Pro-WikiLeaks cyber army gains strength; thousands join DDoS attacks
Volunteers download attack tool, organizers recruit hacker botnets, say researchers
Computerworld - The retaliatory attacks by pro-WikiLeaks activists are growing in strength as hackers add botnets and thousands of people download an open-source attack tool, security researchers said today.
In recent days, distributed denial-of-service (DDoS) attacks have been launched against several sites, including those belonging to Amazon, MasterCard, PayPal and the Swiss payment transaction firm PostFinance, after each terminated WikiLeaks accounts or pulled the plug on services.
As of Thursday, WikiLeaks had posted the full text of more than 1,200 leaked U.S. State Department cables from its trove of over 250,000 messages.
Most of those participating in the attacks are using the LOIC (Low Orbit Ion Cannon) DDoS tool, said researchers with Imperva and Sophos.
The open-source tool, which is sometimes classified as a legitimate network- and firewall-stress testing utility, is being downloaded at the rate of about 1,000 copies per hour, said Tal Be'ery, the Web research team lead at Imperva's Application Defense Center.
"Downloads have soared in the last two days," said Be'ery in an interview. As of 4 p.m. ET, more than 44,000 copies of LOIC had been downloaded from GitHub.
LOIC has become the DDoS tool of choice in the pro-WikiLeaks attacks because users can synchronize their copies with a master command-and-control server, which then coordinates and amplifies the attacks.
"If I download [LOIC] and voluntarily set the server information, the command-and-control server can control my copy of LOIC," said Be'ery. "The command-and-control server can then sync the attack, which makes it much more powerful because the DDoS attacks are occurring at the same time and hitting the same target."
Some will still want manually control LOIC, Be'ery said, calling those people "old school guys." But even then, the attacks are being coordinated.
"They're just syncing their attacks to the announcements made on Twitter and IRC (Internet Relay Chat)," Be'ery said, referring to the messages posted by several hacker groups, including Anonymous, which has been in the forefront of what's called "Operation Payback."
In a new step in the campaigns, botnets -- armies of already-compromised computers that hackers control remotely -- are now being recruited for the DDoS attacks, said Beth Jones, a senior threat researcher with Sophos. "Until now, the attacks have been done by volunteers who download LOIC," said Jones. "But now more groups are joining in with their botnets."
Be'ery said that Imperva had seen IRC chatter of at least one 100,000-PC botnet being thrown into the attacks.
"Operators of these attacks have repeatedly asked on IRC if someone can donate botnets," said Be'ery. "It looks like they feel the need for some more horsepower."
The fact that the organizers of Operation Payback are soliciting more firepower is a clue that they're not able to match the defenses erected by the sites they've targeted, said Be'ery. "They're having a bit of a problem. PayPal and others are doing good work to keep their sites alive, so they're after more machines and telling people [participating in the DDoS attacks] to do what they're told and focus on the targeted sites."
- Snowden advocates at SXSW for improved data security
- Joomla receives patches for zero-day SQL injection vulnerability, other flaws
- NSA used 'European bazaar' to spy on EU citizens
- Target CIO resigns following breach
- Evan Schuman: Mobile IT Roach Motel: Data checks in, but it won't check out
- Sears finds no evidence of data breach -- yet
- Gameover malware is tougher to kill with new rootkit component
- Mobile app for RSA Conference exposes personal data
- UK man charged with hacking Federal Reserve
- Bloomberg clamps down with data-access policies after scandal
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
Red Hat Enterprise Linux - The Original Cloud Operating System
Linux adoption is growing against a number of measures, such as the
number of supercomputers that run Linux and the size of the contributing...
- OpenStack Hype vs. Reality: CIO Quick Pulse Open-source architecture can enable IT departments to build infrastructure-as-a-service (IaaS) clouds running on standard hardware.
- Building a Bridge to the Next Generation Data Center Selecting a widely adopted operating system is a foundational component of a standardization strategy.
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Cybercrime and Hacking White Papers | Webcasts