Imperva: Anonymous Used LOIC to Attack DoJ, MPAA
Last night, Imperva sent over an email stating that it would monitor the Anonymous attacks and touch base again with some stats. The info now arrives in a blog which states that Anonymous used the Low Orbit Ion Canon (LOIC) application to DDoS websites owned by the FBI, MPAA, Department of Justice, the RIAA and more.
For those unfamiliar with LOIC, here is the application's definition, supplied by Wikipedia: "Low Orbit Ion Cannon (LOIC) is an open source network stress testing and denial-of-service attack application, written in C#. LOIC was initially developed by Praetox Technologies, but was later released into the public domain. LOIC is named after a fictitious weapon from the Command & Conquer series of video games."
"Not surprisingly, the tool they are using is exactly the same one used for Operation Payback which took place about a year ago," the security firm reports. "Operation Payback also used other DDoS tools and we’re not sure if those have been deployed, but it doesn’t seem they have."
Imperva looked at the LOIC downloads that have taken place thus far and discovered a HUGE spike in the past few days which coincides with the latest Anonymous campaign. As of 8:30AM PST on Friday, the largest number of downloaders actually reside within the United States, hovering at 17-percent. France is the second largest, followed by Brazil, Germany, Spain and the UK. 91-percent of these downloaders use a Windows-based OS to do so.
As reported Thursday night (and essentially watched it unfold), Anonymous attacked the websites of ten entities related to the SOPA and PIPA legislation, and the recent takedown on file-sharing website Megaupload. As Imperva reveals in the charts, Anonymous was relatively dormant until the news of the FBI's arrest went public. After that, all hell broke loose.
"Popular file-sharing website megaupload.com gets shutdown by U.S Justice - FBI and charged its founder with violating piracy laws," writes Anonymous in its typical Pastebin public statement. "Four Megaupload members were also arrested. We Anonymous are launching our largest attack ever on government and music industry sites. Lulz. The FBI didn't think they would get away with this did they? They should have expected us."
Along with the statement, Anonymous also released the personal information of MPAA CEO Chris Dodd, his wife, and his two children. They also provided the information for the MPAA and its ten offices spread out across the globe.
As of this writing, Anonymous is still in attack mode, its latest victim the anti-piracy.be website just an hour ago, and shop.mgm.com just two hours ago. They also seem to be performing continuous attacks against their previous targets as back-up servers bring the sites online again and again.
In related news, Gizmodo and TorrentFreak have awesome write-ups on why Megaupload was taken down. In a nutshell, they were sloppy and openly expressed their disregard to copyright holders.
Same rule applies Anonymous and skilled hackers.
This, however, isn't sound justification for any criminal charges; if they did indeed openly state how they were acting, it would simply prove evidence that they were not acting in good faith, and would lose much of the protection from the "Safe harbor" provisions of the DMCA. This would still not be viable reason to immediately take down the site; as I've seen in the law, this would require that the FBI and Justice Department achieve a ruling in their favor from the courts; this is how civil law works.
In other words, it was the (apparently fabricated) claims of criminal activity (money laundering) that allowed them to get a warrant to attempt to shutter the site themselves; that is how criminal law works. I very much don't like this: given that the Justice Department has effectively no chance of winning the criminal cases, (as I explained in a lengthy section on another article) this poses a huge chance of backfiring, as then the Justice Department is then liable for all the harm brought by the improper actions. This could likely mean that any damages MegaUpload would be liable for through their DMCA violations... Would be made up for by what the Justice Department would owe them.
That'd be just perfect: paying the MPAA and RIAA for all their claims, right out of taxpayer dollars! However indirect this may be, I just don't like the sound of that.
That is certainly a possibility. Of course, a push by some that more oppressive legislation is required itself could have a backlash... Or the backlash could simply come directly from this. It's an open question at this point, but certainly the point you raise has a lot of merit to consider... To the point that a number of more-active members of anonymous, I saw, took note of this.
That is correct; I personally liken Anonymous to less a "group" as people understand it, and more a "mob." It seems to consist of whoever wishes to decide to take part that particular day. A "mob" also fits its organization, or lack thereof.
Can someone explain to me what this accomplishes besides making the government angry and feel like they should impose stricter laws?
Can someone explain to me what this accomplishes besides making the government angry and feel like they should impose stricter laws?
the problem is the FBI and congress using fear to create more "laws" to control the people. it's less about $ but more about control.
You make no sense at all. Reading your post gives me the vibe that you're dumb. You are making the claim that megaupload was selling pirated copies of software to people. If you do not understand the stakes at this point, you are an idiot. You have no grasp of liberty, no desire for freedom. You are a sheep.
isn't this the main reason why the bible was written? you get control of the people and you have control of the world....
Same rule applies Anonymous and skilled hackers.
