Click on an Anonymous link, and you could be DDoS'ing the US government

Filed Under: Denial of Service, Featured, Law & order, Social networks, Twitter, Vulnerability

AnonymousHere's a quick summary of events:

* On Wednesday, thousands of websites participated in an "internet blackout", protesting against proposed US anti-piracy legislation.

* Yesterday, file-sharing website Megaupload was shut down, and its founders arrested.

The charge? Online piracy alleged to have cost the entertainment industry more than half a billion dollars.

* Overnight, websites belonging to the FBI, Department of Justice, RIAA, MPAA, Universal and others were struck by a distributed denial-of-service (DDoS) attack.

* The loosely-knit collective Anonymous has claimed responsibility for the attacks (which they dupped Operation Megaupload):

We Anonymous are launching our largest attack ever on government and music industry sites. Lulz. The FBI didn't think they would get away with this did they? They should have expected us.

In the past, Anonymous has encouraged supporters to install a program called LOIC (Low Orbit Ion Cannon) which allows computers to join in an attack on a particular website, blasting it with unwanted traffic.

This time, things are slightly different: you only have to click on a web link to launch a DDoS attack.

DDoS tweets

We've seen many links posted on Twitter, and no doubt elsewhere on the internet, pointing to a page on the pastehtml.com website. If you visit the webpage, and do not have JavaScript disabled, you will instantly, without user interaction, begin to flood a website of Anonymous's choice with unwanted traffic, helping to perpetuate a DDoS attack.

Section of webpage code

At the time of writing, for example, it's the Justice department website which is in their sights.

DDoS launch webpage

Don't forget, denial-of-service attacks are illegal. If you participate in such an attack you could find yourself receiving a lengthy jail sentences.

With this method, however, Anonymous might be hoping that participants could argue that they did not knowingly assist in the DDoS attack, and clicked on the link in innocence without realising what it would do.

I'm not a lawyer, so I can't tell you if that's going to be an adequate defence or not if you end up in court.

Personally I find it much easier to support users and companies blacking out their websites for a day in protest against the SOPA/PIPA legislation than launching DDoS attacks against US government websites.

, , , , , , , , , , ,

You might like

35 Responses to Click on an Anonymous link, and you could be DDoS'ing the US government

  1. gha · 1009 days ago

    Well you would conclude that, even if you did agree with anonymous.

  2. PerfectSon · 1009 days ago

    "a lengthy jail sentences."

    That's like consecutive jail sentences is it? one for using an antivirus that can't detect the script, another for having JavaScript enabled, and another for being technologically challenged? one for being my mom who clicks anything remotely interesting.......

    Completely understandable, I'll send her postcards, I wonder if I'll get the house?.

  3. ITsince81 · 1009 days ago

    Graham,

    Normally I'd be all for you in this, but you did give up Wikipedia to "noscript" very quickly Wednesday. I feel that you should have at least let the Wiki visitors ponder for a moment until they found out that it was a Javascript issue (it wasn't all that hard to find on Wikipedia - after all), and let them at least come asking: "How do I disable Javascript?"

    And THEN tell them how. Pretend it was a gNerdy crossword puzzle contest (still working on it here boss.)

    So, I'm not going to pass judgement on Anonymous or you today.
    Maybe tomorrow?

    Jon

  4. Julie · 1009 days ago

    Might be best NOT to click on most links, unless you know they are genuine.

  5. Rupert · 1009 days ago

    I accidentally quoted a line from a crappy Hollywood movie - will I be arrested for stealing now?

    • LLCJ826 · 1009 days ago

      You will if you don't send Chris Dodd a check for $100 immediately.

  6. Anon · 1009 days ago

    Personally I just think some people just don't have the balls to help Anon. In reply to your last line :)

    • Anon 2 · 1008 days ago

      Yes you committed the crime of "verbal plagarism" (spelt right? idk) lol

  7. JohnC · 1009 days ago

    Funnily enough, the only way to stop bullies is to turn on them......!

  8. WTF_der · 1009 days ago

    Eh. I'd click the link. What's the worse that's going to happen? Detainment...?

    Remember, they can already do that WITHOUT a reason when they passed the National Defense Authorization Act...... Might as well be detained and know the reason why.

  9. Open the site on a web browser and hit the refresh button several time... i guess this is not DDoS attack as you were only browsing the site.

  10. Ubikwitus · 1009 days ago

    Anonymous supportes reacted to SOPA/PIPA the sae way as anybody else - sign the petition and communicate with 'lawmakers'.

    This DDoS attack is about Megauploads, the latest in a series of 'test cases' for 'ennertainment' industry lawyers.

  11. you · 1009 days ago

    i think we should remove these ties with the american goverment

  12. me123 · 1009 days ago

    When was it illegal to click a link, i guess the SOPA bill was passed long TIME AGO , when this law was written. We are a world of links they lead to knowledge and if a misleading link causes a DDOS then the owners of the sites that get DDOS should learn not to be a target. They should be a step ahead and prepare for traffic routing. Not our fault they hire personnel that just want a job, but dont know how to do the job.

    Read Condition 7 under Megauploads terms here http://webcache.googleusercontent.com/search?sour...

    It stats
    "You agree to not use Megaupload's Service to:
    a. upload, post, e-mail, transmit or otherwise make available any Content that spreads messages of terror or depicts torture or death-gui; if serious enough, the content will be reported to the appropriate legal authority and/or the member's ISP will be contacted;
    b. harm minors in any way, this includes any form of child pornography; if serious enough, the content will be reported to the appropriate legal authority and/or the member's ISP will be contacted;
    c. upload, post, e-mail, transmit or otherwise make available any Content that infringes any patent, trademark, trade secret, copyright or other proprietary rights of any party."

    so shouldn't the 50 million visitors a day be held liable? Come arrest the world Government.

