MasterCard, Visa, Paypal and 4chan - The furor of WikiLeaks unleashed

Filed Under: Denial of Service, Law & order, Malware

4chan Anonymous protesterToday was certainly not a boring day in the annals of security news. Yesterday the forces of Anonymous (4chan) decided to take issue with the perceived censorship of government critics by performing DDoS (Distributed Denial of Service) attacks against entities involved in removing WikiLeaks from the internet.

The most prominent attacks by the legion of Anonymous began by targeting PayPalblog.com. Strangely, they did not attempt to take PayPal itself down, but went after the public mouthpiece of the company. Early on December 8th US Eastern time they began attacking MasterCard.com as noted by Carole Theriault.

For the most part, disrupting MasterCard.com didn't impact payment card processing. However, some MasterCard customers subscribe to a secondary form of authentication called SecureCode. This requires that you enter an additional security code when making online purchases using your credit card. The denial of service against MasterCard's web presence prevented customers using this technology from making online purchases during the attack.

After largely succeeding in the attack against MasterCard, Anonymous began to attack Visa.com. Despite 4chan's claims that they were bringing Visa to its knees, I was able to access their website throughout the attack. At the same time, Twitter began to suspend accounts related to the coordination of the attacks, such as @Anon_Operations and @AnonOperation.

As I have mentioned previously, it is against the law to participate in DDoS attacks, even if many people are angry about the coordinated efforts to shut down WikiLeaks.

The public has had its eyes opened to how easy it is for a small group of internet users to have a large impact on the functioning of major websites. Unfortunately the internet is still a growing entity and is not yet strong enough to defend itself against determined adversaries.

Don't let yourself be found in the position of US diplomats... Protect your data.

Creative Commons image of Anonymous protester courtesy of jacobdavis's Flickr photostream

, , , ,

You might like

38 Responses to MasterCard, Visa, Paypal and 4chan - The furor of WikiLeaks unleashed

  1. Anon69 · 1331 days ago

    Let the shitstorm begin!

  2. @Sophos looks like you would be next... according to anon64 post

  3. I'm beginning to hate those 4chan guys. Can't someone ddos them! They have been behind many michivious activities on the web including Wikipedia vandalism...

    • Gaz · 1331 days ago

      What does 4Chan have to do with it? Imaging board... etc...

      Anonymous is not 4Chan.

    • thatoneanon · 1331 days ago

      First and foremost, Wikipedia vandalism is doable by anyone. It's actually very unlikely that any 4chan member will do such a thing, because it is so trivial.
      4chan.org has been DDoS'd many times before, a few times very recently. However all of those times have been done by individuals who, just like the anon community, simply enjoy bringing people grief for their own amusement. All it takes is a meeting with the network provider, an explanation and investigation into what happened, and a server reset, which takes a few days at most.
      Anon fights for what they believe in. It may not be the same thing you do.

    • blif · 1331 days ago

      Perhpas, but this time they are on the right side.

      • V is for A · 1319 days ago

        Were they not right when they got that guy arrested for
        abusing his cat?

  4. tenkeist · 1331 days ago

    This protest took less than a day and had more resound.

  5. Anonfc · 1331 days ago

    How many mirror sites of Wikileaks are up?

    Paypal.com is down right now.

    If anon doesn't get bored too soon, this will be serious business.

  6. "Don't let yourself be found in the position of US diplomats... Protect your data."

    Or conversely, be trustworthy, honest and transparent so that you don't HAVE dirty laundry that you want to hide from the people who elected you to office that you claim to represent.

    ...but still protect your data

  7. Anon123 · 1331 days ago

    4chan is not Anonymous.
    Lot´s of Anons are hanging out on the *chan boards, but they are not identical!

  8. It takes a sophisticated form of intelligence to do hacking like that. How can they be that intelligent and yet fail to grasp the idea that freedom of speech is not absolute? Most of us learn in grade school that you don't yell fire in a crowded theater (unless there really is one.) Police would be unable to perform many of their investigations without secrecy, Would those Wikileak idiots go into PD files and publish the names of all their informers and undercover agents? They probably would; they just haven't thought about it yet. Would they go into governmental HR files and publish all of the data there for the whole world to see? Most people count on certain forms of secrecy in their lives, and we expect our government to maintain secrecy as well. If Wikileaks had been around during WWII, we would all be speaking German and Japanese, because those idiots would have publicized all the battle plans, all the locations of our armed forces, etc. Wikileaks and those who are, in their "minds," getting even for what happened to Wikileaks, should all be hanged, every last one of them.

