Sophos Cloud Optix
Police in the Netherlands have arrested a second teenager in relation to the pro-WikiLeaks distributed denial-of-service attacks seen earlier this week.
The arrest of the 19-year-old man follows Friday’s attacks on websites belonging to Dutch Police and national prosecutor’s office, which were themselves widely seen as retaliation against the apprehension the day before of a 16-year-old Dutch boy alleged to have participated in “Anonymous” pro-WikiLeaks attacks against a number of websites, including MasterCard and PayPal.
Prosecutors claim that the 19-year-old, from Hoogezand-Sappemeer, in the north east of the Netherlands, flooded the prosecutor’s website with internet traffic:
"From behind his computer, the man used hacker software to flood the website of the prosecutor’s office with as much digital traffic as possible. Investigations by the National Police Services Agency showed that the man, who was active under the internet nickname Awinee, urged other internet users to participate in the attack."
However, it is reported that the DDoS attack software being used did not hide the IP address of the computer involved, making it easy for high-tech crime cops to identify where the attack was coming from.
That’s a pretty silly mistake to make if you’re going to attack the website of your country’s national prosecutor.
Who is “Awinee”? Well, a quick search on Google found a gaming website of a guy who lives in Hoogezand-Sappemeer, is 19 years old, and uses the online nickname “Awinee”, going by the real name of Martijn Gonlag:
Of course, that may just be coincidence. Wikipedia says 34,000 people live in the Hoogezand-Sappemeer municipality, and maybe plenty of the 19-year-olds there use that online nickname.
Denial-of-service attacks are illegal in many countries, and in The Netherlands can result in a maximum sentence of six years in jail.
Prosecutors claim that the man also participated in a DDoS attack against the website Moneybookers.com, which took the website offline for a period of time on Friday. Moneybookers.com terminated its relationship with WikiLeaks in August.
The ongoing saga of WikiLeaks is, of course, a controversial one that is generating strong emotions on both sides. Even if you feel strongly that WikiLeaks is being persecuted or abandoned by online companies think very carefully before volunteering your PC and engaging in a DDoS attack.
After all, it could be that the police are knocking on your door next.
If people want to support Wikileaks. Stop using services of companies who froze or stopped services for Wikileaks. Tell others not to use those services (Like Paypal, ebay and others). But DDOS attack is an unethical way of showing your point of view.
One would suspect DDOS is used to shutdown Wikileaks. Here we have someone trying to use DDOS to get into govt website. What is the reward to breaking into Govt website?
The DDoS attacks aren't intended to break into government websites, instead they're designed to disrupt access to websites by deluging them with internet traffic.
He was released today.
I love how everyone is calling Martjin a hacker, he couldn't manually hack himself out of a cardboard box let alone do it online. No offense. He downloaded the 'ion canon' software and cheered the groups on via facebook. Sounds like another scapegoat to me.
He put all of his real information online too! What an idiot!
"However, it is reported that the DDoS attack software being used did not hide the IP address of the computer involved"…"That's a pretty silly mistake to make if you're going to attack the website of your country's national prosecutor."
Silly mistake? A security expert ought to know a bit better that it's less of a silly mistake and more of a technical limitation.
He did that on purpose, as he stated in a Dutch Radio show today he made sure his IP was visible, this because a normal protester is also giving away his id.
The worst thing for him that can happen is a few hours of community service and probation…
Not buying it. It sounds like he jumped on the lemming bus. Yes, probably a scapegoat but his actions are still illegal.
I Doubt he did it on porpuse i think it was more of he did not know how to.
If he was using simply using LOIC then the chances are, he knew his IP was visible. You cannot use a Proxy server or you will end up spamming your proxy instead of your intended target.
The use of LOIC for DDOS attacks relies on being part of the hive; Most of the users are aware of this danger (or maybe not). The clever guys are on Linux spoofing their IP behind 7 proxies!!
Exactly!
And a "proxy" is nothing more than just another Windows box that has been easily compromised. The real crime here is that Microsoft's OS, up to and including Win7, is so promiscuous that even a script kiddie can compromise it. A lot of gamers using Windows think themselves 3l33t hackers because they download some VB exe or shell script from a warez website and follow the readme instructions blindly.
( Anonymous Software == Backdoor for Rootkit )[?]
Just use Tor. =)
Scapegoated.