Pro-WikiLeaks cyber army gains strength; thousands join DDoS attacks
Volunteers download attack tool, organizers recruit hacker botnets, say researchers
Computerworld - The retaliatory attacks by pro-WikiLeaks activists are growing in strength as hackers add botnets and thousands of people download an open-source attack tool, security researchers said today.
In recent days, distributed denial-of-service (DDoS) attacks have been launched against several sites, including those belonging to Amazon, MasterCard, PayPal and the Swiss payment transaction firm PostFinance, after each terminated WikiLeaks accounts or pulled the plug on services.
As of Thursday, WikiLeaks had posted the full text of more than 1,200 leaked U.S. State Department cables from its trove of over 250,000 messages.
Most of those participating in the attacks are using the LOIC (Low Orbit Ion Cannon) DDoS tool, said researchers with Imperva and Sophos.
The open-source tool, which is sometimes classified as a legitimate network- and firewall-stress testing utility, is being downloaded at the rate of about 1,000 copies per hour, said Tal Be'ery, the Web research team lead at Imperva's Application Defense Center.
"Downloads have soared in the last two days," said Be'ery in an interview. As of 4 p.m. ET, more than 44,000 copies of LOIC had been downloaded from GitHub.
LOIC has become the DDoS tool of choice in the pro-WikiLeaks attacks because users can synchronize their copies with a master command-and-control server, which then coordinates and amplifies the attacks.
"If I download [LOIC] and voluntarily set the server information, the command-and-control server can control my copy of LOIC," said Be'ery. "The command-and-control server can then sync the attack, which makes it much more powerful because the DDoS attacks are occurring at the same time and hitting the same target."
Some will still want manually control LOIC, Be'ery said, calling those people "old school guys." But even then, the attacks are being coordinated.
"They're just syncing their attacks to the announcements made on Twitter and IRC (Internet Relay Chat)," Be'ery said, referring to the messages posted by several hacker groups, including Anonymous, which has been in the forefront of what's called "Operation Payback."
In a new step in the campaigns, botnets -- armies of already-compromised computers that hackers control remotely -- are now being recruited for the DDoS attacks, said Beth Jones, a senior threat researcher with Sophos. "Until now, the attacks have been done by volunteers who download LOIC," said Jones. "But now more groups are joining in with their botnets."
Be'ery said that Imperva had seen IRC chatter of at least one 100,000-PC botnet being thrown into the attacks.
"Operators of these attacks have repeatedly asked on IRC if someone can donate botnets," said Be'ery. "It looks like they feel the need for some more horsepower."
The fact that the organizers of Operation Payback are soliciting more firepower is a clue that they're not able to match the defenses erected by the sites they've targeted, said Be'ery. "They're having a bit of a problem. PayPal and others are doing good work to keep their sites alive, so they're after more machines and telling people [participating in the DDoS attacks] to do what they're told and focus on the targeted sites."
- Hackers steal user data from the European Central Bank website, demand money
- Arrests made after international cyber-ring targets StubHub
- SQL injection flaw opens door for Wall Street Journal database hack
- Goodwill Industries probes possible payment card breach
- Aloha point-of-sale terminal, sold on eBay, yields security surprises
- The biggest data breaches of 2014 (so far)
- Blue Shield discloses 18,000 doctors' Social Security numbers
- PF Chang's says breach was 'highly sophisticated criminal operation'
- Breaches exposed 1 in 7 US debit cards in 2013
- New malware program targets banking data
- Step Out of the Bull's-Eye Learn about the evolution of targeted attacks, the latest in security intelligence, and strategic steps to keep your business safe.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily... All Cybercrime and Hacking White Papers | Webcasts