Protester 1: “Hey, there’s a riot going on downtown!”
Protester 2: “Groovy. What are they protesting?”
Protester 1: “Who cares? Let’s go break something!”
A quick recap, for you Luddites who haven’t been following the news: Last month, Wikileaks, whose mission statement is to publish sensitive and/or embarassing secret government documents, unleashed a veritable treasure trove of over 250,000 diplomatic cables from the US State Department. The USA (and other countries) cried treason and basically demanded the head of Wikileaks boss Julian Assange on a pike, even as free-speech/anti-government advocates sang his praises. Amazon.com and Paypal severed all ties with Wikileaks, followed by MasterCard and Visa freezing payment to the site. Assange was arrested (on possibly unrelated sex-based charges). Wikileaks itself suffered service disruptions, some at the hands of host providers, others from distributed denial-of-service attacks. In response, net hackers (spearheaded by the group Anonymous) countered with their own DDoS assault against MasterCard, Visa, and goverment and financial sites seen as enemies of Wikileaks and/or Assange.
It’s the DDoS counter-attacks that are raising the most eyebrows in the tech community — not because of the targets, or the rationale behind them, but by the delivery methods. Most DDoS attacks come from malware-infected “zombie machines” that are massed together to blast a target web server (see diagram above). The latest technique is for computer owners to become voluntary soldiers in a DDoS attack, running a remotely-controllable app based on the Low Orbit Ion Cannon (LOIC) software. However, installing and running LOIC is still too daunting for Joe Average Internet Surfer.
Now, a new wrinkle has emerged. Much as this year saw the introduction of a browser-based iOS jailbreaking exploit (Jailbreak.Me), there are now web-based LOIC’s that will turn any connected computing device — not just a desktop or laptop PC, but even a web-enabled smartphone — into a DDoS footsoldier. The LOIC sites let you easily customize the frequency of the attacks (useful for smartphones with data-throughput caps) and even include an insulting message (e,g, “I fart in your general direction!“)
EXTRA-LOUD WARNING: Even if you support Wikileaks and/or a similarly controversial cause to the point where you feel being part of a DDoS assault is justified — think twice before you pull the trigger. Scammers and malware sources are already glomming onto the LOIC sites as another way to wreak (non-polically-motivated) havoc on your computing device. More seriously, plenty of countries consider DDoS attacks a crime: Holland already arrested a 16-year-old WikiLeaks supporter for his part in the MasterCard and Visa disruptions.