Sophos Cloud Optix
Here’s a quick summary of events:
* On Wednesday, thousands of websites participated in an “internet blackout”, protesting against proposed US anti-piracy legislation.
* Yesterday, file-sharing website Megaupload was shut down, and its founders arrested.
The charge? Online piracy alleged to have cost the entertainment industry more than half a billion dollars.
* Overnight, websites belonging to the FBI, Department of Justice, RIAA, MPAA, Universal and others were struck by a distributed denial-of-service (DDoS) attack.
* The loosely-knit collective Anonymous has claimed responsibility for the attacks (which they dupped Operation Megaupload):
We Anonymous are launching our largest attack ever on government and music industry sites. Lulz. The FBI didn't think they would get away with this did they? They should have expected us.
In the past, Anonymous has encouraged supporters to install a program called LOIC (Low Orbit Ion Cannon) which allows computers to join in an attack on a particular website, blasting it with unwanted traffic.
This time, things are slightly different: you only have to click on a web link to launch a DDoS attack.
We’ve seen many links posted on Twitter, and no doubt elsewhere on the internet, pointing to a page on the pastehtml.com website. If you visit the webpage, and do not have JavaScript disabled, you will instantly, without user interaction, begin to flood a website of Anonymous’s choice with unwanted traffic, helping to perpetuate a DDoS attack.
At the time of writing, for example, it’s the Justice department website which is in their sights.
Don’t forget, denial-of-service attacks are illegal. If you participate in such an attack you could find yourself receiving a lengthy jail sentences.
With this method, however, Anonymous might be hoping that participants could argue that they did not knowingly assist in the DDoS attack, and clicked on the link in innocence without realising what it would do.
I’m not a lawyer, so I can’t tell you if that’s going to be an adequate defence or not if you end up in court.
Personally I find it much easier to support users and companies blacking out their websites for a day in protest against the SOPA/PIPA legislation than launching DDoS attacks against US government websites.
Well you would conclude that, even if you did agree with anonymous.
"a lengthy jail sentences."
That's like consecutive jail sentences is it? one for using an antivirus that can't detect the script, another for having JavaScript enabled, and another for being technologically challenged? one for being my mom who clicks anything remotely interesting…….
Completely understandable, I'll send her postcards, I wonder if I'll get the house?.
Graham,
Normally I’d be all for you in this, but you did give up Wikipedia to “noscript” very quickly Wednesday. I feel that you should have at least let the Wiki visitors ponder for a moment until they found out that it was a Javascript issue (it wasn’t all that hard to find on Wikipedia – after all), and let them at least come asking: “How do I disable Javascript?”
And THEN tell them how. Pretend it was a gNerdy crossword puzzle contest (still working on it here boss.)
So, I’m not going to pass judgement on Anonymous or you today.
Maybe tomorrow?
Jon
Might be best NOT to click on most links, unless you know they are genuine.
I accidentally quoted a line from a crappy Hollywood movie – will I be arrested for stealing now?
You will if you don't send Chris Dodd a check for $100 immediately.
Personally I just think some people just don't have the balls to help Anon. In reply to your last line 🙂
Yes you committed the crime of “verbal plagarism” (spelt right? idk) lol
Funnily enough, the only way to stop bullies is to turn on them……!
Eh. I'd click the link. What's the worse that's going to happen? Detainment…?
Remember, they can already do that WITHOUT a reason when they passed the National Defense Authorization Act…… Might as well be detained and know the reason why.
Well, like I said, I'm not a lawyer.
But seeing as plenty of people have got themselves in trouble before for using LOIC to launch DDoS attacks, I would recommend folks seek proper legal advice before participating.
For reference: http://nakedsecurity.sophos.com/2011/08/03/britis…
Open the site on a web browser and hit the refresh button several time… i guess this is not DDoS attack as you were only browsing the site.
Anonymous supportes reacted to SOPA/PIPA the sae way as anybody else – sign the petition and communicate with 'lawmakers'.
This DDoS attack is about Megauploads, the latest in a series of 'test cases' for 'ennertainment' industry lawyers.
i think we should remove these ties with the american goverment
When was it illegal to click a link, i guess the SOPA bill was passed long TIME AGO , when this law was written. We are a world of links they lead to knowledge and if a misleading link causes a DDOS then the owners of the sites that get DDOS should learn not to be a target. They should be a step ahead and prepare for traffic routing. Not our fault they hire personnel that just want a job, but dont know how to do the job.
