Guest post: Childish Cyber Crimes bring down 5 websites

Guest post by Jason Adriaan.
Last night an Internet group that goes by “Anonymous” reaped revenge against services that cut ties with Wikileaks and aggressors against Wikileaks. They took down thepaypalblog.com for 8 hours, aklagare.se (Swedish Prodecutors) for 5 hours, postfinance.ch (Swedish Bank) for 12 hours, lieberman.senate.gov and everyDNS.com. This might sound really impressive, but to be honest… it’s not.

Related:

Operation: Avenge Assange is about more than “œChildish Cybercrimes“.

Great WikiLeaks resources online.

They did these attacks through the power of DDoS (Distibuted Denail of Service), which is the online equivalent of hundreds of thousands of screaming teenage girls stampeding to see Justin Bieber at your local grocery store. In layman terms how this works is a few hundred geeky (mostly teenage) guys get together and repeatedly refresh the site they are targeting, forcing the computer (server) the site is hosted on to run out of system resources. Now this sounds complicated but the truth is there is an app called the Low Orbit Ion Canon (LOIC) which does all this for you. The app hands over the power of your computer to one or two guys that coordinate the attacks or you can use the app yourself.

These DDoS attacks are illegal in most countries and have been going on for almost two weeks now between anonymous Pro- and Anti-Wikileak groups and has reached the point of just being plain childish. DDoS is as juvenile as a wedgie, it renders you temporarily discomforted but soon its over and it’s as if nothing happened.
The “Anonymous” group vowed to take down Twitter, Visa, Mastercard and Paypal in this way soon, but this will not happen. The truth is “Anonymous” is a small group of about 600 folks and attacking sites built to handle traffic that stretches into the billion page impressions is impossible no matter what type of magic software you use. This is why DDoS’ers all choose easy small websites which are not able to handle big traffic spikes as targets. This way they create alot of hype and feel all fuzzy inside for doing something teh_awesome, when in fact they are really just swimming in the kiddies pool of cyber crimes.
[Update] Ed note – Mastercard.com is now completely down due to the attacks.

(Update: Minnaar Pieters wrote his follow up article to this. He does not concur.)
(Update 2: 5 Great WikiLeaks resources online.)

  1. What a novice writer, still thinking people launching DDoS attacks are “teenage, geeky (kids)”. Didn’t bother reading further because clearly he doesn’t know what he’s writing about.

  2. Jeeva > I came to the same conclusion, but I continued to read and the conclusion was substantiated even more.
    It appears to be more of an uneducated, or ill-educated, take on DDoS to say the least – GUEST BLOGs should be scrutinized before posting

    1. Well guys feel free to waste your time trying to inconvenience a couple of small targets, the truth is you will never bring down any real significant targets. Bringing down thepaypal blog or even the mastercard frontend is childsplay, show me you can bring down their payment infrastructure and you might convince me otherwise. Until then I think your time will be better spent playing World of Warcraft.

      1. the powers that be clearly thing its OK to withhold key information and send thousands to their deaths, and then crusify those who date reveal the truth.
        I think DDoS is just a little way of letting them know…we are not happy.
        kinda like voting with your wallet.

    2. Why? Its his opinion and has created a good debate…. BWTH blog is not saying this is our stance on the matter.

  3. I agreed mostly with what was written. Yeah they are not all teenagers but Anon comes from 4chan, if you go onto 4chan and see the pictures people post (of themselves) you can see that are large part of Anonymous’ base makes up teenagers and early 20’s. Having said that, I have spoken to many older people that have been on 4chan (none have admitted to taking part in raids). Even so that does not make the attacks any less real.
    Also judging from Anoymous’ posts they take down a target and move on. Then what? To me it seems like it’s service as normal? After reading that they have taken down sites, I have actually attempted to go to all of those sites and they have been back up. (I am actually asking here) What is the end game? Is it just a temporary service outage. Ok for a bank yeah that could cost millions of dollars but for someone like mastercard and paypal it’s still a drop in the ocean. They make millions of dollars every day.
    Btw.. this is not an attack previous comments. I want to understand.

  4. Talk about hi-jacking this story right from under my nose.
    BWB is a great blog because the articles are normally factual, this article is the clear sign that someone who actually doesn’t understand the medium being written about jumped on quickly, found some info and did a post.
    “The truth is “Anonymous” is a small group of about 600 folks” – where is that number from? You think just 600ppl took down Mastercard? Lol.
    No offense to Jason at all, I just think hi-jacking it wasn’t cool and the facts here aren’t correct. And Charl, seeing that I actually sent you my article via Twitter means you knew what was going on. No hard feelings, just a tad dissapointed.