    • Anon88 · 1327 days ago

      Or maybe with Wikileaks in WWII, dead camps would have been know earlier, no? Every story have two side.

      • Hmm.. or maybe the Nazis would have discovered that the Allies had broken the Enigma machine?

        I'm sure we can all find examples both for an against the leaking of secrets. What's probably more important is how companies and organisations are going to better protect sensitive data in future.

    • "Wikileaks and those who are, in their "minds," getting even for what happened to Wikileaks, should all be hanged, every last one of them."

      Glad to see that you support death for everyone who supports a cause. It really makes me want to trust you and place you in power.

      Yeah... no. I think you're overreacting quite a lot here.

    • Kygon · 1057 days ago

      You are so wrong in so many ways, DDoS attacks are not hacks, just a lot of extra traffic. The Anon group does not want to compromise sensitive government data which would let's say, reveals information which leads to getting someone killed, no. Anon wants to reveal all the immoral things about our government, random people, websites, and protect wikileaks and other "friendly" websites from unfriendly targets.

    • Neetish · 823 days ago

      If your neighbour is a serial-killer, would you "respect their privacy" and not expose them? And would you hang any other neighbour who did so? What a moronic argument. And as your first statement goes, you DO yell fire in a crowded theater if there is one. And have you seen them expose secret battle plans more than evil deeds?

  9. securitux · 1331 days ago

    I was on /b/ last night when they announced the attack at 10 or so. There's actually a lot of differing opinion on 4chan about what is going on. I'd say half the ppl on 4chan think the attacks are ridiculous.

  10. Female anon · 1331 days ago

    First off it's anon doing it NOT 4chan, anon exists within 4chan but ARE NOT 4chan itself. Please correct this if you want it to be at all factual and correct.

  11. Nick · 1331 days ago

    Carole T, one of your employees should really do her research before releasing comments to the BBC and Telegraph.

    If she did her research she would know that LOIC does not directly allow someone else to use your computer, just like windows aid from distance a few years back. It has however the option to -give- someone else acces to input data to guide you.

    As well, anonymous does not have a spokeperson or aligned to any website (like 4chan). So certain things you are claiming in your article a nonsense.

    Anonymous is a group, in the sense that a flock of birds is a group. How do you know they're a group? Because they're travelling in the same direction. At any given moment, more birds could join, leave, peel off in another direction entirely. It does not have a core.

  12. jessi slaughter · 1331 days ago

    /b/ is not 4chan, and this isn't a sad little raid like normal-- it's the first real "internet protest" that isn't for lulz but to make a point: wikileaks is clearly being made the enemy for simply revealing truth to power. whether it was illegal or not is besides the point, it was heroic (and probably blindly stupid, but whats the difference sometimes) and points to the future of what the internet could achieve for social justice. doesn't matter anyway, now the IDEA exists-- if it's not wikileaks, torrents are unstoppable. seed the data. inform the major networks. FYI: this wasn't covered *at all* on network tv news for hours and hours. surprised?

  13. Ericz · 1331 days ago

    Plus it's not only anon either, it's many other groups doing it. So saying it's only anon is wrong.

  14. ??? · 1331 days ago

    what is the point in these attacks ?

    • Gaz · 1331 days ago

      Ultimately they began when an anti-filesharing agency (A legal company) started doing denial of service attacks on file sharers... it all escalated from that.

    • Kygon · 1057 days ago

      The anon group is mad at Mastercard and Paypal because they aren't allowing donations to wikileaks, and pretty much anything wiki. Mastercard and Paypal being the common payment method it's not easy for money to be donated, therefore the wikileaks guy loses money.

  15. Dove · 1331 days ago

    So on one hand, 4chan will go all out to identify a single teen who posted a cat abuse video. Good. On the other, they will attack services like paypal & credit cards used by charitable entities, like animal rescue groups who have an ongoing commitment to combat animal abuse, and need donations to function. Not good. It needs to be understood that it isn't all about consumers buying junk: real suffering is caused to worthy causes and people as well.

    • Mrs. W · 1325 days ago

      But the only language some people understand is that of the pocketbook.

