Sophos Cloud Optix
Hacktivists have struck a number of official websites in the African country of Tunisia, seemingly in response to the government’s attempts to block access related to leaked cables that related to the country.
According to The Guardian, Tunisia and other Arab nations have tried to control the flow of WikiLeaks-related information into their country by blocking websites and banning overseas newspapers.
Members of the loosely-knit Anonymous group gathered on an Internet Relay Chat (IRC) forum yesterday, and singled out various official Tunisian websites for attack.
Impacted websites that appear to have been brought down by the distributed denial of service (DDoS) attack include that of Tunisian president Zine El Abidine Ben Ali and the government’s official website:
A statement posted on Anonymous-related websites explained the reason for the attack:
"The Tunisian government wants to control the present with falsehoods and misinformation in order to impose the future by keeping the truth hidden from its citizens. We will not remain silent while this happens. Anonymous has heard the claim for freedom of the Tunisian people. Anonymous is willing to help the Tunisian people in this fight against oppression. It will be done. It will be done."
"This is a warning to the Tunisian government: attacks at the freedom of speech and information of its citizens will not be tolerated. Any organization involved in censorship will be targeted and will not be released until the Tunisian government hears the claim for freedom to its people."
Anyone considering signing-up to join in the attacks on the websites of various governments (we recently saw Zimbabwe similarly targeted) would be wise to remember that participating in a DDoS attack is against the law.
You know, it would be nice if all these fighters for the freedom of oppressed peoples were actually interested in working to liberate the many people in this world who suffer at the hands of repressive regimes. Sounds like they are more interested in the posturing than in helping the people of Tunisia.
And how can they liberate the many people in this world who
suffer at the hands of repressive regime exactly? And how is what
they are doing not accomplishing that?
There are any number of ways of working to end repression. But the rhetoric used here– e.g. "has heard the claim for freedom of the Tunisian people"–is both vague and inflated. How did they hear from the Tunisian people (and which Tunisian people did they hear from–or are involved in the actions of Anonymous?) What loss of freedom–other than the inability to read the Wikileaks data–have the Tunisians suffered? The Anonymous hackers are using their claims to be acting selflessly for the benefit of others to justify their own ego-driven sabotage.
Whether you agree with the actions of those who launched the DoS attacks against the Tunisian websites or not, it's clear that Tunisia has been in the spotlight for many years regarding censorship and a lack of press freedom:
See http://en.wikipedia.org/wiki/Censorship_in_Tunisi…
So it's possible that WikiLeaks suppression was the catalyst for the current attacks, but may not be the only motivation.
You claim to know many other ways to end repression please educate us and explain to me where and when you have ended any kind of repression.
Anonymous has heard the claim for freedom of the Tunisian people and the Tunisian people have heard and felt the support of the people, this isn't a very complicated relationship to understand, anonymous is anyone and everyone who opposes censorship and injustice. Every ANONYMOUS individual has found a way to show their support.
If you are unaware of the decades of increasing censorship in Tunisia and are so ignorant that you think that their inability to access wikileaks data is their only reason for protesting then please stop wasting our time by sharing your pointless opinions. You should educate yourself a bit first.
Wikileaks and anonymous are the people for the people, they are catalysts for justice and revolt and will continue to be so.
AnonOps don't look like their going to stop at any length to get their message heard. It doesn't help anybody and most of them probably have unlimited internet access so that isn't an issue. They should try and track down the IP Addresses and block them.
Why doesn’t it help anybody? Can you please
explain? So far you are not very convincing.
Anybody considering signing-up to join in the attacks on
the websites of various governments would be wise to download LOIC
from sourceforge.net Making page demands isn’t an
“unauthorised act” under UK Law, your information
is wrong.
You're incorrect.
Under the terms of the UK Police and Justice Act 2006, it is illegal to impair the operation of any computer, to prevent or hinder access to any program or data held in any computer, or impair the operation of any program or data held in a computer, with “requisite intent” and “requisite knowledge”.
