Langsung ke konten utama

Hacktivism on Display: Operation Payback and the Wikilkeaks Saga


hack
verb \ˈhak\
a : to write computer programs for enjoyment
b : to gain access to a computer illegally  

ac·tiv·ism
noun \ˈak-ti-ˌvi-zəm\
a : a doctrine or practice that emphasizes direct vigorous action especially in support of or opposition to one side of a controversial issue


hacktivism - hacking meets activism

Anonymous Logo
The Wikileaks saga has come with no shortage of drama and intrigue but it also serves as a remarkable example of hacktivism in the social networking era - when tools to organize and collaborate not only exist but are part of our everyday lives. The latest developments demonstrate just how quickly large, disparate groups can organize and with relatively simple technology do very real damage.

Background
Following the arrest earlier this week of Julian Assange, the now very public face of Wikileaks, a entity known asAnonymous, has led the charge to encourage DDoS attacks on a variety of websites. Anonymous, which originally emerged from 4chan must be considered an entity as opposed to a group because there is really no concept of membership. Anonymous is simply the banner under which like minded individuals gather in the name of a cause - in this case, to seek retribution for perceived corporate cooperation to cripple Wikileaks, a movement that has come to be known as Operation Payback.

Communications Infrastructure
The group conducting the attacks is open and so are the communication mediums. Coordination has occurred via Twitter, Facebook, the Anonymous website and IRC channels. While various sites have been taken down, new ones emerge to take their place just as quickly. IRC communication has occurred primarily on irc.anonops-irc.com within a variety of channels including #OperationPayback and #Target.

Takedowns are Futile
Various sites have been taken down and accounts suspended throughout the wikileaks saga, as corporations are forced to walk the delicate tightrope between free speech and reputational damage. However, in reality such efforts are futile as the modern SaaS/Cloud/Social Internet permits new communication channels to be setup elsewhere almost instantaneously and generally at no cost.

The initial Anon_Operation Twitter account was suspended (Google Cache), only to be quickly replaced by others such as Op_Payback and  Anon_SpecOps, which so far remain online. These accounts have served as one of the mechanisms to focus DDoS attacks on specific targets and also share ongoing information about the attacks.
Suspended Anon_Operation Twitter account
Anon_SpecOps Twitter account announcing a new attack target - later taken offline

Facebook also quickly took down a group entitled Operation Payback which supported the effort, only to see dozens more show up in it's place.

Facebook message announcing suspension of the Operation Payback page
Wikileaks itself has setup over 1,000 mirror sites to ensure that individual takedown efforts by ISPs or DNS providers will have a limited effect overall.

Attack
The DDoS attacks have leveraged a tool known as LOIC (Low Orbit Ion Cannon), a relatively simple tool designed to flood targets with TCP/UDP packets or HTTP headers. Some versions incorporate a 'hive mind' feature which allows the tool to connect to an IRC channel where the targets can be centrally managed. Throughout the attacks this week, Anonymous has been encouraging anyone willing to participate to use LOIC to flood specific targets. While other tools and attack methods may have been used in the DDoS attacks, LOIC is the one tool that the public at large is being encouraged to adopt. If indeed the successful DDoS attempts have used nothing more than a free Internet fire hose, it is a concerning indicator of overall DDoS defenses at the targeted networks.
LOIC with the Hive Mind feature
Javascript based versions of LOIC JS have also been preconfigured with attack targets and hosted online. The advantage of this approach is that the tool requires absolutely no security knowledge for someone to participate in the attacks. Rather than needing to compile/install source code, a user simply pulls up LOIC JS in their browser and fires traffic at the target with the click of a button.
LOIC JS targeting PayPal
Contributors have even modified versions of LOIC JS for mobile devices to ensure that road warriors can participate in the attacks.
Mobile version of JS LOIC

Targets
Anonymous has targeted a variety of websites, all of which are perceived to have either caved to government demands to not support Wikileaks or have spoken out against Wikileaks and Julian Assange. 

