Hadn’t really posted anything here yet about the ongoing WikiLeaks saga, but like seemingly every other network security commentator in the world, I was tapped this morning for commentary on the DDoS (direct denial-of-service) attacks being launched by hacktivists in support of WikiLeaks. (And thanks for thinking of me, KCBS!)
While these types of attacks can be hard to defend against, it seems to me that many of the targets (e.g., Amazon, PayPal) are already fairly well geared-up to protect against that indirect denial-of-service attack known as the holiday shopping season.
And indeed, various outlets are reporting today that the so-called Operation Payback attacks haven’t had a huge affect on large targets like Amazon. (See, for example, the Guardian’s article, “Operation Payback fails to take down Amazon in WikiLeaks revenge attack.“)
Of course, less robust operations that have also been targeted (such as the website for Sarah Palin’s official political action committee, which seems to have gone all 404) are being affected.
None of this is really a surprise. One thing that I do find interesting is the use of so-called “voluntary botnets” as well as “traditional” botnets to carry out these attacks. This article at DigitalTrends (see “WikiLeaks supporters using volunteer and zombie botnets“) has a good description of what’s going on.
That article includes a screenshot (I clipped a bit of it here to illustrate this post) of a tool called “Low Orbit Ion Cannon” that has apparently been used in the attacks. From the looks of it, this program aims to make participating in DDoS attacks into something like playing a massively multiplayer video game.
Pretty interesting social engineering, no? Reminds me a bit of phishing campaigns we saw last year that attempted to recruit people into voluntarily installing malware to launch DDoS campaigns against websites associated with President Obama.
As I said then, regardless of one’s political leanings (or need to indulge adolescent power fantasies), voluntarily installing software like this is likely an extremely bad idea… Not just because launching such attacks is illegal, but because the software itself is likely a gateway for many other types of malware.