A distributed denial-of-service attack aimed at AT&T’s DNS (Domain Name System) servers has disrupted data traffic for some of the company’s customers.

The multi-hour attack began Wednesday morning West Coast time and at the time of this writing, eight hours later, does not appear to have been mitigated.

“Due to a distributed denial of service attack attempting to flood our Domain Name System servers in two locations, some AT&T business customers are experiencing intermittent disruptions in service,” an AT&T spokesman told IDG News Service by email. “Restoration efforts are underway and we apologize for any inconvenience to our customers.”

The attack appears to have affected enterprise customers using AT&T’s managed services DNS product.

“Our highest level of technical support personnel have been engaged and are working to mitigate the issue,” AT&T said in a message on a service status page.

But it added there is “no estimated time” for restoring the service.

DNS is responsible for converting human-friendly domain names into the numeric IP (Internet protocol) addresses that computers use to route data. When it fails, computers are unable to route data to its intended destination, even though the destination server remains online and accessible.

A distributed denial-of-service (DDoS) attack attempts to flood a server or system with so many packets of data that it becomes difficult or impossible to reach for legitimate traffic. It doesn’t necessarily stop the server from working, but the overload of data results in the system being all but unusable.

Service is returned to normal when the attack stops or when engineers find a way to absorb or deflect the nuisance traffic.

“We got our first report of problems at 6:31 a.m. Pacific time,” said Daniel Blackmon, director of software development, at Worldwide Environmental Products. The company tests vehicle emissions and has remote units deployed that report back to central servers.

“The problems mean none of the equipment we have in the field can contact our servers, and there is a limit to the amount of information they can hold offline.”

For fast DDoS protection for your e-commerce website click here.

Source: http://www.pcworld.com/businesscenter/article/260940/atandt_hit_by_ddos_attack_suffers_dns_outage.html

CHENNAI: Hacktivist group Anonymous brought down Congress party’s website on Tuesday in what it claimed to be a fight against corruption. For the first time, it rallied its followers on social networking site Twitter and asked them to participate in distributed denial of service (DDoS) attacks that rendered the homepage of All India Congress Committee website (www.aicc.org.in) unavailable for most part of Tuesday.

The group’s tweets from the twitter handle @opindia_revenge led to another page which highlighted that the target of OpRiseIndia was corrupt corporations, political parties and media. “To help us simply click on the button ‘Go to Attack Page’ (everything is set for you), and click ‘Start Attack’,” it said. The site had a disclaimer that informed people that taking part in a DDoS attack is illegal and another link provided steps to protect oneself from detection and avoid revealing the location.

“We are fighting against corruption which goes across political parties,” said a member of the group in an internet relay chat. The Congress is their first target as it is in power now, the member said. The India-arm of Anonymous has done a series of virtual sit-ins or DDoS attacks on websites of Reliance Communications, Mahanagar Telephone Nigam Limited, Internet Service Providers Association of India and All-India Trinamool Congress as part of its protest against internet censorship.

The latest attack, members said, was an effort to create awareness about corruption among people. “We have seen many scams which have come out in the open, but nobody knows what is really happening. Public is kept at dark. We don’t know which political parties are behind it,” said another member.

As for asking people to participate in the attacks, a member said the group was looking to create awareness about corruption on the internet. “We have enough people to attack these sites. We are tweeting to build more awareness,” said a member.

The group said its operation has nothing to do with Anna Hazare’s movement or any other organisation that is fighting against corruption. “This is a separate movement from Anonymous,” said a member, adding that they are not against any political party. “All political parties indulging in corruption will be our targets,” said a member.

When contacted, Vishvjit Singh, chairman of AICC’s computer department, said: “Attacks can keep coming in, hopefully we’ll be able to handle them.”

For fast DDoS protection against your website click here.

Source: http://articles.timesofindia.indiatimes.com/2012-08-01/chennai/32980448_1_political-parties-corruption-hacktivist-group-anonymous

 

Security firm Radware claims to have spotted evidence online that suggests hactivist group Anonymous is gearing up to target denial-of-service attacks on the websites of British companies BT and GlaxoSmithKline during the Olympics, and maybe do much more.