    1. I’m not sure I completely follow you, are you upset I did a story on something that has been posted about all over the internet? This post was just an opinion piece. I know the view is not going to sit well with most people but it’s just another view. If you disagree go ahead and post a comment and I’ll happily respond to it.

      1. I think your view is incorrect and that you have a some weird bias towards I don’t know what? Maybe explain? How can you not see that one DDOS was (according to the media at least) started against Wikileaks?

        1. I replied to your previous comment on the matter, my feelings for Wikileaks has nothing to do with this, I consider criminal behaviour a bad thing and infact as a fan of WIkileaks you should consider it bad for them to be associated with crime aswell.

        2. I replied to your previous comment on the matter, my feelings for Wikileaks has nothing to do with this, I consider criminal behaviour a bad thing and infact as a fan of WIkileaks you should consider it bad for them to be associated with crime aswell.

          1. Could not reply earlier site would not save.
            “law” who’s law.
            “demonstrate, vote.. scream and shout..” the law is relative these activities were/are also against the law. How will/did they change?
            “crime” breaking rules that “WE” set not breakin rules that “YOU” set and change at will.
            “Childish”
            Picketing in front of an organization has the same effect and is not deemed childish. I guess you could call this a “Digital picket line” let’s hope in does not turn into a
            “Digital (riot, insurgency, rebellion, …)” and worse it may not stay Digital

          2. Jason there is a number of issues here.
            1) You must make the link between the cyber attacks on these sites and the attacks on Wikileaks, you have to associate the two, otherwise you provide an ill informed reader without context and you are basically saying that the “group” are a bunch of criminals.
            2) Talking about crime and the law etc. you did not mention that the DDOS attacks on the Wikileaks sites are also a crime. It’s worse though as it’s a crime against the freedom of information and secondly at least some people are saying that this crime was perpetrated by agencies within governments. Governments funded by tax payers and voted in by citizens.
            Further the concept of crime. One could argue that a whole apparatus of governments that wage wars against sovereign states say like the war in Iraq (where they did not find the WMD’s remember) is criminal. Therefore if you buy Oakleys or many other products you are officially supporting companies that kit the US army for example and thus associating yourself with criminal behaviour.
            The only difference though is that the news media and propaganda engines have effectively divided people on whether or not the war in Iraq, for example, is actually criminal or not. What I am trying to say is that criminal behaviour is sometimes very much dependant on who is doing the crime.
            Julian Assange specifically said in an interview that people must remember that the organisations that are trying to bring down wikileaks do not work within the law, hence the increasing need for secrecy for these organisations.
            I agree that wikileaks should not be associated with criminals. Your blog however does not allude to that idea. I am also however sad that most citizens in the world are now to some degree associated with criminal governments and criminal companies.
            In conclusion, I am not sure that wikileaks is legit. Many people argue that this whole thing is a massive scam driven to remove the current open architecture and relatively censorship free infrastructure of the internet. This will be done by getting the public and lawmakers, especially, behind legislation (again a law…that makes something or someone a criminal) that will criminalise things like peer to peer sharing etc. these laws have been around and have been trying to get enacted for a while they include: ACTA (http://en.wikipedia.org/wiki/Anti-Counterfeiting_Trade_Agreement) the US internet blacklist (http://demandprogress.org/) and even to some degree our own Protection of Information Bill legislation and definitely our own “internet porn” law.
            But maybe they are legit? I don’t know I am definitely worried about the current situation though, especially as I cannot buy from AMAZON anymore with my VISA card… A brave new world we are entering, and for what I wonder?
            Oh lastly, lastly, apparently twitter is also censoring wikileaks now… http://osdir.com/Article10586.phtml
            All this, is way too suspicious and related…

          3. Thanks for the lenghty reply Dhugoza
            As I said this post is not about Wikileaks, it’s just related to Wikileaks. I realize they were also being DDoS’ed, and the people responsible for that I feel the same about as the ‘Anonymous’ group. On the issue of legalities and what should be legal and illegal, I fear it is beyond the scope of this discussion. I will be publishing another post on Memeburn about Wikileaks and internet Freedom later this week, I’ll post it on Twitter an we can continue this discussion there.