Read Condition 7 under Megauploads terms here http://webcache.googleusercontent.com/search?sour…
It stats
"You agree to not use Megaupload's Service to:
a. upload, post, e-mail, transmit or otherwise make available any Content that spreads messages of terror or depicts torture or death-gui; if serious enough, the content will be reported to the appropriate legal authority and/or the member's ISP will be contacted;
b. harm minors in any way, this includes any form of child pornography; if serious enough, the content will be reported to the appropriate legal authority and/or the member's ISP will be contacted;
c. upload, post, e-mail, transmit or otherwise make available any Content that infringes any patent, trademark, trade secret, copyright or other proprietary rights of any party."
so shouldn't the 50 million visitors a day be held liable? Come arrest the world Government.
“when was illegal to click a link?” Similarly, “when was it illegal to buy a magazine?” I think you will find that consequences and intent have something to do with it. If you knowingly get hold of illegal magazines, then you can be held accountable, so this is the same.
Interesting article. I generally like to follow the law and am not into downloading music eithout paying for the privilege. Having said that, copyright and IP have a weak moral basis, being something that has been created and protected by law in order to encourage creation. Does it really work, though? We can decide not to legislate it if as a society we don’t want it, or we can change the conditions. It is not covered by the ten commandments, for example. From a practical perspective, copyright and IP tend to create a few winners. If bands could only make money by concerts, then perhaps we would have more touring musicians, and not just the few mega-bands created by publicity machines.
this is not a test case this is real
Anonymous has declared war on the United states base don the fact that it was a cyber attack on the US govermnet
Somehow I think this is just the beginning. Anonymous was nothing to laugh at before, but after this stink with SOPA you can bet that their ranks have swelled. Before this week most of this has been in the background, now more and more people are going to fight back.
Yes because DDoS, site defacement, and minor database hacks make them so dangerous. They are gum on the bottom of shoes compared to the real threats like state actors.
Tell that to Aaron Barr and the smoking wreckage of his career.
Yeah, Anonymous — like that will stop the government from doing its job and make them release Megaupload's owners and restore the site so you guys can keep downloading copyrighted music, movies and porn illegally.,
yes they can take down many website by DDoS
Solution: Open/Un-encrypted Wifi 🙂
What if Anonymous (or loosely associated affiliate org) remove the opt-in: Use SQLi to inject the DDOS link/code into lots of popular sites, and let their users join in unwittingly…
Who do you detain then?
Better yet, target those annoying ad-sites. Then everyone other than the ubercool Ad-Block crowd can get a free holiday via extraordinary rendition..
Maybe wall off New York and hold them all there…
Who gets to wear the eye-patch?
P.=default
Well then..i think i am f**ked i clicked these links not knowing what the hell they were..
another drop in a full bucket !
With this “Trick” Anonymous, knowingly or not, gave the people that which has been used against them for years…
Plausible Deniability.
If it’s been good for the goose…
now if they could just make a program to kick the feds in the balls like they have been doing to the us citizens for years !!!!!
Here is my two cents. If you do not have a obligation to a child such as parentship or guardianship, then what the heck do you have to lose? Jail provides free meals and a bed. If you get lucky and you like this type of thing a guy named Bubba might unwrap your package. All joking aside there isnt a death penalty for this type of action. In all intents and purposes you have nothing to lose. Again if you are a parent or guardian you need to think twice before you take actions that can send that child into the system that we all seem to either hate or diapprove of.
I've looked at the criminal liability of clicking a link in this context. You can read about whether this would be crime under the Computer Fraud and Abuse Act here: https://theinternetifyoucankeepit.wordpress.com/2…
Hey Graham glad to hear you are not a lawyer. After all, imho, other than a license to lie what else is a lawyer? I’m not a lawyer, but have read the U. S. of A. constitution.
After seeing plenty of people have got themselves pepper sprayed in the eyes, nose and throat for exercising the right to peacefully assembled and protest, yes I believe some consider peacefully protesting as launching attacks.
I would recommend folks to read their constitutional rights before participating in anything and sue personally in small claims courts and/or any court to seek for remedies if any damages occur to life, liberty or property.
why you censored the links lol wtf………
"Don't forget, denial-of-service attacks are illegal. If you participate in such an attack you could find yourself receiving a lengthy jail sentences.
With this method, however, Anonymous might be hoping that participants could argue that they did not knowingly assist in the DDoS attack, and clicked on the link in innocence without realising what it would do."
Let's not forget, also, that there's safety in numbers. The government does not even remotely have the wherewithal to clog the courts by prosecuting what will end up, no doubt, to be millions of these incidents. The worst-case scenario that I can see is that it will end up like the RIAA file-sharing lawsuits, where a few people receive draconian sentences as a warning to the others who will, by and large, never be detected and get off scot-free.
Click Hijacking, what a unique use, I've never seen that before. Nice article, thanks a lot. DDoS attacks are something I've very interested in the moment, it's what all my articles have been about so far, more concerning their simulation and defence. This article is very insightful, maybe I'll build a simulation from this! THANKS!