The Radware Emergency Response Team has identified postings on Pastebin that suggest that Anonymous intends to attack London-based global network-services provider BT and pharmaceuticals and healthcare provider company GlaxoSmithKline (GSK). Both companies happen to have roles to play associated with the London-based Olympics — GSK is providing drug-testing and associated medical input, while BT is supporting numerous Olympics-related projects. Radware says its evidence is information posted by someone claiming to be tied to the shadowy group Anonymous.

Anonymous uses a few tools to attack its targets, and one of them is the High Orbit Ion Cannon (HOIC), a weapon that’s been out for about six months, says Carl Herberger, vice president of security solutions at Radware. He says there’s now attack information contained in what’s called a “HOIC booster” posted online and advertised as coming from Anonymous to attack both BT and GSK. He acknowledges, though, this “could be anybody.”

The HOIC tool provides you with the ability to use scripted code, Herberger says, noting it allows for opening up many connections from a single machine, and hence represents a more powerful attack tool from the older, known “Low Orbit Ion Cannon” attack tools, which couldn’t do this. The HOIC booster information that’s posted essentially represents something along the lines of “ordnance” that can be loaded into the HOIC to hit a target.

While the Pastebin information related to HOIC may in the end may be of no consequence, Herberger says there were a series of attacks on sites in India in the past in which this type of information was posted in advance, and the attacks did occur. Radware is putting out this information in what it regards as an advanced warning to help companies prepare.

For fast DDoS protection click here.

Source: http://www.networkworld.com/news/2012/073012-anonymous-bt-gsk-261281.html

Next week is Black Hat — perhaps the world’s most significant and influential annual hacking conference. It’s an event that draws in the best and brightest (and sometimes, the borderline legal) hackers from around the world to show off the latest threats to our phones, laptops, PCs, Macs, tablets — and literally anything else with a digital heartbeat.

While it may not be as well-known as other ‘geek’ cons like CES or Comic-Con, what happens at Black Hat will eventually impact every consumer, business executive and government official in the U.S. In the last few years, the potential risks from hackers have reached epic proportions — from doomsday ‘worms’ that can physically destruct nuclear plants to ‘botnets’ that enslave millions of home PCs each year, leading to millions of dollars in credit card theft and other financial identity crimes.

Back in 1997, when Black Hat was founded, the average person could be excused for not paying attention to what was happening in the hacker underground. But today, when all of us depend on the Internet and technology devices to bank, buy, work and live, and the groups attacking us have evolved dramatically (Russian cyber crime gangs, Anonymous and other hacktivists, Chinese government sponsored hackers, etc.), there is simply no excuse to remain uninformed.

It’s time for everyone to learn about hacking threats.

But one of the first hurdles most people face is the language. What’s ‘smishing?’ or ‘0-days?’ or ‘clickjacking?’

The first step is to learn how to speak hacker — then the concepts really aren’t that hard to understand, and it’s possible to keep up with the latest threats and protect yourself.

Here is a simple hacker-decoder:

Virus, Worm, Trojan, Malware — What’s the Difference?

When news reports come out about a new computer threat, they often call it a ‘virus.’ But much of the time, that isn’t correct. In fact, most of the computer infections we see today aren’t viruses at all — viruses are somewhat ‘old school’ in the hacking world. It’s important to understand that there are several different types of infections that can target you — knowing the difference between them can better help you to stay safe.

A ‘virus’ is the oldest type of computer infection. It is a malicious computer program that is often hidden inside a seemingly legitimate email attachment. The good thing about a virus is that it can’t work unless the victim interacts with the file it’s in — either by clicking or downloading it. Once inside a computer, it will try to reproduce itself and infect other parts of the computer or network.

A ‘worm’ is different than a virus: it doesn’t require user interaction, so even if you don’t click on an infected file, the worm can still infect your computer. Worms are designed to spread, and spread fast — once they’re in, they typically try to install a ‘backdoor’ in the computer or cause it to shut down.

A ‘Trojan’ is another infection that was named after the Trojan horse in the Odyssey. It looks like something you want, but conceals an attack. Trojans are often hidden in file attachments, like Word docs, Excel, PDF, even a computer game. Once a computer is infected, a Trojan gives the hacker remote access to your computer — this lets him spy on your online activities, capture email and account passwords.

And ‘malware’ refers to it all — viruses, worms, Trojans, and other nasty things like adware, spyware and rootkits. So if you want to use a general term for a computer infection, malware is technically correct instead of virus.

