Pro-Wikileaks Attacks More Slap in the Face than Kick in the Head
Did Web vigilantes really cripple two credit-card giants in retaliation for those companies' refusal to process donations to Wikileaks? Not really -- the attacks merely hit the companies' front-facing websites, not the critical infrastructure lying below, though it may have disrupted some users' ability to shop online. Meanwhile, Wikileaks has spread itself so far across the Web that it's virtually impervious to takedown.
Dec 9, 2010 10:13 AM PT
Cyberattacks this week by supporters of Wikileaks on the home sites of Visa and MasterCard may have been designed to grab headlines rather than actually disrupt the companies' financial operations.
The wave of electronic assaults, referred to as "Operation Payback" by the activists mounting the attacks, were aimed at the home sites of the credit card companies. Those sites have high profiles but relatively low traffic levels -- traffic levels that make them more vulnerable to a distributed denial of service (DDoS) attack. Such attacks deliberately spike the traffic to a site and make it inaccessible.
"These are their public-facing websites," Nicholas Percoco, a senior vice president with Chicago-based security firm Trustwave, told TechNewsWorld. "They're not taking down transaction processing. They're taking down brochureware websites."
"It's more of a pie-in-the-face tactic," he added.
While the headlines Operation Payback has been able to generate with its attacks may be giving the credit card companies a black eye and are a source of embarrassment, they are distorting the actual security threat to the firms' financial systems, according to Chet Wisniewski, a security adviser with Sophos, an anti-malware software maker in Burlington, Mass.
"Where it counts, which is making sure that when you and I are at the mall buying gifts for our family for Christmas, they've got an amazingly robust infrastructure," he told TechNewsWorld.
Some Shoppers May Be Affected
MasterCard did not respond to a request by TechNewsWorld for a comment on the attacks. Visa noted that its processing network, which handles cardholder transactions, is functioning normally and stated that cardholders can continue to use their cards as they routinely would. Account data, it said, is not at risk.
Operation Payback's attacks on Visa and MasterCard were undertaken in retaliation for the companies' decision to refuse to process donations to Wikileaks, a site that most recently made waves by leaking hundreds of thousands of private U.S. State Department messages, some of which were classified as "Secret." PayPal, an online financial transaction company, took similar action, but its main site did not come under attack.
"They didn't try to take out PayPal itself because PayPal is way too large and distributed and able to resist the attack, and it wouldn't look good for the attacker," Wisniewski asserted. "They went after Paypal's blog instead because it was an easier target."
Although the transaction systems of the credit card companies may have been insulated from the denial of service attacks on their home sites, the assaults may have some financial consequences for the firms.
Both businesses have programs -- Verified By Visa and MasterCard SecureCode -- that require additional authentication when making online purchases with merchants participating in those programs. "Those systems are being affected by these denial of service attacks because they rely on MasterCard's and Visa's websites to be there to type in your extra security code," Wisniewski explained.
"So there is the potential of holiday shoppers shopping online not being able to purchase anything with their MasterCard or Visa," he said. "So it could hit the pocketbooks over at the credit card companies."
WikiLeaks itself is no stranger to denial of service attacks. After it posted the diplomatic documents on the Net recently, its main site came under attack, forcing it to change its domain name and hop to a series of host systems. The result has been to create a system that's become impervious to takedown.
"Taking away WikiLeaks' hosting, their DNS service, even their primary domain name, has had the net effect of increasing WikiLeaks' effective use of Internet diversity to stay connected," James Cowie, chief technology officer and co-founder of Renesys, an Internet intelligence company in Manchester, N.H., wrote in the firm's blog.
"And it just keeps going," he continued. "As long as you can still reach any one copy of WikiLeaks, you can read their mirror page, which lists over 1,000 additional volunteer sites ... None of those is going to be as hardened as wikileaks.ch against DNS takedown or local court order, but they don't need to be."
"[W]ikiLeaks Web content has been spread across enough independent parts of the Internet's DNS and routing space that they are, for all intents and purposes, now immune to takedown by any single legal authority," he added.
Meanwhile, the group responsible for attacks on the credit card companies, which calls itself "Anonymous," may itself be hunted by a mystery character called "th3j35t3r" ("The Jester"). "Jester was involved in attacking Wikileaks and taking it down with a denial of service attack," Sean-Paul Correll, a researcher at Panda Security in Glendale, Calif., told TechNewsWorld.
"Jester hasn't openly said yet that he was involved in attacking Anonymous, but I have observed that the Anonymous infrastructure is under attack, so someone or some group is attacking them," he said.
What's more, Anonymous' computing base is located on "bulletproof" hosts in Russia. Bulletproof hosts are supposed to be immune from denial of service attacks. "That means whoever is attacking them has a very serious amount of bandwidth available to them," Correll added.