According to reports in the Internet security community and chatter from Operation: Payback participants, denial-of-service attacks mounted against the likes of PayPal, Visa, MasterCard, and the Web site of Senator Joe Lieberman (among others) are being carried out using an interesting mechanism: a voluntary botnet. Internet users who are interested in using their computers (and Internet bandwidth) to support the cyber-activitst group Anonymous’s retaliatory DDOS attacks can download a tool (dubbed LOIC, or Low Orbit Ion Cannon) that lets Anonymous use their computer as part of their denial-of-service attacks. The tool connects to a command-and-control system (dubbed HIVEMIND), enabling Anonymous to coordinate its attacks.
The LOIC software wasn’t created specifically for the battle in support of WikiLeaks. For some time, the same group of cyber-activists have been targeting organizations that bring litigation in cases of unlicensed music and video distribution, like the Recording Industry Association of America (RIAA) and the Motion Picture Association of America (MPAA).
Participating in the voluntary botnet is likely a violation of any ISP terms of service, and could be illegal in many jurisdictions.
“Anonymous is doing what many successful campaigns have done in the past; a sit-in,” Anonymous claims to have written in a letter posted to a newly-created blog. “It may be hard to comprehend, but a digital sit-in is our most effective method to show that all of us deserve freedom of speech and a free Internet. Our methods may appear, on the outside, to be cruel to those the [sic] entities that we are campaigning against, but remember buy supporting censorship they are denying everyone a basic human right.” The group—which notes it has an ever-shifting membership and identity—has repeatedly denied any significant connection to WikiLeaks.
According to security firms like Panda Security—which has itself been subjected to DDOS attacks—as many as 3,000 computers have been participating in the voluntary botnet. However, Panda researcher San-Paul Correll has been quoted by PC World as saying Anonymous is also harnessing a more-traditional botnet—one created by spreading a worm or other malware—that numbers as many as 30,000 systems. Panda says it’s still trying to set hands on the botnet code, but says it is being spread by Windows Messenger, P2P networks, and USB sticks.
Operation: Payback has also been dealt some payback itself: Facebook took down the group’s page and Twitter suspended the groups account (another has sprung up). In addition to at least one “hacktivist” who targeted WikiLeaks with a cyber-attack (“for attempting to endanger the lives of our troops, ‘other assets’ & foreign relations”), Operation: Payback has also been subjected to DDOS attacks, apparently as retaliation for its actions. Operation: PayBack has attempted to insulate itself from attack by locating its service in Russia on “bulletproof” systems.