Types of Hackers

There are three types of hackers: the ‘white hat,’ ‘black hat,’ and ‘gray hat.’

The white hat is the good guy — he or she is a professional in the security field who hacks products, services and companies, with their permission, in order to figure out how to better protect them. White hats are also called ‘ethical hackers,’ ‘penetration testers’ or ‘offensive security’ professionals. A black hat is someone who breaks into a computer network with malicious intent. A gray hat is one who bounces between good and evil in his or her hacking prowess — think of him as Luke from Star Wars: he wants to be with the force, but Darth Vader keeps calling him to the dark side.

Common Attacks

So how do hackers get all this bad stuff onto our computers? Here are the most common types of attacks they use to infect us with viruses, worms, Trojans and other malware:

Phishing

Ever get a fake email claiming to be from a bank or a Nigerian prince? This is phishing. It’s a fake email that often appears to be from a legitimate source, like the IRS, a bank, a former employer, friend, etc. The goal of the email is to get you to click or download something that will infect your computer; or trick you into giving up information, like your Social Security Number. When a phishing email appears to come from a real email (like IRS.gov, or the actual email of an old friend), that’s called ‘spoofing.’ Phishing isn’t only done via email — today, it’s also sent via text message (‘smishing’) and social networks like Facebook. Most of the time, phishers send out these fake emails to hundreds or thousands of people, and they’re easy to spot — but sometimes, they go after one person in particular and use personal information gathered from Facebook or other social networks to make it seem like they know you. This is called ‘spear-phishing.’

Social Engineering

This is the old-fashioned con game. It refers to a criminal who’s able to trick or persuade a person to do something they shouldn’t — like give a network password to a person claiming to be from the IT department; or granting a person supposedly from ‘Microsoft’s security team’ permission to remote access a computer they claim is infected. Social engineering is often done in a phone call, but it can also be done in person, via email or social networks.

Internet-based Attacks

Most people tend to think that they won’t get infected unless they open a virus-laden attachment in an email. But the truth is, you can get infected just by going on Facebook or visiting the New York Times website. Hackers today can target people directly through the Internet browser (Internet Explorer, Firefox, Chrome, Safari), even if the browser is fully patched and up to date. How does it work? Hackers write special programs which they insert into websites — it could be a sketchy website, legitimate website, social network site, blog, forum, comment feed, etc. On some of these sites, the website itself is infected — think of a blog or questionable website, such as pornography. Once you visit the website, it hits you with a ‘cross-site scripting’ (or XSS) attack which will then try to steal any cookies or passwords saved in your browser. This allows the hacker to gain access to your accounts. Another attack that is similar to XSS is ‘clickjacking.’ The difference, however, is that the website itself isn’t infected — instead the hack attack is hidden inside something such as a ‘Like’ button in a Facebook message chain or the play button on a movie. When the user clicks on that button, she is ‘clickjacked,’ because the hidden program is what is actually activated. Another trick hackers use is the ‘drive-by download.’ These are most common with pop-up ads, anti-virus warnings or even an email. The computer is infected when you click to cancel the pop-up or click ‘accept’ or ‘deny’ on the anti-virus ads. With emails, a drive-by download can happen just by viewing the message. Sometimes legitimate-looking ads on legitimate websites can launch a drive-by attack. When this happens, it’s called ‘malvertising.’

Wi-Fi Attack

In the majority of cases, when you log on to a public Wi-Fi hotspot — at Starbucks, the airport, hotel or even a municipal hotspot — your computer is at risk of a ‘man-in-the-middle’ attack (or ‘MITM’). This is an attack in which the hacker sits between you and the Internet, essentially. Because the network is open to anyone, he can use special tools to find other people who are using the same network — and then intercept their computer’s signal. This allows him to see everything you do, in real time. He can steal passwords and even force your computer to go to a bad site without your knowledge.