          4. I still think your blog is misleading and might give readers a false impression of what is actually happening.

    2. Hey Chris, I didn’t read your post. I’m not into 4chan, underground IRC rooms, etc .. I’m not from that culture. You are.Jason wanted me to post this, so I did. Simple.

  5. I am not sure I understand this rant against this group. I would have thought it more alarming that there have been repeated DDOS attacks against Wikileaks probably from US government agencies and others…
    I also find it alarming that we now live in a world that is so centralised/controlled and driven by corporates that of there aren’t many options left if you a private citizen would like to voice concern. We now live in a world where if I want to boycott Amazon, Paypall or VISA and Mastercard I don’t have any other options left, I basically have to stop buying books online (probably books completely as the Kindle takes over) and I cannot even pay for them…
    No in my opinion your viewpoint basically says that if you are a big company or government then you can do whatever you want, whilst if you are a grassroots movement then you are childish…
    It’s a sad status quo, one where you assume that big companies and governments are actually are to be trusted, which they have shown is not the case at all. They have shown this so many times but still you believe them…

    1. Dude, my post has nothing to do with Wikileaks, I know it might seem associated. I don’t care what motive people might have for pulling off cyber crimes, but the fact remains that it is a crime and I’m not keen on that. I am a huge fan of Wikileaks and the work they are doing and thing these attacks actually just weaken our cause as it associates us with criminal behavior. Just another weapon in the hands of the people who want to oppress freedom of information.

    2. I disagree. An anonymous organisation gets very little credibility and are seen as terrorists themselves. Any message that may be sent is clouded by the fact that the are seen as vandals and and arguably script kiddies. Sending a DDOS attack is a less effective strategy than actually speaking with your wallet. Actually not using Visa, Paypal, Amazon, Mastercard. It’s not meant to be easy to do these things. That is why it is a protest. You can’t protest and multi-billion dollar company by clicking a DDOS button. If you want to protest, do it, make an effort! DDOS is not effective.

  6. @Jason it’s clear you have little to no understanding of what Anonymous’ intentions are here. The idea is not to wipe their targets off but to give them a wake up call. A way of letting them know that the people are displeased.
    Anonymous’ real White Knight moment in all of this though, is they’ve setup over 500 Wikileaks mirrors. Rather childish.

    1. I appreciate the fact that they were involved in putting up mirrors, this post is specifically directed at the DDoS attacks, from both sides even though this focuses more on Anonymous. If the intention here is simply to make companies aware they are not happy then I don’t see the point. Wikileaks by itself is doing a great job at PR all by itself, it doesn’t need cybercriminals to be affiliated with it to get it’s message accross.

  7. It seems Mastercard.com is down, *slow clap* great now no one can use their credit cards… or wait… no they only took down the front end. Either not enough firepower to take down the payment infrastructure or just good old bad planning.

  8. Firstly this article is very badly researched and written which is a shame because up until now I have come to expect well written and informative articles from Bandwidth Blog. The title of this article caught my attention because information security is one of my greatest interests and I personally feel that what has been written above is a very naive and ill informed view that underestimates a very serious form of cyber attack. I do not wish to engage in a debate on who knows more about security or this type of attack in this forum (flame war) but I would like to suggest to the editors of this blog to delegate articles such as these to people who are going to take more care in their writing and have real knowledge to back up their statements such as “DDoS is as juvenile as a wedgie”. One comment I would like to make is that DDoS is far more than just a wedgie and can be used to disable critical resources, create diversions, test system admin response times and weaken defenses anybody reading the article above should not be left with the image of a group of teenagers sitting around orchestrating these seemingly wide scale meaningless attacks.

    1. “DDoS is far more than just a wedgie and can be used to disable critical resources, create diversions, test system admin response times and weaken defenses “I don’t think challenging admin response times is an issue, and I’m not too clear on what you mean by ‘weakening defenses’. The point of any attack is to disable critical resources and I made it very clear when I explained it above, but in the case with Paypal or Twitter do you think attacks of this scale would do anything of that sort?I was hoping for you to raise more points but it seems you are more interested in ad hominem arguments.

      1. If you you anything about a DDoS you would understand that it is not just about bringing down websites so I would like to reiterate again that you do not have sufficient knowledge to comment on this subject.
        DDoS attacks may also lead to problems in the network nodes around the actual computer being attacked, disrupt physical network components, obstruct network communication and routing information as well as exploit errors in the OS to deliver payloads. All of this should have been mentioned in your article yet you chose to compare DDoS to a group of girls crowding Justin Bieber.
        Twitter and PayPal have both fallen prey to DDoS attacks in the past and if you had made any attempts to research what you were writing you would know this. I am trying to limit my comments in this forum because I do not believe that arguing in the comments section of a blog post will bear any fruit. If you were to comment that you feel as though you were not the right person to write an opinion on DDoS you may actually save some face?