    • Diomedea · 1009 days ago

      "when was illegal to click a link?" Similarly, "when was it illegal to buy a magazine?" I think you will find that consequences and intent have something to do with it. If you knowingly get hold of illegal magazines, then you can be held accountable, so this is the same.

      Interesting article. I generally like to follow the law and am not into downloading music eithout paying for the privilege. Having said that, copyright and IP have a weak moral basis, being something that has been created and protected by law in order to encourage creation. Does it really work, though? We can decide not to legislate it if as a society we don't want it, or we can change the conditions. It is not covered by the ten commandments, for example. From a practical perspective, copyright and IP tend to create a few winners. If bands could only make money by concerts, then perhaps we would have more touring musicians, and not just the few mega-bands created by publicity machines.

  13. you · 1009 days ago

    this is not a test case this is real

  14. Charlie S · 1009 days ago

    Anonymous has declared war on the United states base don the fact that it was a cyber attack on the US govermnet

  15. Machin Shin · 1009 days ago

    Somehow I think this is just the beginning. Anonymous was nothing to laugh at before, but after this stink with SOPA you can bet that their ranks have swelled. Before this week most of this has been in the background, now more and more people are going to fight back.

    • Mustachio · 1009 days ago

      Yes because DDoS, site defacement, and minor database hacks make them so dangerous. They are gum on the bottom of shoes compared to the real threats like state actors.

      • Genima · 1005 days ago

        Tell that to Aaron Barr and the smoking wreckage of his career.

  16. Jay McHue · 1009 days ago

    Yeah, Anonymous -- like that will stop the government from doing its job and make them release Megaupload's owners and restore the site so you guys can keep downloading copyrighted music, movies and porn illegally.,

  17. yes they can take down many website by DDoS

  18. X_Treme · 1009 days ago

    Solution: Open/Un-encrypted Wifi :)

  19. Penguinista · 1009 days ago

    What if Anonymous (or loosely associated affiliate org) remove the opt-in: Use SQLi to inject the DDOS link/code into lots of popular sites, and let their users join in unwittingly...
    Who do you detain then?

    Better yet, target those annoying ad-sites. Then everyone other than the ubercool Ad-Block crowd can get a free holiday via extraordinary rendition..

    Maybe wall off New York and hold them all there...

    Who gets to wear the eye-patch?

    P.=default

  20. Christian · 1009 days ago

    Well then..i think i am f**ked i clicked these links not knowing what the hell they were..

  21. daroadrunner · 1009 days ago

    another drop in a full bucket !

  22. noewon · 1008 days ago

    With this "Trick" Anonymous, knowingly or not, gave the people that which has been used against them for years...

    Plausible Deniability.

    If it's been good for the goose...

    • myname · 1008 days ago

      now if they could just make a program to kick the feds in the balls like they have been doing to the us citizens for years !!!!!

  23. Cavious · 1008 days ago

    Here is my two cents. If you do not have a obligation to a child such as parentship or guardianship, then what the heck do you have to lose? Jail provides free meals and a bed. If you get lucky and you like this type of thing a guy named Bubba might unwrap your package. All joking aside there isnt a death penalty for this type of action. In all intents and purposes you have nothing to lose. Again if you are a parent or guardian you need to think twice before you take actions that can send that child into the system that we all seem to either hate or diapprove of.

  24. theinternetifyoucankeepit · 1008 days ago

    I've looked at the criminal liability of clicking a link in this context. You can read about whether this would be crime under the Computer Fraud and Abuse Act here: https://theinternetifyoucankeepit.wordpress.com/2...

  25. uno5co · 1008 days ago

    Hey Graham glad to hear you are not a lawyer. After all, imho, other than a license to lie what else is a lawyer? I'm not a lawyer, but have read the U. S. of A. constitution.

    After seeing plenty of people have got themselves pepper sprayed in the eyes, nose and throat for exercising the right to peacefully assembled and protest, yes I believe some consider peacefully protesting as launching attacks.

    I would recommend folks to read their constitutional rights before participating in anything and sue personally in small claims courts and/or any court to seek for remedies if any damages occur to life, liberty or property.

  26. snakes · 1006 days ago

    why you censored the links lol wtf.........

  27. Andre Carrotflower · 1005 days ago

    "Don't forget, denial-of-service attacks are illegal. If you participate in such an attack you could find yourself receiving a lengthy jail sentences.

    With this method, however, Anonymous might be hoping that participants could argue that they did not knowingly assist in the DDoS attack, and clicked on the link in innocence without realising what it would do."

    Let's not forget, also, that there's safety in numbers. The government does not even remotely have the wherewithal to clog the courts by prosecuting what will end up, no doubt, to be millions of these incidents. The worst-case scenario that I can see is that it will end up like the RIAA file-sharing lawsuits, where a few people receive draconian sentences as a warning to the others who will, by and large, never be detected and get off scot-free.

  28. thomazchamberlain · 990 days ago

    Click Hijacking, what a unique use, I've never seen that before. Nice article, thanks a lot. DDoS attacks are something I've very interested in the moment, it's what all my articles have been about so far, more concerning their simulation and defence. This article is very insightful, maybe I'll build a simulation from this! THANKS!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.