Oh Hai, Sarah Palin! Lots of People are Anonymous: Thoughts from Cyberia
Many websites have a function whereby commenters can post anonymously. Recently on one, someone posted as Anonymous, posting with regards to me
like that’s a bad thing. At any rate, that person is Anonymous. On some sites, anonymity is encouraged; others prefer you have some sort of screen name, even if it’s Sokpppt7137.
Then there are consciously anonymous actions undertaken under the “leaderless resistance” of Anonymous, like the person who snuck into the public restroom of a hotel ballroom, carefully unrolled the toilet paper and stuck small pieces of paper with
and other entheta URLs on every few sheets, then carefully rolled the t.p. back up again before a large anti-xenu event began.
Or the people who are protesting the actions of PayPal, MasterCard, and Visa and others against WikiLeaks and Julian Assange.
But what about when journalists mention which program/s a bunch of people are using to do a DDoS (distributed denial of service) on the above? Or the program/s a bunch of people are using to pull a DDoS on Wikileaks, Anonops.net etc? Or entertainment industry sites?
[For the record–and this will prolly make some people all butthurt–I support intellectual property/copyright law; I also firmly believe that all material in the public domain should be freely shared and distributed; I also support Fair Use. Oh and from now on I am using DDoS and its lonely sibling DoS as verbs ( DoS: Denial of service, which is like a DDoS, but from just a solo basement or couch)].
It make me wonder who isn’t A/a/nonymous, especially when a tech aide to a politician–whose PAC website was allegedly crashed in protest of said politician’s very aggressive statements against Julian Assange–tells the entire world via ABC.com what program to use to continue the peaceful, but to some un-lulzy types, really scary and/or annoying attacks:
A SarahPAC.com technical aide said that the “DOS attackers, a group loosely known as Anon_Ops, used a tool called LOIC (Lower Orbit Ion Cannon) to flood sarahpac.com. The attackers wanted us to know that they were affiliated with wikileaks.org through an obscure message in our server log file.“
The tech emailed this screenshot to show what he’s talking about.
Um, wow. Thanks for the hi-tek how-to.
There are few things here that need to be looked at, aside from Rick Astley winning MTV Europe’s Best Act Ever with 100 million votes, which should have been a clue that the internets are srs bsns. The Delphic pythoness murmers:
Time Magazine’s Person of the Year: An angel or an ass?
The people who are being lured into participating may not recognize that DDoSing is criminal under the Computer Fraud and Abuse Act. The fact that a few thousand people can bring major websites to their knees is a bit scary. There are rumors that some 4chan* members may be using botnets in the attack as well which introduces even more legal concerns.
No matter how you view it this is not a good situation. That a small number of people can hijack parts of the Internet is demonstrative of what could be done if a larger group, or someone with a lot of zombied PCs were to want to wreak havoc on more critical locations. It has been some time since large scale DDoS attacks have been in the news and hopefully it will be awhile before we see this again.
Zombie PCs! Transformers! Terminators! And Batman?!
On September 19, two and half months before Wikileaks spooged a weensy, glistening drop of their load into the Intert00bs, the Recording Industry Association of America was knocked off line for 21 hours. The Motion Picture Association of America, and BPI (British Phonographic Industry, the organization supporting the British recorded music industry; thank goodness vinyl is making a comeback, or they might feel kinda silly about that quaint vintage monicker. Or not because they’re British.) were all DDoSed (and possibly DoSed). On November 4, the United States Copyright Office was the target of denial service attacks. Remember, remember on the 5th of November.
The September 19th denials seems to have been prompted when at least one group within the entertainment industry hired their own personal army of one, epic fail guy Aiplex Software, to do a DoS whose general manager Girish Kumar yakked to the media in a report published on September 8:
What we do is we see all those links on the net. We find the hosting [computer] server and send them a copyright infringement notice because they’re not meant to have those links. If they don’t remove [the link] we send them a second notice and ask them [again] to remove it…Generally speaking 95 per cent of … providers do remove the content. It’s only the torrent sites – 20 to 25 per cent of the torrent sites – that do not have respect for any of the copyright notices. How can we put the site down? The only means that we can put the site down is [by launching a] denial-of-service [attack]. Basically we have to flood [the site] with millions and millions of requests and put the site down.
