthesearethetemptation) which is now redirecting to the profile of a 17-year-old teen from Australia who has also posted a blog entry featuring "Anonymous"group's propaganda video.
A brief retrospective of the teen's attempt to monetize his MySpace popularity by offering to send MySpace bulletins -- spamming in this case -- to his users, indicates that he's been trying to do so since 2007, when he was offering to send 5 bulletins for $3 to 927 Friends! under the same account, followed by another ad using the handle "AusieHerp" offering to send 150 friend requests for a dollar.
It doesn't take a rocket scientist to establish a connection here, especially when the low-level crowdsourcing DDoS attack is theoretically in the arsenal of every 17-year-old MySpace rock star with 5773 (automatically added) friends on his profile, who's been monetizing their number since he was 15. Where the teen is clearly involved, the real coordination is happening from a publicly accessible Wiki under Operation Didgeridie.
Operation DidgeridieOperation Didgeridie consists of the distribution of DIY denial of service attack tools (404ServerNotFound.exe), launching "Fax bombs" using a GetUp! Campaign script, enticing into direct server compromise attempts by distributing a recently performed web application vulnerability assessment of Australian government web site using commercial tool.
The 'anonymous' group has been keeping a detailed log of the planning activities since August. Here's an excerpt from their planned/already executed points:
"It seems lots of people are confused as to what we are doing.
1) DDos the Prime Ministers website to get them the message about what is happening. 2) Get lots of Media Coverage to gain peoples attention and get everyone's support for taking the filter down. 3) Wait for their response: if it is yes, Stephen Conroy will resign, it's a win for us and the filter goes down. If they say no, we go IRL stuff here. Spread the word to everyone, hand out fliers. We don't want this to be another peaceful hippie protest [Chanology] " OK, here's the plan that we seemed to settle on in the IRC.
1. On the 8th of August, 2009, the man with the video uploads it to Youtube and links it here youtube.com/watch?v=CEe7qhlFNs4). 2. We sort out scripts to 5-star, favourite it and such and send it straight to the top ASAP. 3. At the same time Anonymous notifies major news stations and such of the video. Essentially we want public and media attention on a huge scale. 4. Keep running your scripts intermittently during the month between 8/9/9 and 9/9/9. 5. The government responds to our message. 5.1. Spread their response to all the major Australian and worldwide media outlets. Quite a few of them should say something about it. 5.2. Upload a second one, addressed to the Australian public. Use metacafe and such as well. 6. The government DOESN'T respond in the month time frame. 6.1. We skullfuck their servers with the link in the UDP message. 6.2. We then wait again to see if they got the message. 6.3. If they respond, go to 5. 6.4. If they STILL don't respond, we call our /b/rethren in for a major DDoS on their central servers, and we flood Stephen Conroy's email address with viruses etc. 7. And so the war begins...
DDOS DOES NOT START AT 12 AM 9/9/09 AEST READ BELOW People are being confused. This (DDOS) starts at 0900 GMT, EFG is all day, tell your friends, tell your family, tell your colleagues, tell your fucking cat. EXPLANATION : Extreme confusion between IRC, /net/ on 888chan and various other people has arisen over times. 0900 GMT is the time that the DDoS starts. The Government have until 9 am (2300 GMT) on the 9/9/09 to make their position clear. If they don't back down then Anon will attack. AKA 4 AM Eastern Standard Time."
Whereas the latest "anonymous" group DDoS attempt is a total failure, in its very nature crowdsourcing for launching DDoS attacks, of what's commonly referred as the "people's information warfare concept" proved to be a largely underestimated DDoS attack tactic during the last year.
From the Russia vs Georgia cyber attack (a combination of botnets and crowdsourcing), the cyber attack launched by the Iranian opposition against pro-Ahmadinejad sites (causing massive disruptions without the use of botnets), next to the Chinese hacktivists that successfully attacked CNN.com in 2008 (crowdsourcing using hackcnn.exe DoS tool, iFrame refreshing sites), the pro-Israeli crowdsourcing cyber attack campaign (failed crowdsourcing attempt through PatriotInstaller.exe) and the 2007's "Electronic Jihad Against Infidel Sites" campaign (failed crowdsourcing due to badly coded app) - all of these campaigns clearly indicate that a well executed and coordinated crowdsourcing campaign makes the need for a botnet obsolete.