      Now, I'm not condoning what Anonymous did, but it's a complicated world. It's easy to figure out what to do when it's a single kid hurting cats. It's much harder to go after wrongs being committed in an interconnected world surgically, without causing collateral damage.

      I think it's important to take a step back and look at the situation surrounding Anonymous and Wikileaks: that we no longer trust our governments or corporations to operate in our best interests, and that whole segments of the population feel so devoiced that they no longer choose legal means of being heard.

      But this isn't a political blog, so I'll stop there.

      I just wish we knew how to better mobilize protests in the digital age. The Facebook ones over privacy failed miserably, and it's hard to tell whether the TSA ones have gotten any traction either. . .

      • "I think it's important to take a step back and look at the situation surrounding Anonymous and Wikileaks: that we no longer trust our governments or corporations to operate in our best interests, and that whole segments of the population feel so devoiced that they no longer choose legal means of being heard. "

        This. That's the primary problem. Anonymous feels they have no voice or not enough voice if they choose legal actions. So they choose illegal actions, and justify them with "the end justifies the means".

        I support them, but that's another story.

  16. Sharpies · 1331 days ago

    From what I understand, these "Anon" groups are not all the same. They are also not all from 4chan... and by saying that you are putting the blame on everyone on the internet who uses 4chan or who calls themselves anonymous.

    That is exactly what they want.

  17. Rob · 1330 days ago

    Hmmm. Trying to pay for my take-away via mastercard was coming back with errors, on two different cards, last night. (9pm GMT) A visa card worked..

  18. Anonymous Coward · 1330 days ago

    Yeah let's get some facts straight. As already mentioned above, 4chan is not the Anonymous. 4chan is an image board; that is, pretty much like your usual forum but you can attach an image to your post (or attach a post to your image, if you want to think of it that way) and you can post there without creating an account - in fact image boards don't have account systems. You may post with a name, and if you don't, the software will tag you as Anonymous, from which the group took its name. Threads are also perishable as there's a maximum amount any board section will hold at a time.

    It is true of course that there is a connection. The Anonymous first organized on 4chan's random talk board and have adopted as their symbol both the suit-wearing an without a face (or alternatively a green "no image available" head) and the mask from "V for Vendetta" movie for their public protests. They still post on 4chan to deliver their message, I guess because it is an easy way to reach a large audience - just check 4chan's Alexa rating. I myself hang out on 4chan to discuss stuff, but since I mostly confine myself to /a/, /co/ and /tg/ boards, I don't have a very clear image of the Anonymous' formation.

    tl;dr: 4chan is not the Anonymous.

  19. Perhaps the reason that Anonymous chooses illegal methods is because the legal ones do not work... have you thought of that?

    It's worth consideration, at the very least.

  20. Narutaki · 1306 days ago

    Alot of the people who browse 4chan's famous board /b/ aka random are within the age group of 13 -16. The so called hackers, are just teens who are stupid enough to follow directions on another site which they think is awesome, but in reality, is plain stupid. The founder of 4chan tried serveral times to remove this childish behavior in this so called Random board, but his own site was taken offline by the so called "Anonymous." 4chan was originally made for humor and anime otaku fans, but soon became a mess of people who got in one little fight and their mom got scared, who made them move with their auntie and uncle in bel air.

  21. SpamBuster! · 1303 days ago

    I hate the cyber-extremeists!
    Why not some one hack them?

  22. Tawrich · 1066 days ago

    Wow as if the anons from 4chan are master hackers that can ddos even the fbi website. They're just kids that think what they do is cool. They're not villains. They use stuff like: http://en.wikipedia.org/wiki/LOIC and call themselves hackers.

    • Kygon · 1057 days ago

      It looks like you just took the last 3 anon articles and threw up the comment sections in this message, DDoS attacks cannot be performed on private websites, however you can hack your way into administrative access and fuck shit up all you want.

  23. Mick A · 550 days ago

    @Tawrich - the 'anon' from my school that was a 'kid thinking what he's doing is cool' when caught by the police in someone else's house with a bag full of electronics wasn't a villain either; bless him. It would be great to see you congratulating him for 'being cool', when he's got a bag of goodies from your house, or if he's Wiki'd 'Trojan' and used it to take control of your laptop; which is sending out spam from your email address and serving porn to the world. Tch, bless those crazy kids!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.