The FBI announced today that they executed more than 40 search warrants in conjunction with the UK’s Metropolitan Police against participants in the DDoS’ing of WikiLeaks “enemies”.
Unlike the Met Police, the FBI did not release many details as to who they may have executed the warrants against, or specifically what they were looking for. It is likely they were intending on seizing the computers used during the attacks to look for logs related to the planning and execution of the attacks.
The FBI’s press release implies that the attackers created the tools to attack Mastercard, Visa and others.
I believe most attackers were using an “off the shelf” DDoS tool called LOIC which is unrelated to “Anonymous”. LOIC is developed by Alexander M. Batishchev, which by definition makes him not anonymous…
Suggesting that creating a multi-purpose tool is the reason they are executing these warrants strikes a chill in me. That would be like going after Stanley Tools for making the box cutters that the 9-11 hijackers used. I hope it is an honest mistake.
While we took a lot of criticism from some readers about our warnings about the criminality of participating in DDoS attacks, the FBI clearly states that:
“The FBI also is reminding the public that facilitating or conducting a DDoS attack is illegal, punishable by up to 10 years in prison, as well as exposing participants to significant civil liability.”
If you are a Sophos administrator and want to be sure your organization doesn’t have a free spirit who wishes to use company assets to assist in these types of attacks you can simply block LOIC under PUAs (Potentially Unwanted Applications).
Additionally by properly configuring your client firewall not to allow outbound internet access from unknown applications you can even stop unknown and not yet invented malicious tools.