        1. Within the context of the post and the situation how effective do you think these attacks have been at “Payback”? I would agree with you that these attacks are effective if Mastercard’s payment network was taken down for example. It is clear that Anon has no real intention to do harm, so Operation Payback is really just a lot of kicking and screaming. Btw in the title I am calling these *current attacks* childish.

          1. It depends, if the DDoS disrupted services and that was the end of it then the “Payback” you refer to is minimal and as others have indicated in other comments is just a show of force and protest. If the DDoS was used to deliver payloads and disrupt network communications you may only see that these attacks were more serious in coming weeks. The PayPal blog could be hosted on the the same infrastructure that is home to key hardware components and software services and the attackers could now have access to all of these and be able to do a lot more than deny public users access to the blog. You are missing the most serious aspect of a DDoS which is that it is used as a component for exploitation and an attack is not over when the DDoS is is either prevented or stopped. Hackers use a variety of exploits to find misconfigured networks / servers or exploitable software to gain access and I view a serious DDoS attack like a battering ram that is used to try and open the doors to your network.

  9. Guys, like Charl, I’m not from that underground IRC world, 4Chan and the likes. Can someone please explain exactly what “Anonymous” will achieve or what they trying to actually do?
    Would they be able to take the likes of Mastercard (its actual credit card processing) down? Is DDoS actually able to that?
    They are obviously making noise online and in the media, but what purpose will that serve?

    1. Like I said in my comment, it’s a form of protest.
      “Anon” wants everyone to know that they disagree with the way in which Julian and Wikileaks are being treated.
      Think of Anon blocking access to websites as a few thousand people setting fire to cars in the street.

      1. It’s not the same. I kind of agree with you but Anon have 0 credibility in the corporate world and any protest is treated as nothing more than vandalism rather than a legitimate protest. And any organisation that DDOS-es these companies as a result of Wikileaks will be tarred with 4chan / Anon’s image (not a good image). Which is ultimately a bad thing for Wikileaks. However having said that, Wikileaks needs all the friends it can get.As said in a previous comment, true protest is to actually protest, you can’t protest by clicking a button (see also “Change your Facebook picture to prevent Child Abuse”).

        1. The statement “but Anon have 0 credibility in the corporate world” holds no water and I think you’ve missed the point.
          Imho – taking down websites is a stronger show of power/force/disapproval compared to breaking shop windows and more physical acts centralized at a geographic location. Isn’t that just (violent) vandalism as well?
          Would you be so kind as to elaborate on “true protest is to actually protest”?

          1. “The statement “but Anon have 0 credibility in the corporate world” holds no water and I think you’ve missed the point.”
            I’m not sure what I missed. (no accusatory tone here) If yo’ve been to 4chan’s /b/ (NSFW btw) which is the home of Anonymous you’d see it’s essentially the ass of the internet. I can’t really explain it, go there when you can and you will see. /b/ are known to harass civilians who have done no wrong while under the guise of Anonymous attacked corporations (who may or may not have deserved it). Anon and /b/ cannot be separated, they are the same people. An organisation that bullies people in their spare time, maybe it’s just me but as a corporate entity, I would care more what my legitimate customers say that /b/tards (as they call themselves). As a corporation I would also not want to be associated with /b/tards. I.E. no credibility…
            “true protest is to actually protest”. Yeah sorry wrote that in a bit of a rush. You would not believe it from my activity here but I am actually trying (unsuccessfully) to do some work. What I meant by that was, as a legitimate customer, don’t use that companies services. Instead of cards and paypal, use cash, bank guaranteed checks, anything you can etc. There are other methods to avoid these companies, it’s just not convenient.

