'Anonymous' group attempts DDoS attack against Australian government

'Anonymous' group attempts DDoS attack against Australian government

Summary: Following a threat posted on YouTube a month ago, the the well known malicious pattern of the "Anonymous group" failed to materialize earlier today when the group attempted to launch a distributed denial of service (DDoS) attack against the web sites of Australia's Prime Minister and the Australian Communications and Media Authority's web site as a protest against Internet censorship.What tactics did they use, why it failed and who's behind it?

SHARE:

Following a threat posted on YouTube a month ago, the the well known malicious pattern of the "Anonymous group" failed to materialize earlier today when the group attempted to launch a distributed denial of service (DDoS) attack against the web sites of Australia's Prime Minister and the Australian Communications and Media Authority's web site as a protest against Internet censorship.

What tactics did they use, why it failed and who's behind it? Let's review the 09-09-2009.org campaign, as well as Operation Didgeridie.

From a technical perspective, the attack was a low-level crowdsourcing DDoS attack that only managed to shut down the Primer Minister's web site for only a few minutes through multiple web requests run under several different threads, a standard feature for average denial of service tools.

Despite the campaigner's propaganda site descriptive enough to point out 09-09-2009.org as the day for the attack, the use of link baiting for the purpose of increasing the load on a web server, usually has a short-lived effect, which is exactly what appears to have taken place earlier today.

Who's behind the attack, or may have something to do with the organizational efforts? Just like a previous case related to the "anonymous" group's DDoS activities on behalf of their members, where a 19-year-old teen pleaded guilty for organizing the attack against the Church of Scientology, in this very latest attack,there appears to be a teen involved in the 09-09-2009.org site.

The 09-09-2009.org Campaign

Data speaks for itself. A cached copy of the propaganda site from August, includes a link -- now removed -- to a MySpace profile (myspace.com/andthesearethetemptation) which is now redirecting to the profile of a 17-year-old teen from Australia who has also posted a blog entry featuring "Anonymous"group's propaganda video.

A brief retrospective of the teen's attempt to monetize his MySpace popularity by offering to send MySpace bulletins -- spamming in this case -- to his users, indicates that he's been trying to do so since 2007, when he was offering to send 5 bulletins for $3 to 927 Friends! under the same account, followed by another ad using the handle "AusieHerp" offering to send 150 friend requests for a dollar.

It doesn't take a rocket scientist to establish a connection here, especially when the low-level crowdsourcing DDoS attack is theoretically in the arsenal of every 17-year-old MySpace rock star with 5773 (automatically added) friends on his profile, who's been monetizing their number since he was 15. Where the teen is clearly involved, the real coordination is happening from a publicly accessible Wiki under Operation Didgeridie.

Next -->

Operation Didgeridie

Operation Didgeridie consists of the distribution of DIY denial of service attack tools (404ServerNotFound.exe), launching "Fax bombs" using a GetUp! Campaign script, enticing into direct server compromise attempts by distributing a recently performed web application vulnerability assessment of Australian government web site using commercial tool.

The 'anonymous' group has been keeping a detailed log of the planning activities since August. Here's an excerpt from their planned/already executed points:

"It seems lots of people are confused as to what we are doing.

1) DDos the Prime Ministers website to get them the message about what is happening. 2) Get lots of Media Coverage to gain peoples attention and get everyone's support for taking the filter down. 3) Wait for their response: if it is yes, Stephen Conroy will resign, it's a win for us and the filter goes down. If they say no, we go IRL stuff here. Spread the word to everyone, hand out fliers. We don't want this to be another peaceful hippie protest [Chanology] " OK, here's the plan that we seemed to settle on in the IRC.

1. On the 8th of August, 2009, the man with the video uploads it to Youtube and links it here youtube.com/watch?v=CEe7qhlFNs4). 2. We sort out scripts to 5-star, favourite it and such and send it straight to the top ASAP. 3. At the same time Anonymous notifies major news stations and such of the video. Essentially we want public and media attention on a huge scale. 4. Keep running your scripts intermittently during the month between 8/9/9 and 9/9/9. 5. The government responds to our message. 5.1. Spread their response to all the major Australian and worldwide media outlets. Quite a few of them should say something about it. 5.2. Upload a second one, addressed to the Australian public. Use metacafe and such as well. 6. The government DOESN'T respond in the month time frame. 6.1. We skullfuck their servers with the link in the UDP message. 6.2. We then wait again to see if they got the message. 6.3. If they respond, go to 5. 6.4. If they STILL don't respond, we call our /b/rethren in for a major DDoS on their central servers, and we flood Stephen Conroy's email address with viruses etc. 7. And so the war begins...