Damage
Despite the relatively unsophisticated nature of the attacks, they do appear to have been successful in at least temporarily taking sites for Visa, PayPal and Mastercard offline as can be seen in the screenshots below. Reports also indicate that DDoS attacks took down sites for Swiss bankPostFinance, the Swedish Prosecution Authority and Sarah Palin, although an attack on Amazon was unsuccessful.

Netcraft performance graph for Mastercard.com showing downtime on December 8, 2010
Netcraft performance graph for Visa.com showing downtime on December 9 & 10, 2010
downforeveryoneorjustme.com showing downtime for api.paypal.com on March 9, 2010
IRC chat discussing api.paypal.com takedown

Netcraft is maintaining a page to monitor uptime of all sites targeted by Operation Payback.

Lessons Learned

While I certainly don't condone the Anonymous attacks, it is important that we learn from them. We have seen various instances of hacktivism throughout the years, such as defacements that occurred following the mid-air collision of a US spy plane and a Chinese fighter jet or Project Chanology, an earlier Anonymous effort targeting the Church of Scientology. However, I have not previously seen a movement quite like the one that we are currently witnessing, one where literally thousands of people have come together so quickly, most with limited or no security knowledge and yet they have been able to do real damage. This has occurred in part to the nature of the story itself. It is one that has garnered a global audience, but it has also occurred because the tools to organize such an effort are now so readily available. From social networking sites to free hosting to ubiquitous broadband, the assets required are within reach of anyone with a web browser.

What should corporations and governments take away from this week's events?
  • Hacktivism is a legitimate threat to corporations and governments
  • Efforts by authorities to censor communication among hactivists is futile - it will not achieve the intended goal of halting the attacks and will more likely add fuel to the fire
  • While attacks may be relatively unsophisticated from a technical perspective, they can be successful nonetheless
They got the guns, but we got the numbers
Gonna win yeah, we're taking over.
"Five to One", The Doors
source: http://research.zscaler.com/2010/12/hacktivism-on-display-operation-payback.html
Enhanced by Zemanta

Postingan populer dari blog ini

57% Use Social Network Sites

The power of online social networking was demonstrated by the tens of thousands who gathered in Shanghai at the weekend to pay their respects to the people who died in last Monday's blaze. The event at Jiaozhou Road was launched on microblogs and information spread rapidly on the Internet , especially on social networking sites such as Kaixin001.com. According to a survey by Shanghai Daily and Touchmedia, of 110,000 people traveling in taxis in Shanghai, Beijing, Guangzhou and Shenzhen , 57 percent of interviewees use social networking sites or microblogs for more than half an hour a day, and 18 percent for more than three hours. Microblogging is the most popular form. Almost 60 percent of the interviewees said they publish information on microblogs, communicating with friends, following celebrities, expressing their opinions, sharing jokes and conducting online marketing, said the survey.

Upcoming Facebook Redesign Surface

Kerajaan Jeumpa, Kerajaan Islam Pertama Nusantara

Teori tentang kerajaan Islam pertama di Nusantara sampai saat ini masih banyak diperdebatkan oleh para peneliti, baik cendekiawan Muslim maupun non Muslim. Umumnya perbedaan pendapat tentang teori ini didasarkan pada teori awal mula masuknya Islam ke Nusantara. Mengenai teori Islamisasi di Nusantara, para ahli sejarah terbagi menjadi 3 kelompok besar, yaitu pendukung (i) Teori Gujarat (ii) Teori Parsia dan (iii) Teori Mekah (Arab). Bukan maksud tulisan ini untuk membahas teori-teori tersebut secara mendetil, namun dari penelitian yang penulis lakukan, maka dapat disimpulkan bahwa Teori Mekkah (Arab) lebih mendekati kebenaran dengan fakta-fakta yang dikemukakan. Teori Mekkah (Arab) hakikatnya adalah koreksi terhadap teori Gujarat dan bantahan terhadap teori Persia. Di antara para ahli yang menganut teori ini adalah T.W. Arnold, Crawfurd, Keijzer, Niemann, De Holander, SMN. Al-Attas, A. Hasymi, dan Hamka. i Arnold menyatakan para pedagang Arab menyebarkan Islam ketika mereka mendo...