Real-Life Zombies

Everyone should know what a ‘botnet’ is, because there’s a one in four chance your home PC is already part of one. A botnet is a collection of ‘zombie computers’ — these are computers that have been infected with worms or Trojans and allow a hacker to remotely control them. They’re called zombies because they’re now a slave to this hacker. When a hacker controls a lot of zombies, i.e., a botnet, he can then sell them to other cyber criminals who want to steal personal identities, or he can rent them out to hackers who want to attack another computer network — like Anonymous’ attacks on the CIA, Visa and others. When hackers use botnets to shutdown another computer, it’s called a ‘denial-of-service’ (DoS) or ‘distributed-denial-of-service’ (DDoS) attack. A DoS or DDoS basically involves using all of these computers — typically in the thousands — to flood another computer with so many data requests that the computer network crashes. The FBI is now targeting botnets and will shut them down — which can disable your Internet access if it’s part of one.

For protection against DDoS click here.

Hacker Tools

Hackers favor a few different types of computer tools in order to launch their attacks. It’s helpful to know what they are:

‘Zero-day,’ or ‘0-day’

This is a flaw in a software program or an actual device that doesn’t yet have a fix. In many cases, the company (like Microsoft, Apple, Firefox, etc.) doesn’t even know the flaw exists. Events like Black Hat are a great way to make companies aware that they have flaws. For consumers, there’s nothing you can to avoid a 0-day attack — except to not use the product, pray, or both.

‘Crimeware’

Hacking is a multi-billion dollar industry these days, and it’s grown so sophisticated that skilled hackers will actually sell hacking programs to other criminals. This is called crimeware — any type of malicious program that is sold on the black market. A good example is phishing email — those fake IRS emails that look like they really came from the IRS? Yep, that’s crimeware.

‘Carding’

Hackers also go to special underground forums known as ‘carding’ sites to swap, sell and buy other people’s credit card information. Most of these credit cards were previously stolen through Trojans and keyloggers.

TOR

This is a popular program that lets you become anonymous on the Web. Ever see a crime movie where the FBI can’t trace the call? TOR is like that for the Web — it hides your IP address (think of this as a computer’s phone number) so no one can tell who is visiting a certain website or launching an attack. It’s like calling from someone else’s phone, a hundred times over.

‘Sniffer’

A tool hackers use to ‘sniff’ or intercept Internet or Web traffic, for instance, on a public Wi-Fi hotspot. One of the most notorious ‘sniffers’ is Firesheep.

‘Fuzzer’

‘Fuzzing’ is a tactic hackers use to figure out where a Web application is vulnerable. The fuzzer will bombard the computer program with bizarre or random computer requests that will eventually cause the program or computer to make a mistake or crash — and that tips off the hacker as to where it is weak.

Hacker Insults

It also helps to know some of the derogatory terms that are often used online.

‘Noob,’ or ‘n00b’

A newbie, someone who’s an amateur or uninformed. If you’re reading this article, you’re a n00b.

‘Script Kiddie’

If you’re a ‘script kiddie,’ you’re a poser, essentially. A script kiddie is someone who isn’t very skilled at hacking, but thinks they are – or tries to pretend they are. It’s a step above a n00b.

‘Owned,’ ‘Pwned’

Getting owned or ‘pwned’ (pronounced: pOWNed) basically means getting hacked. It can also refer to having your computer ‘backdoored’ by a Trojan or worm, or simply losing an argument in an online forum.

‘Doxed’

You definitely don’t want to get ‘doxed.’ This is what hacktivist groups like Anonymous made famous in 2010, 2011. Doxing is when you gather sensitive, personally revealing information about someone — it could be there true identity, where they live, family, personal emails, etc. What can follow doxing is a ‘dump.’ That’s when all that sensitive or embarrassing information is posted online, such as Pastebin.com.

Computer technology and hacking isn’t as complicated as many think. By understanding the basics, you can learn how to protect yourself online.

Source: http://www.huffingtonpost.com/michael-gregg/how-to-speak-hacker_b_1690465.html

I. INTRODUCTION

Previous characterizations of activist DDOS campaigns have traditionally fallen into one of two camps: those that unilaterally condemn activist DDOS campaigns as bullying and censorship, and those that align such actions with IRL sit ins.  Both these characterizations, however, cannot be applied to the entire landscape of activist DDOS campaigns as a whole. Rather, each campaign must be examined individually before a judgement can be made regarding its validity as a protest action.  DDOS as a tool cannot be wholly condemn or lauded without its surrounding context.