DDOS DOES NOT START AT 12 AM 9/9/09 AEST READ BELOW People are being confused. This (DDOS) starts at 0900 GMT, EFG is all day, tell your friends, tell your family, tell your colleagues, tell your fucking cat. EXPLANATION : Extreme confusion between IRC, /net/ on 888chan and various other people has arisen over times. 0900 GMT is the time that the DDoS starts. The Government have until 9 am (2300 GMT) on the 9/9/09 to make their position clear. If they don't back down then Anon will attack. AKA 4 AM Eastern Standard Time."

Whereas the latest "anonymous" group DDoS attempt is a total failure, in its very nature crowdsourcing for launching DDoS attacks, of what's commonly referred as the "people's information warfare concept" proved to be a largely underestimated DDoS attack tactic during the last year.

From the Russia vs Georgia cyber attack (a combination of botnets and crowdsourcing), the cyber attack launched by the Iranian opposition against pro-Ahmadinejad sites (causing massive disruptions without the use of botnets), next to the Chinese hacktivists that successfully attacked CNN.com in 2008 (crowdsourcing using hackcnn.exe DoS tool, iFrame refreshing sites), the pro-Israeli crowdsourcing cyber attack campaign (failed crowdsourcing attempt through PatriotInstaller.exe) and the 2007's "Electronic Jihad Against Infidel Sites" campaign (failed crowdsourcing due to badly coded app) - all of these campaigns clearly indicate that a well executed and coordinated crowdsourcing campaign makes the need for a botnet obsolete.

Topics: Security, Government, Government US

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

5 comments
Log in or register to join the discussion
  • Anonymous has been know for years to be online terrorist

    The Anonymous group to me is a online terrorist organization, spamming, bullying, and hacking websites at any given time. Their acts are so random that it is hard to take many of their causes seriously.

    Sad to see this act against Australian government.
    AliceSmile
  • RE: 'Anonymous' group attempts DDoS attack against Australian government

    Another moronic attempt to spraypaint a wall with meaningless tags, despite their supposed goal of stopping Internet censorship.

    However, this does not take away from the Australian Government's attempt to shutdown Internet access by the people of Australia, which is a lot more serious than some idiot's DDoS attack on Kevin's website. I'm also surprised that they thought an attack on these sites would even be noticed - for denial of service to be effective people actually have to want to access the site ;-)
    tonymcs1
  • RE: 'Anonymous' group attempts DDoS attack against Australian government

    You have to understand, "Anonymous" is such a loose term...anyone/anywhere can say they are "a member of Anonymous." DDosing that some people do is stupid, BUT the "Anonymous" members fighting to expose the lies, abuse and brainwashing of the Church of Scientology and their tyrannical leader David Miscavige (who beats and abuses his staff) is totally on point.

    [b]Summary: "Anonymous" is not a defined group, but the Church of Scientology involved "Anonymous" are doing a good thing.[/b]

    See: whyweprotest . net for more info.
    xenuphobic
  • RE: 'Anonymous' group attempts DDoS attack against Australian government

    You have to understand, "Anonymous" is such a loose term...anyone/anywhere can say they are "a member of Anonymous." DDosing that some people do is stupid, BUT the "Anonymous" members fighting to expose the lies, abuse and brainwashing of the Church of Scientology and their tyrannical leader David Miscavige (who beats and abuses his staff) is totally on point.

    Summary: "Anonymous" is not a defined group, but the Church of Scientology involved "Anonymous" are doing a good thing.

    See: xenu . net for more info.
    xenuphobic
  • Intended to protest govt filtering AntiScientology content. =Blasphemy Law?

    No doubt Anon's methods are fubar. But the goal was spot on. If we start filtering stuff the science god just doesn't like, where does it end? With all the oppression, suppression, and repression of exactlywhat scientology is, how will we know what is truth or lie? (Unless you pay enough to the church to obtain enlightenment) Or do we filter everything (truth included) that reflects badly on this particular religion?
    And then there is that unspoken philosophical non disclosure thingy. Suppressed and enforced with lawsuits, physical abuse, brainwashing, and harassment of former members and critics. Is God the IP of the scientologists?
    invmgr