In a nutshell, knowingly participating in a denial-of-service attack like this – without the permission of the website's owners – is illegal.
(By the way, in the UK, supplying the software that can be used to launch a denial of service attack, can lead to two years in jail)
Of course, all of this is up to the interpretation of the courts – but those are the laws.
So if I install Windows on a Linux box and thereby impair it's operation I've broken the law? The legislation says the act has to be "unauthorised", making page requests from a web server isn't "unauthorised", not even if you make lots of them. Obviously if you run a botnet it's a different matter.
(1)A person is guilty of an offence if—
(a)he does any unauthorised act in relation to a computer;
If the intention is to disrupt the website, and you didn't have permission from the website's owner, then that sounds to me like it's against the law.
But seriously, I am not a lawyer. I trust that if anyone out there is considering participating in the denial-of-service attacks they will take the appropriate steps to get legal advice first rather than rely on amateur views from folks like me and others on the internet.
No-one would be daft enough to do this without checking with a lawyer first, right?
IMO LOIC based DOS attacks are fundamentally no different in principle to the recent protests against Top Shop and Vodafone whereby activists crowded out stores forcing them to close. Of course people would be wise to first check with a lawyer, either that or run LOIC behind Hotspot Shield or some other free VPN service.
“participating in a DDoS attack is against the
law.* Those attacks are not DDoS, they are DoS. A DDoS involves
bots that infect the computers of other people in order to make the
computers participate in an attack without the consent of their
owner. A DoS attack does not involve such bots. Operation
Payback’s computers are provided willingly by the owners
of these computers, so none are infected by bots. As a result, a
DDoS attack is more illegal – it’s illegal to attack a
website that way, and it’s also illegal to infect other
computers with bots (which a DoS attack does not involve).
I’m just wondering – would any European or American
country really care to go after the people who attack the Zimbabwe
or Tunisian government? These governments are dictatorships, so
would civilized governments really care?
You're right that normally a distributed denial-of-service attack involves innocent parties who are not aware that they are participating in an attack. In such cases the authorities will, of course, be sympathetic.
But it's a whole different ball game when folks /volunteer/ to disrupt websites without authorisation from the website's owners, by bombarding them with traffic. The computer crime cops are unlikely to view that as innocent behaviour.
Now whether the authorities would actually pursue a criminal investigation against people involved in the attacks on the Tunisian websites is a different question..
This is old news, but the (real) hackers of 2600 Magazine published a press release decrying the DDoS attacks and suggesting some alternative actions you can take.
http://www.2600.com/news/view/article/12037
It's tougher to boycott the government of a country you don't live in, but surely there are human rights organizations operating in Tunisia that you can donate to if you actually care about these issues, and other legal means of showing your support.
Yes Crush the Government especially during War Time in the Theater
Civil Disobedience made famous by such protagonists as Gandhi is method of selecting a theatre of action that the the ruling authority cannot win in. Then confronting them in this arena. A 100,000 separate individuals using DOS attacks would give the Police and especially the Crown Prosecution Service a major problem (In the case of a UK target with say an additional 50,000 outside the UK requiring extradition proceedings)
I would suggest that a well published good set of business ethics adhered to is the best defence against such a threat for a company.
It is 5 years since I visited Tunisia and found it a quite a relaxed place without the intangible electric current of fear that runs through the people in a dictatorship or some 'so called' democracies. False flag claims associated with the DDOS is possibly the rational for this attack.
It's certainly different as normally you would use bots on slave computers without the owners knowledge but this is a voluntary attack usind ddos tools like loic etc There isn't the will to prosecute in this country (UK) so if you want to join in then do so. Remember if you want to use a pre-compiled script program that can ddos sites then loic isn't the only choice but it is user friendly. Graham is right though it is a crime under UK law but it's difficult to prove malicious intent as one can say "I don't know what a ddos attack is or someone got control of my computer etc". Illegal yes, difficult to prove yes.
And the Tunisian government is harvesting usernames and passwords from services like Gmail and Facebook. . .
http://www.thetechherald.com/article.php/201101/6…