The FBI announced today that they executed more than 40 search warrants in conjunction with the UK's Metropolitan Police against participants in the DDoS'ing of WikiLeaks "enemies".
Unlike the Met Police, the FBI did not release many details as to who they may have executed the warrants against, or specifically what they were looking for. It is likely they were intending on seizing the computers used during the attacks to look for logs related to the planning and execution of the attacks.
The FBI's press release implies that the attackers created the tools to attack Mastercard, Visa and others.
I believe most attackers were using an "off the shelf" DDoS tool called LOIC which is unrelated to "Anonymous". LOIC is developed by Alexander M. Batishchev, which by definition makes him not anonymous...
Suggesting that creating a multi-purpose tool is the reason they are executing these warrants strikes a chill in me. That would be like going after Stanley Tools for making the box cutters that the 9-11 hijackers used. I hope it is an honest mistake.
While we took a lot of criticism from some readers about our warnings about the criminality of participating in DDoS attacks, the FBI clearly states that:
"The FBI also is reminding the public that facilitating or conducting a DDoS attack is illegal, punishable by up to 10 years in prison, as well as exposing participants to significant civil liability."
If you are a Sophos administrator and want to be sure your organization doesn't have a free spirit who wishes to use company assets to assist in these types of attacks you can simply block LOIC under PUAs (Potentially Unwanted Applications).
Additionally by properly configuring your client firewall not to allow outbound internet access from unknown applications you can even stop unknown and not yet invented malicious tools.
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
"The attacks were facilitated by the software tools the group *makes available* for free download on the Internet."
No implication there that the attackers created the tools, Chet.
Phil , Its clear that Sophos needs to do a bit of checking here, as the orginal tool is subverted by another programmer who claims to be part of these "pimply faced adolescent overlords"
That subverted tool is what they are flogging on the net and not the orginal "loic"
The FBI isn't a court, and as such isn't qualified to make statements about legality/illegality.
Weather a person directing their own machines for a DoS attack hasn't ever been ruled on.
So destroying other peoples property by yourself is not illegal, but cooperating in doing that is? lol.
I don't see the connection between Worblux's statement and yours. Firstly, where is the damage to someones property in a DoS attack? Secondly, he states that no-one has been prosecuted as an individual for cooperating in a DDoS attack. I think that he believes only the organisers have. I'm not sure whether that is true so am not going to comment but I will state that I don't believe that you could prosecute any one person for trying to access a website and that it would be difficult to prove that it wasn't either down to a hack or a genuine desire to access the site. Even so, there is no damage to property and it seems from this article that the sites which have been targeted are the ones of credit card companies who make a fortune from others misfortunes. To hell with them and I support any action which reduces profits to big businesses like these.
Why didn't the FBI go after the people who DDOS wikileaks? Why was there no investigation into that?
This is not comparable to massive bot networks of infected computers, it was more like a campus sit in. Every person volunteered their computer and internet to show mastercard they felt strongly about wikileaks.
Infact mastercard was still allowing donations to the KKK when they stopped payments to wikileaks.
So I think these issues need to be addressed.
because they cant go after themselves.
For explanations on why it was not DDoS (or alike) read R. Stallman's on FSF site
http://www.defectivebydesign.org/wikileaks and draw your own conclusions.
You know, all these law enforcement efforts against Anonymous could be put to a better use ferreting out the criminal scammers bilking unsuspecting internet users. Really makes you wonder !
Its called 'security theatre'. All drama, all the time.
Hopefully Anonymous will keep up the good work despite the legal shenanigans.
I am a supporter of AnonOps however I am not happy that I was hacked and my personal information was stolen.