In this talk, I’ll be examining those previous characterizations, and at different DDOS campaigns that do and do not fit those models.  Next I’ll be outlining the current state of play of activist DDOS.  Finally I’ll be presenting a new analytical model for looking at activist DDOS campaigns, and presenting an analysis of the December 2010 Operation PayBack DDOS campaign against PayPal.  Also, to reward all you find people for coming out so late for this talk, there will be lots of pictures of cats.

II. PREVIOUS CHARACTERIZATIONS

A. CENSORSHIP

The “censorship” characterization of activist DDOS as espoused by folks like Oxblood Ruffin from the Cult of the Dead Cow and others, claims that DDOS is equivalent to “shouting down” an opponent in a public forum, and that DDOS attacks deny individuals and organizations their rights to free speech.  In some but not all cases, this is a valid criticism, but before such a characterization can be made, we need to look at the motivation and intended effect of an action, the actual effects of the action and the technology used.

In July of 1997, a large scale DDOS attack was launched against the Institute for Global Communications (IGC), a non-profit internet service provider. The number of participants and the original organizers of the campaign are not known.

The attack was part of a wide spread public campaign to pressure the ISP to remove the website of the Basque publication Euskal Herria Journal, which was thought to have ties to the militant group, ETA.

The campaign was a combination of mailbombing and network-based DDOS attacks.  This was a populist-minded action; at one point, the major Spanish newspaper El Pais threw its support behind the mailbombing campaign and published target email addresses for the IGC in its digital edition, though it later retracted its support and removed the addresses from its website.

The IGC’s servers were knocked offline, rendering inaccessible the websites and email of over 13,000 subscribers.  While the IGC did eventually remove the Euskal Herria Journal‘s content from its servers, it replaced it with a statement decrying what it saw as vigilante censorship on the internet, and was supported in its arguments by groups like NetAction, Computer Professionals for Social Responsibility, and the Association for Progressive Communications.

The goal of the IGC action was to force IGC to remove the Euskal Herria Journal‘s website from its servers.  This was an objection to content being available on the internet. For as long as it was successfully running, the DDOS attack rendered that content unavailable to the internet.  So in actual effect, the IGC action was not so much a protest so much as it was the will of one group being forced on another.  “If you don’t take it down, we’ll take it down for you.”  No public debate was sought, and most of the publicity associated with the campaign revolved around recruiting participants, not articulating grievances.  The goal of the DDOS action was a permanent imposition of its immediate effects.  While DDOS actions are often condemned for being as good as censorship, the goal of the IGC action was censorship, and in the end, the condemnation it suffered was as much for its goal as for its tactics.  However, where the “censorship” condemnation falls short is in its assigning equal value to any potential target on the web.  The IGC attack targeted politically vulnerable speech online, and obliterated the Euskal Herria Journal‘s ability to reach its audience and crippled the IGC’s ability to perform its professional function.  However, targeting the website of a large corporation or government agency often has little effect on the actual operations of that entity or its ability to communicate with the public through media appearances and press releases. It would be absurd to declare an ethical equivalency between seeking to silence content  entirely, which is reprehensible, and the relative inconvenience suffered by large corporations whose online posters have briefly been torn down (to paraphrase XKCD).

B. ELECTRONIC SIT IN

The “electronic sit in” characterization was first clearly articulated by the Critical Art Ensemble, a performance art/activism collective in their essay “Electronic Civil Disobedience.”  There, they drew an equality between the monopolization of resources that takes place during an IRL sit-in, and the monopolization of resources which occurs on the technological level during a DDOS campaign.  This characterization draws heavily on the history of sit-ins in social movements for much of its validity.

In 2001, the Electronic Disturbance Theater, a spin-off of the Critical Art Ensemble, launched a campaign called the “Deportation Class Action.” Estimates put the number of participants at around 13,000, recruited primarily through activist and performance art mailing lists and websites.

The goal of the action was to draw public attention to the the German government’s use of the airline’s flights to deport immigrants, and through that public pressure change Lufthansa’s behavior as a corporation.  The online action was powered by FloodNet, a brower-based DDOS tool developed by the EDT in 1998.  The tool allowed users to participate in pre-planned DDOS campaigns, but required that users take the positive steps of navigating to the FloodNet page and choosing to participate in the action.  The FloodNet action was augmented by press releases and protests at Lufthansa stockholder meetings.

The action did result in some downtime for the Lufthansa homepage.  Shortly after the action, Lufthansa stopped allowing the German government to use its flights to deport immigrants.