And sometimes, well–Kumar admits there’s collateral damage:
At times, we have to go an extra mile and attack the site and destroy the data to stop the movie from circulating further.
Destroy the data? Wow, that’s kinda mean. Is Aiplex so targeted that they only destroy Ferris Bueller’s Day Off? Showgirls is safe?
So, basically, Kumar got all boasty, and the internets got toasty. Pride goes before a website crash.
By the 5th of November it was even more widely available knowledge that a program called Lower Orbit Ion Cannon was involved in the website crash.
Sarah Palin’s tech aide reported the crash as a DoS, which is technically, not so-technically and exponetially a different thing (Um like, I–who frequently forgets the skills necessary to change my FB profile picture–can understand the difference, so it can’t be all that hard to grasp!). Possibly Sarah Palin’s unnamed, unknown and thus anonymous tech aide who mentioned LOIC was correct and only one bot was doing the deed. Think about it. One lone hackitivist maybe being a little disinformational?
Or maybe the aide (for ABC.com revealed the tech aide’s gender) was confused. But I can’t imagine anyone working for SarahPAC as a tech aide being unclear on the difference between the two. That’s what computer school is for.
But this brings up a rather interesting aside. There are bout 29,100 results on Google for “low orbit ion cannon” including the sublime
The news is hilarious right now I’ve never heard a news reader say “low orbit ion cannon” in serious news report before
to listings of torrent sites and other Pottersville-like places online where those so inclined ought be using proxy condoms and/or be careful. Because for the last few weeks LOIC has been on some radars. And some versions might have cyber-cooties.
Wikileaks and Anonops.net were also hit by DoS. The Jester (th3j35t3r) is claiming the scalps, which he took using something he invented called XerXeS which is actually kind of silly name because even though the Spartans went anhero into battle and were slain, XerXeS lost the war. (Video of The Jester using XerXeS ion Infosec Island currently inaccessible, but Google it. My tin foil is starting to itch)
The Jester has been promoting his DoS services for nine months, first as an anti-jihadist take down artist and now as a crusader against Wikileaks. In February, 2010 he told Infosec Island:
Regarding helping the good guys defend against such an attack[by XerXeS], I can guarantee that no bad guy has this in his arsenal yet, and no bad guy will ever get it from me. I have not been approached directly by any sec/mil/spook types, but if that happens I would be glad to help out. Preferably, they would approach me with a signed immunity from prosecution document. I am not going to just throw myself to the wolves.
During the first phase of Wikileaks getting DoS’ed last week, this interesting story popped up featuring The Jester, an alleged police raid, fake accounts and a whole lot of supah spai cloaking daggers ( ic whut u did ther?). He also talked about Wikileaks’ insurance file. That made my head hurt.
The Daily Telegraph reports that Anonymous posted a blog setting out its aims as campaiging for free speech
Hello World. We are Anonymous. What you do or do not know about us is irrelevant. We have decided to write to you, the media, and all citizens of the free world at large to inform you of the message, our intentions, potential targets, and our ongoing peaceful campaign for freedom.
The message is simple: freedom of speech. Anonymous is peacefully campaigning for freedom of speech everywhere in all forms. Freedom of speech for: the internet, for journalism and journalists, and citizens of the world at large. Regardless of what you think or have to say; Anonymous is campaigning for you.
And just now on CNN, Bearded Tech Guy told Kyra Philips that DDoS, downloading a programming is
volunteering if you will, to be part of the attack…pranksterism, protest for the modern era
Merry merry! Tis the season!
*[4Chan is a website/forum, founded by Christopher Moot Poole, who just scored a gianormous gig as a venture advisor with Leher Ventures, a rilly big deal in Cyberia. 4Chan as no “members.” 4Chan is a very big, like a virtual city, but with words and pictures, some NSFW, and you can find all sorts of things to do or fap to. Do what thou wilt. Or you can move along, nothing here to see. But lots that cannot be unseen.]