tangent4ronpaul
12-13-2010, 11:16 AM
http://www.pcworld.com/businesscenter/article/213395/website_attackers_could_be_easily_traced_researche rs_say.html
researchers at the University of Twente in Enschede, Holland, say it is easy for ISPs to identify those using the tool, as it takes no measures to protect the identity of its users, according to their paper.
There are several versions of the Low Orbit Ion Cannon: one is a client application that is downloaded by a user and can be remotely controlled via an IRC (Internet Relay Chat) or be manually configured. The other is a JavaScript-based Web site.
With the client application, the targeted Web site can see the real IP (Internet Protocol) address of the computer conducting the attack, the researchers wrote. The IP address can be linked to the ISP providing the service, which can then investigate which subscriber the address corresponds too. The same condition happens when someone uses the Web-based tool.
One method used by those conducting a DDOS attack is to configure the program to use a fake IP address, but the Low Orbit Ion Cannon does not do that. DDOS attacks can also be coordinated using a botnet, or a network of machines that have been compromised. The owners of those computers are usually unaware their computers is infected and taking part in an attack.
The danger with the WikiLeaks attacks is that many of those less tech-savvy people eager to join the online campaign may be unaware that they can be traced.
[...]
The DDOS attacks, dubbed Operation: Payback, by Anonymous appear to be continuing, according to security vendor Imperva. The Low Orbit Ion Cannon has been downloaded about 67,000 times, Imperva said.
MasterCard, which stopped processing payments for WikiLeaks, was attacked again over the weekend, with statistics showing it experienced some downtime, according to Netcraft. A vast majority of security vendors are now labeling the Low Orbit Ion Cannon a threat and will block the program, Imperva said.
Imperva also said it has been monitoring some of the communication between people coordinating the attacks. Those attackers are recommending to develop a system by which people are lured to some other content, such as pornography, but by visiting the website would invisibly launch the DDOS JavaScript tool.
==========
http://www.utwente.nl/ewi/dacs/news/archive/2010/wikileaks.doc/index.html
Attacks by "Anonymous" WikiLeaks proponents not anonymous
For a number of days the websites of MasterCard, Visa, PayPal and others are attacked by a group of WikiLeaks supporters (hacktivist). Although the group calls itself "Anonymous", researchers at the DACS group of the University of Twente (UT), the Netherlands, discovered that these hacktivists are easy traceable, and therefore anything but anonymous. The LOIC (Low Orbit Ion Cannon) software, which is used by the hacktivists, was analyzed by UT researchers, who concluded that the attacks generated by this tool are relatively simple and unveil the identity of the attacker. If hacktivists use this tool directly from their own machines, instead of via anonymization networks such as Tor, the Internet address of the attacker is included in every Internet message being transmitted. In the tools no sophisticated techniques are used, such as IP-spoofing, in which the source address of others is used, or reflected attacks, in which attacks go via third party systems. The current attack technique can therefore be compared to overwhelming someone with letters, but putting your address at the back of the envelop. In addition, hacktivists may not be aware that international data retention laws require that commercial Internet providers store data regarding Internet usage for at least 6 months. This means that hacktivists can still be traced easily after the attacks are over.
A complete report about that can be downloaded from this link.
http://www.simpleweb.org/reports/loic-report.pdf
-t
researchers at the University of Twente in Enschede, Holland, say it is easy for ISPs to identify those using the tool, as it takes no measures to protect the identity of its users, according to their paper.
There are several versions of the Low Orbit Ion Cannon: one is a client application that is downloaded by a user and can be remotely controlled via an IRC (Internet Relay Chat) or be manually configured. The other is a JavaScript-based Web site.
With the client application, the targeted Web site can see the real IP (Internet Protocol) address of the computer conducting the attack, the researchers wrote. The IP address can be linked to the ISP providing the service, which can then investigate which subscriber the address corresponds too. The same condition happens when someone uses the Web-based tool.
One method used by those conducting a DDOS attack is to configure the program to use a fake IP address, but the Low Orbit Ion Cannon does not do that. DDOS attacks can also be coordinated using a botnet, or a network of machines that have been compromised. The owners of those computers are usually unaware their computers is infected and taking part in an attack.
The danger with the WikiLeaks attacks is that many of those less tech-savvy people eager to join the online campaign may be unaware that they can be traced.
[...]
The DDOS attacks, dubbed Operation: Payback, by Anonymous appear to be continuing, according to security vendor Imperva. The Low Orbit Ion Cannon has been downloaded about 67,000 times, Imperva said.
MasterCard, which stopped processing payments for WikiLeaks, was attacked again over the weekend, with statistics showing it experienced some downtime, according to Netcraft. A vast majority of security vendors are now labeling the Low Orbit Ion Cannon a threat and will block the program, Imperva said.
Imperva also said it has been monitoring some of the communication between people coordinating the attacks. Those attackers are recommending to develop a system by which people are lured to some other content, such as pornography, but by visiting the website would invisibly launch the DDOS JavaScript tool.
==========
http://www.utwente.nl/ewi/dacs/news/archive/2010/wikileaks.doc/index.html
Attacks by "Anonymous" WikiLeaks proponents not anonymous
For a number of days the websites of MasterCard, Visa, PayPal and others are attacked by a group of WikiLeaks supporters (hacktivist). Although the group calls itself "Anonymous", researchers at the DACS group of the University of Twente (UT), the Netherlands, discovered that these hacktivists are easy traceable, and therefore anything but anonymous. The LOIC (Low Orbit Ion Cannon) software, which is used by the hacktivists, was analyzed by UT researchers, who concluded that the attacks generated by this tool are relatively simple and unveil the identity of the attacker. If hacktivists use this tool directly from their own machines, instead of via anonymization networks such as Tor, the Internet address of the attacker is included in every Internet message being transmitted. In the tools no sophisticated techniques are used, such as IP-spoofing, in which the source address of others is used, or reflected attacks, in which attacks go via third party systems. The current attack technique can therefore be compared to overwhelming someone with letters, but putting your address at the back of the envelop. In addition, hacktivists may not be aware that international data retention laws require that commercial Internet providers store data regarding Internet usage for at least 6 months. This means that hacktivists can still be traced easily after the attacks are over.
A complete report about that can be downloaded from this link.
http://www.simpleweb.org/reports/loic-report.pdf
-t