The Lufthansa action resulted in the arrest and trial of Andreas-Thomas Vogel, who had run a website, libertad.de, which posted a call to action for the Lufthansa protest.  A lower court in Frankfurt initially found Vogel guilty of using force against Lufthansa, based on the economic losses the airline had suffered during the campaign.  Upon appeal, however, a higher court overturned the verdict, finding, “…the online demonstration did not constitute a show of force but was intended to influence public opinion.”

The stated goal of the Lufthansa action was to draw public attention to a specific aspect of the airline’s business, and through that attention change its behavior.  Though the DDOS attack took place on the internet, the effect it sought to have was not limited, was not even present, in the online realm.  It is important to note that, in and of itself, the DDOS attack could not have achieved what the EDT and Vogel set out to accomplish.  They set out to change the behavior of a corporation.  It took positive action on the part of Lufthansa for that to happen.  It could not be accomplished by fiat by activists on the outside.  One of the benefits of the “electronic sit in” characterization is that it references a tactic with a very visible history: most people already know what a sit-in looks like.  The comparison holds up provided the technology used remains heavily reliant on individual agency, with participants either using manual DDOS tools like FloodNet or participate in strictly voluntary botnets.  The use of sophisticated traffic multipliers, exploits or non-voluntary botnets complicates the situation enormously, and can make the use of this characterization seem overly simplistic and self-congratulatory.

III. CURRENT STATE OF THE TACTIC

A. IMPACTS AND LEVERS

The primary goals of many popular DDOS campaigns, or those which actively seek the participation of large numbers of people, are to direct media coverage, and to impact the identity of those participating in the action.  Like the Lufthansa campaign, these actions ultimately seek societal and policy changes that cannot be achieved simply by taking down a website.  Rather, the goal is to attract significant attention to a set of issues, and to cultivate a population that considers themselves activists, and who can be called on to participate in future actions.

B. TECHNOLOGICAL CHALLENGES

It is much more difficult now than it was in 1997 or 2001 to bring down a corporate site through the power of individual activists alone.  Traffic multipliers and non-volunteer botnets can give all-volunteer efforts the boost needed to bring down a large site, but those tactics have the potential to delegitimize activist DDOS in the eyes of the media, policy makers, and participants.

C. ORGANIZER/PARTICIPANT POOL

The Electronic Disturbance Theater primarily spread word of its actions via activism and performance art centered email lists and message boards.  As a result, their participants were, more often than not, experienced activists well versed in the practices and risks of on-the-streets activism.  While they may have had an incomplete understand on the online space they were moving to, it is safe to assume that they had an understanding of the legal risks often associated with acts of civil disobedience.  As the Electronic Disturbance Theater was primarily engaged in drawing an explicit linkage between traditional forms of civil disobedience and digital actions like DDOS attacks, they were also aware, by association, of the illegal nature of the acts they were undertaking and the risks they were exposed to.

This has not necessarily been the case with more recent DDOS campaigns.  Activism-minded individuals have come onto the scene with little activism experience, either IRL or digital.  Their tactics are often innovative and interesting, but they lacked a core awareness of the basic risks they are exposing themselves to.  The media attention attracted by these actions attracts more neophytes to the cause, which is great for expanding the active population, but puts more pressure on those in leadership positions to educate newcomers.  The relative ease with which individuals can become involved, in a piecemeal fashion, with different campaigns also leads to high turnover in the active population, which makes things difficult for a political culture which is trying to establish its own internal norms and modes, as well as its legitimacy to outsiders.

D. LEGAL STATUS

Just in case there is any doubt, as of this talk, DDOS attacks remain illegal in most jurisdictions, including the United States, where it is a felony.  Participating in one remains a high risk activity, unlike many other activities associated with IRL activism, including street marches and sit-in.  The onus to educate inexperienced participants about these risks falls to the organizers, as does the ethical quandary of whether or not these types of actions are, at this time, worth the legal risk.

E. DEFINITION OF SUCCESS

Finally, there are shifting views as to what constitutes a “successful” DDOS campaign.  Many activists are moving away from a strict binary “website up/website down” conception of success to more nuanced views, like number of participants, number of participants who stick around for other campaigns or levels of media coverage.