        1. lol, ye but you do understand that by calling Payback people immediately imagine Jean Claude van Damme moering the bad guy to death right? This is not what they have been doing at all. Perhaps they should have called it… the F5protest 😛

      1. Hmm, as someone who has been on the receiving end of a DDoS I can promise you that it is FAR more than a mere inconvenience. Sure, I get that you’re saying their payment infrastructure won’t be affected so it is no big loss for them as far as revenue is concerned, but consider this for a minute: How will Mastercard look to the general public if they are attacked for weeks on end and nobody can access mastercard.com? What perception would that create? Certainly NOT a positive one. They are supposed to be very secure as they’re a financial institute. While it may seem like a worthless act of protest, it could potentially be harmful to their brand.
        On the other hand, you writing this article and others doing the same creates a lot of negative press for these guys. They’re being perceived as the bullies shutting out wikileaks.
        So in short, what these guys tried to achieve, they no doubt achieved 🙂

  10. Sorry, but I have to add my two cents here as well.. I just get the idea that the author has a overly simplistic view of the forces at work here. Yes, while the actions of Anon can be considered “childish” they clearly are trying to make a statement, and their ages have very little to do with it.
    Anon is clearly trying to support the freedom of information, and limit anybody who tries to prevent it. They are DDoS attacks on these companies happen for a good reason – the hipocrisy of it all is pretty scary. For example – you can currently use Paypal to support the KKK, but not Wikileaks. How is that OK?

  11. We are so quick to dismiss teenage ‘geeks’ when what they are doing doesn’t suit us but as soon as they are entrepreneurs we all carry on about teenagers being the tech savvy business minds of our day.
    passion != immaturity
    Anyway as Gerard says, the ages of those launching these attacks are not relevant to the results

  12. I came here on the promise of debate and the only debate I’ve found is between the author of a badly written, poorly researched post and everyone else.
    @Jason Adriaan: Arguing over the meanings behind the words used by Anonymous (“payback” vs “protest”) is semantics and does little to cover up the fact that you have written a shoddy post, showing little to no understanding of the subject matter.
    Also, your argument that this post is not ABOUT Wikileaks isn’t helped by the fact that you mention Wikileaks throughout the post, the URL contains the word “wikileaks” and there is a giant screenshot of Wikileaks in the middle of the post.
    The highlight of this entire “debate” for me has been watching you defend your position by saying there’s no way that Anonymous would be able to take down a serious site like Master… oh wait…. Anonymous just took down a serious site like Mastercard.

    1. I did not set the url or choose the pic that was used. Err.. and the Mastercard attack has taken down the home page and none of the payment infrastructure.

      1. “One payment service company told the BBC its customers were experiencing “a complete loss of service” on MasterCard SecureCode. The credit card company later confirmed that loss.”
        From an article on The Guardian

  13. Just as a follow up (or an I told you so) seems like even Anonymous agree DDOS are not effective. Anonymous have changed Operation Payback to Operation Leakspin.
    Souce: http://www.guardian.co.uk/news/blog/2010/dec/10/wikileaks-us-embassy-cables-live-updates 9:32
    @Ed I agreed with Jason. I just wasn’t sure on the numbers but they were confirmed. So I had to agreed with that. The other thing I didn’t agree on was the age… but like I said.. that is debatable.. nobody knows who anonymous is.. nor is it relevant to what they are doing.

  14. Now they are Attacking the Dutch Police. That IS childish. The police do not rely on internet infrastructure… I as time goes on you can see that, though it may seem to be inflammatory, is closer to being factually correct than you would like to admit.

  15. aww, you complain about 600??? where did you get that no., your head? you have no idea how many there are, and paypal consider themselves judge and executioner. in that they practise witch burning…why? bcos if you are “ALLEGED” of being criminal, you are guilty adn have to prove innocence. in other words, an innocent person can simply have a lie said about him, and paypal believes the liar, and the innocent person by natural law who is innocent until proven guilt beyond a proof burden has the burden reversed.
    that effectively means we are murderers unless we proove ourselves innocent that is the justice paypal uses. they are the worst nazis, I suspect you would be killed if these had some power like that, hitler is alive and well…..I jest not, be very afraid

    1. When this post was written and the attacks just started pandasecurity reported the number 600. That number clearly rose into the thousands within hours and then dramatically dropped off once people were getting frustrated and bored.

  16. u see yourself as a law abiding citizen and be proud of it, are u so naive to think that the powers that we allow, we who are millions, they who are few, we allow, are law abiding, the govt services? they are the liars the criminals the murderers the thieves, too. u know nothing of what goes on wise up. big business and govt can be the worst of criminals

  17. It is sad to note that the youth are involved in cyber crimes. Taking this article as an example, it is really alarming that child sites are behind the spread of such unlawful acts throughout the web. Hopefully a more comprehensive legislation will be formulated in order to protect us from being victims of such offenses.

Comments are closed.