WikiLeaks: Instead of Zombies, This Time There Are Activists

Attacks on the websites of companies such as PayPal, MasterCard, Visa and others who have refused to do business with WikiLeaks are combined in a chat room and operated by those who want to join the offensive. The more people and computers that are involved, the more chances there are for the attack to be successful.

Typically, these types of actions involve the use of infected computers, i.e. computers whose owners don’t even know their machines are being used. These computers are referred to as “zombie computers” and, in the black economy of cybercrime, the networks of zombies are leased to whomever wants to engage in cyber attacks.

In this case, the outrage that has taken place over the Internet due to attempts to stop WikiLeaks has caused a large number of people to sacrifice their computer and Internet connection to the cause of freedom of expression, something that is very sentimental in the hacker community. Figures released in the press point to about 1,500 people involved in a so-called Group Anonymous. However, the composition of the group is far from rigid.

“There have been attacks that have caught the attention of the Portuguese,” states researcher Paulo Verissimo, expert in computer security from the University of Lisbon. But this attraction seems to be coming from outside of the underworld of hackers.

According to Verissimo, the phrase “attack distributed denial of service,” commonly known by its English acronym DDOS, is “a brute force attack” consisting of sending numerous requests for access to the target website, so that the website cannot respond and is therefore inaccessible to many.

Veríssimo noted that there are already incidents with companies who did not even know their sites were attacked because they do not have resources to detect these attacks and raise a white flag. These offensive attacks, although simple, are very hard to defend.

Participating in one of these cyber-sabotages against WikiLeaks is quite easy; all you have to do is download an Internet application, which allows you to indicate the site you intend to attack, and press a button. Afterwards, while the application is running, requests are sent for access to the site. This concept is not very different from systems that employ computer volunteers to search for extraterrestrial life or to perform heavy scientific calculations.

The simplicity of implementation which causes denial of service attacks is a very common technique. It was used in 2007 in Estonia, as an offensive which was supposed to take advantage of the Russian government, or at least groups of pirates who had the support of the authorities. This technique has also been used several times with American administration websites.

The success of a DDOS “is a question of cybernetic weapons power,” adds Veríssimo. “If the number of attackers is sufficiently large, it becomes extremely difficult to combat.” Amazon, however, had sufficient power to ward off the attack, which was declared yesterday, but eventually withdrawn shortly afterwards. The online store site already receives a huge amount of visitors and infrastructure has been improved for the peak holiday season. Amazon’s capacity is so great that it sells domain space to other companies, including heavyweights such as the New York Times and the virtual world of Second Life.

Denial of service prevents access to sites, which can lead to losses in the millions for large businesses, especially for those who use the site for sales or services. On the other hand, DDOS leaves other features intact and has nothing to do with data theft. Paulo Verissimo observes that it would be possible for “sophisticated professional hackers” to do serious damage.

About this publication


Be the first to comment

Leave a Reply