Results 1 to 7 of 7
-
21st Jan 2012, 10:48 PM #1
Anonymous tricked people into joining Web site attacks
The Web pages hosting the denial-of-service attack tools, some of which were in Spanish, redirected the visiting computer to the target site automatically, unless JavaScript was disabled, while others allowed users to specify which site to target.
(Credit: Anonymous)
If you clicked a link distributed by Anonymous yesterday, you may have unwittingly helped the online activists in their attacks against U.S. government and entertainment industry sites that were organized to protest proposed antipiracy legislation.
Anonymous has launched distributed denial-of-service attacks, designed to shut down Web sites, against government and corporate sites in the past. Typically, supporters download software called Low Orbit Ion Canon (LOIC) that directs their computer to repeatedly try to connect to a target Web site. So many digital knocks on the door, as it were, can shut a site down so no one can get in.
However, the source of the attack--the IP address for the individual computers attempting to access the site--can easily be traced when LOIC is used, putting participants at risk of prosecution. (Despite that threat, people have been downloading LOIC like mad since Wednesday, including more than 19,000 downloads in the last day, according to a blog post by security firm Imperva.)
So, Anonymous has come up with a way to allow people to participate without risking arrest. In protest of the Stop Online Piracy Act (SOPA), as well as yesterday's government takedown of file-hosting site Megaupload and the indictment of its operators, Anonymous launched DDOS attacks on more than a dozen sites and used a new tactic.
The group distributed Web links yesterday during its attacks on the Department of Justice, FBI, Universal Music and a host of other sites, that made joining the attacks as easy as clicking the mouse. The links led to Web pages with special JavaScript instructions that automatically redirected the visiting computer to a Web site being targeted for attack. The computer continues attempting to access the target site until the Web page is closed.
Another version of the tool, for people willing to participate, would direct computers to a Web page on which a visitor could type in the IP address to target and the page would automatically refresh in the background so the computer would continually try to access the target.
The tool relies on JavaScript being enabled, and given how many Web sites require JavaScript, it's likely most of the people who clicked the links were unwittingly drawn into the attacks.
It's likely that the tricky links increased the effectiveness of the attacks, which appeared to have impacted overall Internet traffic patterns, at least for a while, according to a real-time Web monitoring site operated by content delivery company Akamai. The site registered 218 attacks yesterday hours after the attacks started. Attack-related traffic was up 24 percent over normal, while general network traffic was up 14 percent.
The links were distributed on Twitter, IRC, Facebook, Tumblr, and other sites and there was no indication that they were potent. Some of the links led to sites similar to Pastebin, where Anonymous often posts its messages. Other links were obscured using Web address shorteners like Bitly.com.
"From the looks of things, this is on a scale we haven't seen before," said Graham Cluley, senior technology consultant at security company Sophos, who wrote a blog post about the tool. "We saw some Anonymous Twitter accounts gain hundreds of thousands of new fans overnight as word began to spread."
If you did happen to click one of the links, you aren't likely to get in trouble. For one, investigators might conclude that all the different IP addresses that hit the site during the attack were part of a botnet of compromised computers. And even if investigators suspected that the blasts from your IP address on the target site were conducted as part of the attack, it's unlikely that you would be singled out for a visit from the authorities, said Jennifer Granick, an attorney who has represented defendants accused of computer crimes.
"If you are an unwitting participant then technically you're not liable under the law because all criminal statutes, with some narrow exceptions, require some criminal state of mind," such as acting "knowingly" or "intentionally," she said.
"But even being part of a botnet could result in unwanted police attention anyway," Granick added. "That's probably unlikely, depending on how many computers are involved in the DDOS attack."
The situation is another story for the people distributing the attack-enabling links, however.
"If you are a distributor of malware that targets a site, you can be liable for all damage that occurs to that site as a result of the malware functioning," Granick said. "If you are distributing a program and intending to cause damage and that's what results, that is a violation under the law."
In computer crime cases, damage is usually defined broadly and includes resources needed to respond to an attack and return the system to normal, so damages can add up, she said.
Updated at 4:25 p.m. PT to clarify that the tool is based on JavaScript, which is used by many sites for functionality.
Source
Bharat Reviewed by Bharat on . Anonymous tricked people into joining Web site attacks http://asset2.cbsistatic.com/cnwk.1d/i/tim/2012/01/20/Screen_shot_2012-01-20_at_10.59.39_AM_1_610x383.png The Web pages hosting the denial-of-service attack tools, some of which were in Spanish, redirected the visiting computer to the target site automatically, unless JavaScript was disabled, while others allowed users to specify which site to target. (Credit: Anonymous) If you clicked a link distributed by Anonymous yesterday, you may have unwittingly helped the online activists Rating: 5
-
21st Jan 2012, 11:03 PM #2ψ(`∇?)ψ
-
21st Jan 2012, 11:03 PM #3MemberWebsite's:
xxxpornohd.comnow thats cool,public joined in for the attack too,many how ever knowingly obviously
left uploading long ago but still making $$ by another way :)
-
21st Jan 2012, 11:05 PM #4
-
21st Jan 2012, 11:06 PM #5MemberWebsite's:
csoffensive.com fagbag.meyea idk how someone got tricked there
but pretty cool
-
21st Jan 2012, 11:09 PM #6BannedWebsite's:
xsl.tel xsltel.comnone tricked. all those who participated were having the option to click on attack button or not. shame on the article writer tbh
-
21st Jan 2012, 11:12 PM #7
Sponsored Links
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
Is Anonymous launching its own Megaupload site?
By ShareShiz in forum News & Current EventsReplies: 27Last Post: 24th Jan 2012, 07:02 AM -
Anonymous attacks kiddieporn websites
By Daniel in forum News & Current EventsReplies: 19Last Post: 26th Oct 2011, 09:34 PM -
LulzSec publicly attacks fellow hacker group Anonymous
By ShareShiz in forum News & Current EventsReplies: 10Last Post: 17th Jun 2011, 04:30 AM -
[Selling] Tweet Attacks and Tweet Attacks Account Creator for Sale
By channing in forum Completed TransactionsReplies: 6Last Post: 14th Mar 2011, 03:16 AM -
UFC Attacks Pirate Site, Owner Defiant, Refuses To Submit
By EvilGenius in forum News & Current EventsReplies: 26Last Post: 30th Oct 2010, 02:58 PM
themaCreator - create posts from...
Version 3.20 released. Open older version (or...