Anon has hackers I'm quite sure. You think they are made of people who only know how to "Launch" a LOIC? Being a "script kiddie" means using scripts someone else wrote than themselves...I find it quite humorous you stated that twice in the same sentence - awesome job! Also, why reinvent the wheel?! Since when is being a script kiddie a bad thing? I'm also quite sure that you are 100% a script kiddie yourself...
This, however, isn't sound justification for any criminal charges; if they did indeed openly state how they were acting, it would simply prove evidence that they were not acting in good faith, and would lose much of the protection from the "Safe harbor" provisions of the DMCA. This would still not be viable reason to immediately take down the site; as I've seen in the law, this would require that the FBI and Justice Department achieve a ruling in their favor from the courts; this is how civil law works.
In other words, it was the (apparently fabricated) claims of criminal activity (money laundering) that allowed them to get a warrant to attempt to shutter the site themselves; that is how criminal law works. I very much don't like this: given that the Justice Department has effectively no chance of winning the criminal cases, (as I explained in a lengthy section on another article) this poses a huge chance of backfiring, as then the Justice Department is then liable for all the harm brought by the improper actions. This could likely mean that any damages MegaUpload would be liable for through their DMCA violations... Would be made up for by what the Justice Department would owe them.
That'd be just perfect: paying the MPAA and RIAA for all their claims, right out of taxpayer dollars! However indirect this may be, I just don't like the sound of that.
That is certainly a possibility. Of course, a push by some that more oppressive legislation is required itself could have a backlash... Or the backlash could simply come directly from this. It's an open question at this point, but certainly the point you raise has a lot of merit to consider... To the point that a number of more-active members of anonymous, I saw, took note of this.
That is correct; I personally liken Anonymous to less a "group" as people understand it, and more a "mob." It seems to consist of whoever wishes to decide to take part that particular day. A "mob" also fits its organization, or lack thereof.
However such a massive DDoS is not going to go with out some kind of consequence, and it is only a matter of time before the asshats up in washington get some kind of real technical advisor and find really good ways to violate freedoms beyond SOPA/PIPA.
Doing this is feels good I imagine, however it is short sighted;
Clearly showing to me anyway that whoever leads anonymous, be it a single leader or the conglomerated democratic process of the whole bunch, is of a teenage mindset.
Spock said it best in STII: "He is intelligent, but inexperienced. His pattern shows 2 dimensional thinking"
They could be an effective rallying group, and probably gain real exposure for issues to the masses, however they are still operating in a knee jerk fashion, that shows their strength quite clearly, but unfortunately accomplishes nothing.
Because launching denial of service attacks on the DoJ's website is SO DEVASTATING. Oh wait, nobody cares.
This kind of crap just underscores how ineffective Anonymous is. DoS attacks don't do ***. It's not like they're stopping a revenue stream, pissing off customers, or even inconveniencing somebody slightly. There is literally no net change. Nobody cares.
Their tactic seems to be scream as loud as you can as long as you can, label it activism and brag about how you used well known and simple techniques to exploit vulnerabilities with tools somebody else wrote to deface a web page.
DoS isn't hacking. Defacing the DoJ's web page isn't hacking the DoJ. The only people taking these guys seriously are those who have no clout, and the media which stands to profit from the sensationalism. Anonymous has about as much chance of affecting policy change as your average crazy homeless man preaching about the end of the world and aliens, with maybe a little less credibility.
Anonymous is a joke, and a bad one at that. If they had any talent, they'd be using it. The fact that none of their targets have suffered any real hacks show that Anonymous cannot in fact perpetrate such hacks. Any kind of competent security totally shuts them down. Now that they've run out of insecure web pages, all they can do is DoS.
Congrats guys, your fifteen minutes are almost up.
Being a script kiddie IS a bad thing. Using scripts is not. A script kiddie is somebody who ONLY knows how to use others' scripts. It's not about reinventing the wheel, it's about not knowing anything about security, and being unable to do anything unless somebody hands it to you, ready made.
Hackers are to Van Gogh as script kiddies are to paint by numbers.
well, for starters they can't, but if they could that would actually have an effect, mostly actual attempts to catch them. Which would be nice. But having an effect isn't really anonymous's thing. they are more the "hey look we tore down a poster the FBI put up. Yay us!" while damaging the efforts of people who actually protested these bills.
yup, and these kids with scripts manage to bring down the government sites of the most powerful country in the world for the hundredth time.
yup, kids... with scripts.
still, I completely support them.
A website will always make money via advertising. How do you think Google does it? And their profits make Megauploads look tiny.
There is no real justification for it TBH. I had a lifetime MU account and used it to move large files around easily for work. But whats done is done.
Another strange thing, Filesonic is not allowing files to be uploaded or shared. If you have an account you can access what you have uploaded but you cannot upload anything else.