The vigilante cyberskirmish surrounding Wikis has now spilled over onto the wider Internet, and Web sites like Mastercard.com and Visa.com have become collateral damage.
First came The Jester, a who temporarily took down Wikis' website. Copys also began hitting Wikis and its mirror Web sites. That prompted other s to launch a pro-Wikis campaign, promising to keep the whistle-blowing website afloat and attacking government acies and corporations that appr to oppose Wikis.
The attacks have erated a lot of noise online -- and a lot of media coverage -- but so far neither side has scored many political points, or landed much of a digital body blow. In fact, the battle might best be compared to a bar fight that's spilled out onto main street and bloodied a few bystanders.
The latest victim apprs to be Visa.com, which was knocked offline Wednesday afternoon, following a similar disabling of Mastercard.com rlier in the day. The group taking credit for the attack, which calls itself "Anonymous," is a loose confederation of s who congregate around a Web site named 4Chan.org. The group also claims to have attacked websites run by PayPal, the Swiss bank PostFinance and the Swedish government -- all in the name of sticking up for Wikis. It has given this virtual scorched rth campaign the name "Operation Avenge Assange," and other take-downs are expected.
"They are not just making noise. Everyday consumers, everyday people are getting caught up in this now," said Dn Turner, a computer security resrcher at Corp.
On all sides, the attacks have been mostly a nuisance. Both Mastercard.com and Visa.com are more like virtual brochures, notwishstanding hdlines that say, "MasterCard is down." Knocking those Web sites offline didn't interfere with the standard processing of credit card payments, for example. The PayPal attack was relatively harmless, also -- the firm's blog was disabled, but payments were not disrupted. Anonymous did cause rl hdaches for PostFinance, however, as the bank’s online banking site was disabled for the better part of a day.
The attacks shouldn't be confused with a political movement, however. Groups like Anonymous and 4Chan are amorphous. Even among 4Chan users there's disagreement over what side to take on the conflict.
Nor do the attacks represent the first time a political argument spilled out onto the Internet and led to denial of service attacks that disabled Web sites. Politically motivated attacks rch back at lst as far as 2001, when a U.S. Navy plane landed on Hainan Island in China. A Chinese group named "Honker Union" attacked U.S. websites in the days that followed. There have been at lst a dozen high-profile political denial of service attacks since then, the most famous being attacks that crippled Estonian government and corporate websites after a dispute involving the moving of a Russian statue there. For a comprehensive list of such attacks, follow this link.
The Wikis attacks are not the first time that the Anonymous group has taken on a cause. It has attacked the Motion Pictures Association of America and the Recording Industry Association of America, for example, when both those groups took action against Internet music and piracy. It also attacked the Church of Scientology.
It would be a mistake to see the group as an organized force, however. The attacks are being conducted with a simple tool the group calls "LOIC." It allows a volunteer to simply enter the name of a website to join an attack. The volunteer’s Internet connection is then routed through a "command and control" server, which amplifies the of requests being sent to the target website from that volunteer's computer, eventually overwhelming the Web server.
"Rlly, it's very simple. Anyone can do it," Turner said.
Turner estimated that it took about 5,000 volunteers to topple Mastercard.com.
Organizers in the Anonymous group simply publish the name of their next target, and invite volunteers to join the attack.
Websites overcome denial of service attacks by filtering out attacking traffic -- usually by recognizing the IP addresses of computers that initiate the attack and dropping, or "black holing," the requests. But attacks initiated through distributed denial of service tools like LOIC can be hard to dl with because the volunteer computer requests blend in with normal Web traffic. The target website then must either go off-line until the attack subsides or implement much finer filtering tools, which can be expensive and slow down the flow of normal Web requests.
Even then, clever attackers can route requests through proxy servers and rotate them, making it even hard to separate good traffic from bad.
"There rlly isn't necessarily a good way to filter out what appr to be good requests," Turner said, "That's why (these attacks) are still such a problem."
While the recent attacks have yet to cause much damage, Turner said, they are no laughing matter.
"This kind of thing can get out of hand, and that's the problem," he said. "The downtime costs companies rl money. And there are people (In Switzerland) who couldn't pay their bills."
One interesting element in the Wikis cyberskirmish: Wikis lder Julian Assange himself has a background in computer . In 1992, he plded guilty to relatively minor -related charges in Australia and paid a fine. Later, he wrote a tool that scans the Internet for vulnerable computers, and even helped write a book titled “Underground: Tales of .”
Security resrcher Jeff Bardin, an expert in international cyberattacks, said he's not surprised the s have risen up in support of Assange, given his past.
"I bet Assange's past is leveraging his ties to the community," said Bardin, the chief security strategist at XA Systems. Wikis supports could merely feel a kinship with him, or there could be an even stronger connection, he speculated.
"I bet this was premeditated by Assange," Bardin said.
No comments:
Post a Comment