Anonymous Lashes Out in Wake of Megaupload Shutdown
In response to last week's shutdown of the site Megaupload, Anonymous has reportedly let fly with a series of cyberattacks against federal authorities and media companies. The attacks may include the participation of unwitting accomplices who click on a link and are tricked into taking part in the onslaught without their knowledge or consent.
01/23/12 10:59 AM PT
The hacker group Anonymous has reportedly launched a series of attacks that shut down major websites in retaliation against the U.S. Department of Justice's actions against the site Megaupload. The attacks have been ongoing since Thursday, and various Web users who clicked on certain links may have been tricked into becoming accomplices.
The group reportedly began issuing distributed denial of service (DDoS) attacks Thursday almost immediately after U.S. federal authorities announced they'd arrested several Megaupload executives on charges of racketeering, money laundering and copyright infringement. The government seized millions of dollars worth of assets and servers.
The group also reportedly deleted much of the content found on CBS's website, CBS.com, though at press time the site appeared to be back in working order.
While Anonymous has been known to launch widespread attacks on various types of websites, it appears some of the attacks starting Thursday employed a different tactic -- one capable of harnessing the power of more Web users, in some cases without their knowledge or consent.
Usually, Anonymous supporters can download an application known as the "Low Orbit Ion Cannon" (LOIC), which, when activated, directs the computer to rapidly connect to the targeted websites. If enough users simultaneously try to connect at such a rapid rate, the site can crash due to server overload.
This time, though, Anonymous distributed a link that ran a Web version of that program on Twitter and in Anonymous chatrooms. Someone looking for more information on the group could have clicked on the link and unwittingly participated in the attack. This could be particularly troubling for the unwilling hackers, because DDoS attacks are illegal, and one's IP address is easily traced when using LOIC.
"Anonymous is a chaotic, loosely formed gang of rather young men looking for attention. Their targets are more or less random in that they intend to take on any cause that comes along, where they can make their presence known internationally," Avivah Litan, security analyst at Gartner, told the E-Commerce Times.
Individuals in the group normally try to remain anonymous, hence the name, though the collective often claims responsibility for its work. That often comes in the form of a tweet, blog post or YouTube video that sometimes includes hackers wearing their signature Guy Fawkes masks. Variations on its slogan, such as 'We are legion' and 'We do not forgive. We do not forget,' are often included.
That slogan also sometimes appears on the sites they take over, like it did on French presidential website Elysee on Monday morning. In addition to 'We are legion,' the group allegedly wrote 'Megaupload' and 'Sarko Sarko the people will have your skin,' referring to French President Nicolas Sarkozy.
Another Call to Secure
"The Anonymous M.O. is pretty constant," Mike Murray, managing partner at MAD Security told the E-Commerce Times. "They like to create as much noise and activity as possible. They look at who is vulnerable and attack, whether that's necessarily well-targeted or not. With that level of access, it's likely they could do more, at least in some cases, but they've never been about trying to breach data. Unless they're trying to embarrass someone, they don't have anything to gain by stealing a user database. Their M.O. is to be noisy, and the best way for them to do that is delete their entire website."
Anonymous' way of doing things, according to Litan, is "a bit like a robber cracking open the front door but never making it even close to the safe in the bedroom closet."
But even if a denial of service attack is more of a headache than a disaster for a company, the hacks are an indication that online security needs to be a main focus when developing websites. Securing a site is a process that shouldn't wait until it's too late, said Murray.
"At this point, I'm sure there are meetings going on this morning to figure out how to deal with it, but frankly it's a little late now if on a Monday morning that Anonymous is running around the Internet you're worried about this. Sony is a good example of a media company that said, 'We could be next, how do we deal with this,' and more companies should follow that example," he said.