IV. NEW ANALYTICAL MODEL

So in order to take into account both the new developments in activist DDOS campaigns and to allow for an accurate analysis of the use of the tactic, I propose an analytical model. Rather than reacting based on an objection to DDOSes as a whole or comparisons to already existing activist tactic, this model looks at the motivations behind a campaign, its intended effects, its actual effects, and the technologies used before coming to a conclusion on the legitimacy of an activist action.

Using this model we can look at Anonymous’s December 2010 Operation PayBack DDOS campaign against PayPal and other sites in the same way that we looked at the campaigns analyzed earlier.

While Operation PayBack began as an opposition to the MPAA and other copyright organizations, December 6, 2010 marked the beginning of the second stage, sometimes known as Operation Avenge Assange.  These attacks were powered by the LOIC DDOS tool, volunteer botnets running through the LOIC Fucking Hivemind mode, and non-volunteer botnets.

This stage of the campaign targeted organizations and individuals Anonymous believe were acting against the interests of Wikileaks, either by cutting off its channels of financial support, refusing to provide hosting to the website and its domain name, or by speaking out against the organization publicly.  The overall  goal was the draw attention to the ongoing banking blockade against Wikileaks, and to force media coverage of the issue.  Over the course of four days, Anonymous would launch DDOS attacks against the websites of the Swedish Prosecution Authority, EveryDNS, Senator Joseph Lieberman, MasterCard, two Swedish politicians, Visa, PayPal, and Amazon.com, forcing many of the sites to experience at least some amount of downtime.

The campaign led to massive amounts of media coverage, mostly of Anonymous itself, but also of the banking blockade and various other grievances publicized in Anonymous press releases and calls to action.  It brought extraordinary public attention to Anonymous, and with that many new participants.  It also led to the arrest of over a dozen participants in the United States, who were charged with felony violations of the Computer Fraud and Abuse act, with more individuals being arrested internationally.  Others had their homes raided by the FBI and their possessions seized.

The December DDOS attacks of Operation Payback bear a far closer resemblance to the Electronic Disturbance Theater’s 2001 Lufthansa action than they do to the IGC attacks of 1997.  Though the diffuse, unorganized, and leaderless Anons bear a much closer resemblance to the participant population of the IGC attacks, made up as it was of individuals recruited through enthusiastic media coverage, disparate people coming together for a moment around one emotional issue, the motivation and actual effects of Operation Payback are far more akin to the Electronic Disturbance Theater’s push for popular attention and policy change.  A primary goal of Operation Avenge Assange was to bring widespread attention to the plight of Wikileaks, and in that it succeeded.  A secondary goal was to cause financial damage and embarrassment to the corporations targeted, but as stated above, bringing down a corporate webpage does not restrict that corporation’s ability to function.  Rather, the corporations targeted by Anonymous had caused more harm to Wikileak’s ability to function by unilaterally cutting off its means of financial support and refusing to host it.  These actions in and of themselves constitute “denial of service” attacks in the most basic sense of the term.  The use of non-volunteer botnets to achieve downtime in the targeted servers in troubling, as is the lack of success in educating participants on the legal risks they were taking.  I feel that neither of these facts are troubling enough to completely delegitimize Operation PayBack as a reasonable act of civil protest, but they are mistakes that need to be learned from for future actions.

V. CONCLUSIONS

In conclusion, there are uses of DDOS that are more appropriate and acceptable in an activist context than others.  Not every DDOS attack that claims the activist label does so appropriately.  It is also possible to say that though the technological effects of one DDOS attack may be indistinguishable from another, the actual effects differ widely based on the circumstances and contexts of a given action.  Paradoxically, an attack on the homepage of a large corporation may draw a large amount of media attention, but have little immediate effect on the corporation itself, while an attack on a smaller, internet based organization may completely wipe it out while attracting no attention or criticism at all.

What may be considered censorship in one instance can be reasonably considered to not be censorship in another, though the technological facts remain the same.  When attempting to determine the validity of an activist DDOS action, or any contentious computer action, it is vital that we not privilege technological facts over the motivations and stated goals of the participants and the actual effects of the action.  To do so would ignore the fact that identical technological states can be arrived at under vastly differing circumstances, and ultimately devalues human agency in our dealings with technology.

Source: http://oddletters.com/2012/07/15/hope9-talk-activist-ddos-when-similes-and-metaphors-fail/