Wikileaks Cyber Battle: Anatomy of a Hack Attack
   How Hackers Used 'Low Orbit Ion Cannon' to Take Down Mastercard, Visa,
   Paypal
   http://abcnews.go.com/Technology/wikileaks-anonymous-cyber-attacks/story?id=12355960&tqkw=&tqshow=GMA
   By DEVIN DWYER
   Dec. 10, 2010

   "Connect your LOICs to the Hive. Attack will start soon."

   With that simple call to action, and dozens like it sent out on Twitter,
   Facebook and message boards, a scrappy, decentralized coalition of
   computer users is waging an international "cyberwar" against U.S.
   companies that have severed ties to the controversial website WikiLeaks.

   Over the past few days, the group, known as "Anonymous," has successfully
   knocked corporate websites for MasterCard, Visa and Paypal offline. There
   are also signs that it was behind attacks on Swedish government websites
   and those tied to Sarah Palin and Sen. Joe Lieberman.

   But what's most surprising about "Operation Payback," cyber security
   experts say, is the simplicity of its approach to wreaking havoc on the
   web.

   The massive hack attack appears to have been orchestrated by a handful of
   organizers with control over a virtual army of tens of thousands of
   computers. The networks -- known as botnets -- can inundate their targets
   with denial of service attacks, overwhelming a site's server so that
   regular customers can't get through.

   Security experts reached by ABC News estimated that several thousand
   computer users have voluntarily dedicated their machines to the campaign,
   downloading attack software, installing it on their computers and
   connecting to a central server, called a HiveMind.

   Anonymous has posted online step-by-step instructions for download,
   telling participants that after installing the software they simply "sit
   back and enjoy!"

   Then, masterminds of the HiveMind input the IP address of their desired
   target, and all the affiliated computers running the special software
   begin bombarding the site.

   "Remember: current target is api.paypal.com, port 443. We are currently
   FIRING!" one of the HiveMind organizers posted under the Twitter handle
   AnonOpsNet late Thursday.

   The software, a simple Windows application called Low Orbit Ion Cannon, or
   LOIC, was developed decades ago to test the ability of a website to handle
   traffic. Because it's open source, meaning its code is publicly available,
   it is also easily shared and manipulated.

   "This program just goes and grabs data on the target website at a high
   rate, in effect having no pause in your viewing of a webpage," said
   Barrett Lyon, an Internet security expert who created the first denial of
   service defense company in 2004 and has analyzed the ongoing cyberwar.
   "It's basically just blasting the website using all the resources of the
   user."

   But the attacks don't appear to be meant to do more than create a show,
   Lyon said, noting the hackers don't seem to be seeking confidential
   company or consumer information, like credit card account numbers.

   In their manifesto posted online Thursday, Anonymous says it does not
   intend to attack the "critical infrastructure" of sites like Visa and
   MasterCard, but instead to disrupt their corporate websites. "Anonymous
   does not seek to disturb the public peace nor the average internet
   citizen; for average internet citizens are most of us who are Anonymous",
   the statement says.

  Only 1,000 Computers to Take Down Visa

   An Australian man who claims to be one of the organizers running the
   HiveMind told the Sydney Morning Herald it took only 800 computers to take
   down MasterCard, and 1,000 to take down Visa.

   But some security experts say the effort is almost certainly aided by
   collections of tens of thousands of other computers, involuntarily and
   unknowingly participating in the campaign at the direction of a master
   computer.

   "The truth is the actual attack is not coming from those few individuals,"
   said Peter Schlampp, a cyber security expert with Solera Networks.
   "They're commanding an extremely broad network of.... computers being
   controlled by whatever the puppetmaster wants them to do."

   These secret networks, or botnets, are common, and are often amassed
   through viruses and worms without a computer user even knowing it.

   "The infected computers can be told remotely to go do something: Send out
   spam, send out bad traffic. They can even be told to attack the Pentagon
   and steal data. They're robots," said Alan Paller, director of research at
   SANS Institution for Computer Security and Training.

   Paller said there are millions of computers available to would-be cyber
   attackers via botnets, making it difficult for law enforcement agencies to
   root out the threat completely. But, he added, officials can often track
   down individuals behind the botnet controls.

   Dutch National Police arrested a 16-year-old boy Wednesday in connection
   with the hack attacks, a spokesperson for the Dutch National Prosecutors
   Office told ABC News. The teen, he said, had confessed to involvement in
   the attacks on MasterCard and Visa's websites.

   But the botnets will live on.

   "Botnets wax and wane over time, but don't go away," said Schampp. "The
   only way to kill a botnet is for all the PCs to have updated antivirus and
   antimalware software or to shut down the computers."

   In the current battle, Paller said, resolution may more likely come
   through more cyberattacks -- from the other side.

   "What will happen is that there are enough angry people on the side that
   doesn't like what Wikileaks did that are going to be vigilantes too.
   That's already started, he said. "They're attacking back."

   ABC News' Zunaira Zaki contributed to this report.

   --

   Sean Noonan

   Tactical Analyst

   Office: +1 512-279-9479

   Mobile: +1 512-758-5967

   Strategic Forecasting, Inc.

   www.stratfor.com