Today was certainly not a boring day in the annals of security news. Yesterday the forces of Anonymous (4chan) decided to take issue with the perceived censorship of government critics by performing DDoS (Distributed Denial of Service) attacks against entities involved in removing WikiLeaks from the internet.
The most prominent attacks by the legion of Anonymous began by targeting PayPalblog.com. Strangely, they did not attempt to take PayPal itself down, but went after the public mouthpiece of the company. Early on December 8th US Eastern time they began attacking MasterCard.com as noted by Carole Theriault.
For the most part, disrupting MasterCard.com didn’t impact payment card processing. However, some MasterCard customers subscribe to a secondary form of authentication called SecureCode. This requires that you enter an additional security code when making online purchases using your credit card. The denial of service against MasterCard’s web presence prevented customers using this technology from making online purchases during the attack.
After largely succeeding in the attack against MasterCard, Anonymous began to attack Visa.com. Despite 4chan’s claims that they were bringing Visa to its knees, I was able to access their website throughout the attack. At the same time, Twitter began to suspend accounts related to the coordination of the attacks, such as @Anon_Operations and @AnonOperation.
As I have mentioned previously, it is against the law to participate in DDoS attacks, even if many people are angry about the coordinated efforts to shut down WikiLeaks.
The public has had its eyes opened to how easy it is for a small group of internet users to have a large impact on the functioning of major websites. Unfortunately the internet is still a growing entity and is not yet strong enough to defend itself against determined adversaries.
Don’t let yourself be found in the position of US diplomats… Protect your data.
Creative Commons image of Anonymous protester courtesy of jacobdavis’s Flickr photostream