The underground cyber movement has drawn a lot of attention to themselves in the aftermath of WikiLeaks’ disclosure of the secret US embassy cables. In their vendetta against financial institutions who has suspended the accounts of WikiLeaks associates, they’ve managed to take down the websites of major companies like Visa, MasterCard and PayPal. Not bad for a bunch of uneducated teenager! But really; how dangerous are these people?
“A lot of these kids probably are getting into the thrill of it without having the expertise and knowledge that they’re actually committing a crime.”
A cyber war? Online vandalism? A virtual sit-in? A Computerized protest? It’s not easy to find a category for the many distributed denial of service (DDoS) attacks carried out by the group Anonymous recently. But after hearing and reading what the IT experts have to say about it, I think the term vandalism is the most accurate.
That said; I also believe that parts of the group have the potential to become very real – and very dangerous – cyber soldiers at some point in time.
But right now is a loosely organized group of protesters, just as the hippies in the 60’s, or the punk rockers of the 80’s.
According to Panda Security, Anonymous managed to hold down PayPal’s blog and MasterCard’s main site for more than one day.
Visa and a Swiss bank had theirs sites down for several hours, but others were out for just a few minutes.
Paul Sop, CIO at the cyber security company, Protexic, says that taking down a “brochure site” has little impact on a company’s bottom line, but adds that it could have collateral damage by affecting another system.
That’s what many assumes happened to MasterCard, as their SecureCode authentication also got hit the day of the attack, according to the magazine PC Pro.
PayPal’s transaction system also went down at the same time the company’s blog was being attacked.
This damage can amount to millions of pounds, according to Paul Sop.
Not At All Sophisticated
Despite the “successful” attracts, are the methods used pretty simple, and not at all sophisticated. It is traditional bot-net command and architecture.
They are carried out by using a widespread- and very available – software called Low Orbit Ion Cannon (LOIC).
The LOIC software has been around for quite some time. But it’s has developed to become a very user-friendly piece of software that can be run from any computer.
Of course, if 10.00 people run it at the same time it can cause trouble, but hardly any severe damage.
And – of course – the security firms have this kind of activity mostly under control.
“You can actually watch when it’s used by others, giving a puppet master kind of control,” Paul Sop tells PC Pro .
This may suggest that the attackers don’t have any special hacking skills,. However, on the other hand, the LOIC programs are still evolving and the latest versions has encryption features that makes the whole thing easier to hide.
Craig Labowitz, chief scientist at Arbor Networks points out that the recent attacks, assumed to be launched by members of Anonymous, is not only DDoS attacks.
There’s a wide range of methods, and the level of complexity might vary for one to another.
A Crowd-Sourced Phenomena
This also reflects the diversity of the cyber protesters. “It’s a crowd-sourced phenomena,” Sop calls it.
“With Anonymous you have thousands of people, anyone can change the attack, the rate of the attack or the protocols they’re using,” he explains.
And this is what keeps the security experts on their toes.
Paul Sop compares it to a game of chess: When the attackers discover that a countermeasure is being launched, they change the attack.
Communication and information are shared in chat rooms.
The chat rooms are also the Anonymous weakest link because the security people easily can log into them and figure out what’s cooking.
And this seems to be a pretty effective method of prevention.
“As we were blocking their attacks, they get discouraged because a lot of these users are very young and they want that endorphin rush,” Sop says. “Annoy them enough, and eventually they lose interest and go on to something else,” he concludes.
This attack and counterattack activity has elevated the worries about a co-called cyber war.
Craig Labowitz characterize the Anonymous attacks as “vandalism”.
But adds: “That isn’t to say that this doesn’t pose a threat, as writers of these tools evolve, as more machines become involved.”
According to the security industry, hackers control between 40 and 60 million computers worldwide.
Several hundred thousand people have downloaded the LOIC software.
The PC Pro Magazine has also spoken with a couple of Anonymous representatives, who emphasize that they don’t speak for the whole group.
They do, however, claim that there is between 500 and 1000 member who are “highly skilled” and who have “very large bot-nets” and “a lot of experience.”
The rest are just protesters, they say.
“They are just people who stand up for what they believe in, and shouldn’t be referred to as hackers,” say one.
And the Anonymous dismiss the speculations about them trying to spark a cyber-war.
“The DDoS attacks were neither an act of so-called cyber war, or sit-in, they were more of a wake-up call to the world about the suppression off the freedom of the press,” says another Anonymous.
Regardless of motivation, DDoS is illegal in most countries. So far has 3 people been arrested in the Netherlands and in Greece.
And there will likely be more arrests. Just downloading a LOIC program can give up to two years in prison. Only since the WikiLeaks turbulence started, the software has been downloaded more than 100.000 times from the sites of SurgeForce.net.
The ting is: this software do not hide IP addresses. So, it’s an easy task for Sop, Labowitz and other security people to find out who use it.
And you can be sure they’re handing the information over to the authorities.
The Script Kiddies
Anyway – there is one thing the security experts won’t mention:
Have you ever heard about “script kiddies”?
Well, it’s a slang in hacker communities for young aspiring hackers who writes basic scripts for the real ones (the criminals), who then put it together in increasingly sophisticated ways to create more and more dangerous malware.
According to my own sources in the hacker environment, there are many script kiddies amongst the Anonymous.
Mr. Sop says in the interview that the Anonymous kids probably are getting into the thrill without having the expertise and the knowledge that they’re actually committing a crime.
In other words: it seems like organized cyber criminals have started to use children to do their dirty work and carry out the testing of new components, as they at the same time are hiding their own asses.
Now, there’s the really ugly side of the story.
Related by the Econotwist’s: