Pro-WikiLeaks cyber army gains strength; thousands join DDoS attacks
Volunteers download attack tool, organizers recruit hacker botnets, say researchers
Computerworld - The retaliatory attacks by pro-WikiLeaks activists are growing in strength as hackers add botnets and thousands of people download an open-source attack tool, security researchers said today.
In recent days, distributed denial-of-service (DDoS) attacks have been launched against several sites, including those belonging to Amazon, MasterCard, PayPal and the Swiss payment transaction firm PostFinance, after each terminated WikiLeaks accounts or pulled the plug on services.
As of Thursday, WikiLeaks had posted the full text of more than 1,200 leaked U.S. State Department cables from its trove of over 250,000 messages.
Most of those participating in the attacks are using the LOIC (Low Orbit Ion Cannon) DDoS tool, said researchers with Imperva and Sophos.
The open-source tool, which is sometimes classified as a legitimate network- and firewall-stress testing utility, is being downloaded at the rate of about 1,000 copies per hour, said Tal Be'ery, the Web research team lead at Imperva's Application Defense Center.
"Downloads have soared in the last two days," said Be'ery in an interview. As of 4 p.m. ET, more than 44,000 copies of LOIC had been downloaded from GitHub.
LOIC has become the DDoS tool of choice in the pro-WikiLeaks attacks because users can synchronize their copies with a master command-and-control server, which then coordinates and amplifies the attacks.
"If I download [LOIC] and voluntarily set the server information, the command-and-control server can control my copy of LOIC," said Be'ery. "The command-and-control server can then sync the attack, which makes it much more powerful because the DDoS attacks are occurring at the same time and hitting the same target."
Some will still want manually control LOIC, Be'ery said, calling those people "old school guys." But even then, the attacks are being coordinated.
"They're just syncing their attacks to the announcements made on Twitter and IRC (Internet Relay Chat)," Be'ery said, referring to the messages posted by several hacker groups, including Anonymous, which has been in the forefront of what's called "Operation Payback."
In a new step in the campaigns, botnets -- armies of already-compromised computers that hackers control remotely -- are now being recruited for the DDoS attacks, said Beth Jones, a senior threat researcher with Sophos. "Until now, the attacks have been done by volunteers who download LOIC," said Jones. "But now more groups are joining in with their botnets."
Be'ery said that Imperva had seen IRC chatter of at least one 100,000-PC botnet being thrown into the attacks.
"Operators of these attacks have repeatedly asked on IRC if someone can donate botnets," said Be'ery. "It looks like they feel the need for some more horsepower."
The fact that the organizers of Operation Payback are soliciting more firepower is a clue that they're not able to match the defenses erected by the sites they've targeted, said Be'ery. "They're having a bit of a problem. PayPal and others are doing good work to keep their sites alive, so they're after more machines and telling people [participating in the DDoS attacks] to do what they're told and focus on the targeted sites."
- Michaels breach exposes nearly 3M payment cards
- Teen nabbed in Heartbleed attack against Canadian tax site
- Heartbleed bug can expose private server encryption keys
- FTC can sue companies hit with data breaches, court says
- 5-year-old hacks Xbox, now he's a Microsoft 'security researcher'
- State AGs probe Experian subsidiary's data breach
- NSA sniffing prompts Yahoo to encrypt traffic between its data centers
- Banks withdraw data breach claim against Target
- Bank abandons place in class-action suit against Target, Trustwave
- Banks' suit in Target breach a 'wake-up call' for companies hiring PCI auditors
- Path Selection Infographic Path Selection Infographic
- Hyperconvergence Infographic A wide range of observers agree that data centers are now entering an era of "hyperconvergence" that will raise network traffic levels faster...
- Preparing Your Infrastructure for the Hyperconvergence Era From cloud computing and virtualization to mobility and unified communications, an array of innovative technologies is transforming today's data centers.
- How WAN Optimization Helps Enterprises Reduce Costs If you wanted to break down innovation into a tidy equation, it might go something like this: Technology + Connectivity = Productivity. Productivity...
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users? All Cybercrime and Hacking White Papers | Webcasts