1654237 (original text)
|Subject||US/CT- Wikileaks Cyber Battle: Anatomy of a Hack Attack|
|Date||Dec 10, 2010 14:03|
|Released||Mar 6, 2012 00:00|
Wikileaks Cyber Battle: Anatomy of a Hack Attack
How Hackers Used 'Low Orbit Ion Cannon' to Take Down Mastercard, Visa,
By DEVIN DWYER
Dec. 10, 2010
"Connect your LOICs to the Hive. Attack will start soon."
With that simple call to action, and dozens like it sent out on Twitter,
Facebook and message boards, a scrappy, decentralized coalition of
computer users is waging an international "cyberwar" against U.S.
companies that have severed ties to the controversial website WikiLeaks.
Over the past few days, the group, known as "Anonymous," has successfully
knocked corporate websites for MasterCard, Visa and Paypal offline. There
are also signs that it was behind attacks on Swedish government websites
and those tied to Sarah Palin and Sen. Joe Lieberman.
But what's most surprising about "Operation Payback," cyber security
experts say, is the simplicity of its approach to wreaking havoc on the
The massive hack attack appears to have been orchestrated by a handful of
organizers with control over a virtual army of tens of thousands of
computers. The networks -- known as botnets -- can inundate their targets
with denial of service attacks, overwhelming a site's server so that
regular customers can't get through.
Security experts reached by ABC News estimated that several thousand
computer users have voluntarily dedicated their machines to the campaign,
downloading attack software, installing it on their computers and
connecting to a central server, called a HiveMind.
Anonymous has posted online step-by-step instructions for download,
telling participants that after installing the software they simply "sit
back and enjoy!"
Then, masterminds of the HiveMind input the IP address of their desired
target, and all the affiliated computers running the special software
begin bombarding the site.
"Remember: current target is api.paypal.com, port 443. We are currently
FIRING!" one of the HiveMind organizers posted under the Twitter handle
AnonOpsNet late Thursday.
The software, a simple Windows application called Low Orbit Ion Cannon, or
LOIC, was developed decades ago to test the ability of a website to handle
traffic. Because it's open source, meaning its code is publicly available,
it is also easily shared and manipulated.
"This program just goes and grabs data on the target website at a high
rate, in effect having no pause in your viewing of a webpage," said
Barrett Lyon, an Internet security expert who created the first denial of
service defense company in 2004 and has analyzed the ongoing cyberwar.
"It's basically just blasting the website using all the resources of the
But the attacks don't appear to be meant to do more than create a show,
Lyon said, noting the hackers don't seem to be seeking confidential
company or consumer information, like credit card account numbers.
In their manifesto posted online Thursday, Anonymous says it does not
intend to attack the "critical infrastructure" of sites like Visa and
MasterCard, but instead to disrupt their corporate websites. "Anonymous
does not seek to disturb the public peace nor the average internet
citizen; for average internet citizens are most of us who are Anonymous",
the statement says.
Only 1,000 Computers to Take Down Visa
An Australian man who claims to be one of the organizers running the
HiveMind told the Sydney Morning Herald it took only 800 computers to take
down MasterCard, and 1,000 to take down Visa.
But some security experts say the effort is almost certainly aided by
collections of tens of thousands of other computers, involuntarily and
unknowingly participating in the campaign at the direction of a master
"The truth is the actual attack is not coming from those few individuals,"
said Peter Schlampp, a cyber security expert with Solera Networks.
"They're commanding an extremely broad network of.... computers being
controlled by whatever the puppetmaster wants them to do."
These secret networks, or botnets, are common, and are often amassed
through viruses and worms without a computer user even knowing it.
"The infected computers can be told remotely to go do something: Send out
spam, send out bad traffic. They can even be told to attack the Pentagon
and steal data. They're robots," said Alan Paller, director of research at
SANS Institution for Computer Security and Training.
Paller said there are millions of computers available to would-be cyber
attackers via botnets, making it difficult for law enforcement agencies to
root out the threat completely. But, he added, officials can often track
down individuals behind the botnet controls.
Dutch National Police arrested a 16-year-old boy Wednesday in connection
with the hack attacks, a spokesperson for the Dutch National Prosecutors
Office told ABC News. The teen, he said, had confessed to involvement in
the attacks on MasterCard and Visa's websites.
But the botnets will live on.
"Botnets wax and wane over time, but don't go away," said Schampp. "The
only way to kill a botnet is for all the PCs to have updated antivirus and
antimalware software or to shut down the computers."
In the current battle, Paller said, resolution may more likely come
through more cyberattacks -- from the other side.
"What will happen is that there are enough angry people on the side that
doesn't like what Wikileaks did that are going to be vigilantes too.
That's already started, he said. "They're attacking back."
ABC News' Zunaira Zaki contributed to this report.
Office: +1 512-279-9479
Mobile: +1 512-758-5967
Strategic Forecasting, Inc.
This website hosts an archive of STRATFOR's emails released by WikiLeaks under "The Global Intelligence Files" project. The emails, dated between July 2004 and late December 2011, reveal confidential email communications between the private intelligence agency, Strategic Forecasting Inc. or STRATFOR, based in Austin, Texas and several large corporations including Bhopal’s Dow Chemical Co., Lockheed Martin, Northrop Grumman, Raytheon and government agencies, including the US Department of Homeland Security, the US Marines and the US Defense Intelligence Agency.
While the emails are generally available at http://wikileaks.org/gifiles/
, we find it hard to search or even navigate the site to read the emails.
We have made all released emails available here at Dazzlepod with the hope to make it easier for readers to browse, search, share and discuss about the released emails. We fetched the emails from the latest torrent made available by WikiLeaks at http://wlstorage.net/torrent/gifiles/
. The latest torrent is usually uploaded by WikiLeaks every 3 hours. To download the latest torrent, you may use this direct link https://dazzlepod.com/gifiles/torrent/
For comments or questions, please do not hesitate to contact us at email@example.com