astrid
9th December 2010, 07:41
http://www.smh.com.au/technology/security/the-aussie-who-blitzed-visa-mastercard-and-paypal-with-the-low-orbit-ion-cannon-20101209-18qr1.html
The Aussie who blitzed Visa, MasterCard and PayPal with the Low Orbit Ion Cannon
Asher Moses
December 9, 2010 - 4:20PM
An Australian has emerged as one of the key attackers responsible for shutting down the websites of the world's two biggest credit card companies and PayPal in support of WikiLeaks and its jailed editor, Julian Assange.
A Sydney man, whose identity is known to this website but spoke on condition of anonymity, said the group used an application called Low Orbit Ion Cannon (LOIC) to carry out the attacks. Each user of the program voluntarily signs up to be part of a "botnet" of computers and their collective power is used to take down websites.MasterCard and Visa's websites were both knocked out by a barrage of "denial of service" attacks that flooded their servers with millions of requests. Both stopped processing donations for WikiLeaks after pressure from US politicians.
PayPal, which also put a block on WikiLeaks' account, has also recently been attacked and its US site, paypal.com, was inaccessible at 2.25pm AEDT.
Operation Payback
A loosely connected group dubbed Anonymous, known for its attacks on Scientology and even Australian government websites, has claimed responsibility. The group, which has no central command structure, has dubbed the attacks "operation payback".
Internet Relay Chat (IRC) rooms are used to tell the botnet which targets to hit and members have been congregating in the notorious "/b/" forum on the 4chan message board site. The IRC server used, irc.anonops.net, has been up and down over the last few hours and the attackers suspect someone is running a counter-attack.
"Anonymous are targeting the corporations that have been coerced into not cooperating with WikiLeaks or in fact doing them damage such as MasterCard, Visa and PayPal, who have cut off transactions for donations to WikiLeaks," the Sydney Anonymous member said.
"Anybody who's accusing WikiLeaks of doing anything illegal - it's just rubbish, because if that were true every journalist in Australia would be going to jail every time they got a leak out of government."
PayPal caught fibbing
It is not clear what laws WikiLeaks has broken to lead it to be cut off by the US payments companies. The US Attorney-General Eric Holder has acknowledged that it would be difficult to use the Espionage Act to target Assange.
Speaking at the LeWeb conference in Paris, PayPal VP Osama Bedier faced boos from the audience when he was asked why PayPal froze WikiLeaks' account. He said the US State Department "wrote a letter saying the WikiLeaks activities were deemed illegal in the US".
However, the US State Department denied it had sent any such letter to PayPal. PayPal later clarified that its decision was merely "based on the American government's position".
In a new statement released this afternoon, PayPal general counsel John Muller wrote that PayPal had acted on a letter sent to WikiLeaks, not PayPal itself.
"Ultimately, our difficult decision was based on a belief that the WikiLeaks website was encouraging sources to release classified material, which is likely a violation of law by the source," he said.
The power of the internet
The attacker said it took just 800 computers to take down MasterCard and 1000 to take down Visa.
"Even on an ADSL account, LOIC can develop around 20 million connect requests per hour," he said.
"LOIC is basically a bot and it does the same thing that hacker and cracker botnets do but it's a voluntary botnet, it's people volunteering to have their machine taken over remotely and then the hivemind can direct the attacks."
The man said right now there were around 3000 people running LOIC and attacks would continue until they "feel like they've proven a point".
Conservative politicians targeted
They also extended their cyber assaults to the websites of US conservative standard bearer Sarah Palin and US Senator Joe Lieberman, an Independent who chairs the Senate Homeland Security Committee.
Palin has described WikiLeaks founder Julian Assange as "an anti-American operative with blood on his hands" and asked "Why was he not pursued with the same urgency we pursue al-Qaeda and Taliban leaders?"
Her website, SarahPac.com, came under cyber attack from a "small group of Anonymous protesters," according to Sean-Paul Carroll, a threat researcher at PandaLabs, the malware detection laboratory of Panda Security.
Carroll said Anonymous members also briefly took down the website of Lieberman, who issued an early call for US companies to withdraw their technical support from WikiLeaks, an appeal that has been widely followed.
In addition to Visa and Mastercard, Anonymous has already taken credit for temporarily taking down the Swiss Post Office bank and others.
Legal ramifications
This year, LOIC was used to attack the Prime Minister's website and several other government websites in protest over the government's planned mandatory internet filter.
This week, a 19-year-old Melbourne student who pleaded guilty to four charges relating to the attacks, Steve Slayo, escaped a criminal conviction.
Asked if he was worried about law enforcement catching up with him, the Sydney man responsible for the latest WikiLeaks-related attacks said "there's just so many copies of LOIC that it would be difficult for law enforcement to chase anybody in particular".
There have been rumours that, in addition to knocking out the websites, the group also obtained credit card numbers. A list has been published online but the attacker said this was fake.
"If you look at the credit card numbers that were posted the numbers are obviously bogus - there are prefixes that don't go with a MasterCard and expiry dates that don't make sense," he said.
MasterCard said the attack did not compromise its core payment processing capabilities, but that there had been some limited interruptions to web-based services it offers customers. It did not elaborate.
But a spokeswoman confirmed to Computerworld magazine that there had been disruption to SecureCode - a private code that MasterCard's customers have to enter when they are shopping online - although she said such transactions had not been affected.
There were only "isolated reports" of slowdowns and the SecureCode service was back to normal, she told the magazine.
The Guardian reported that SecureCode may have been affected by the LOIC attacks with a reader telling the newspaper: "MasterCard unwisely has both sites linked on the same network connection. Overload one and you also block the other."
Visa's website was still down at the time of writing. Visa spokesman Paul Cohen said that its processing network "is functioning normally and cardholders can continue to use their cards as they routinely would. Account data is not at risk".
The organisation facilitating Visa and Mastercard payments to WikiLeaks, DataCell ehf, said in a statement that it was taking ‘‘immediate legal actions to make donations possible again’’.
‘‘We strongly believe a world class company such as Visa should not get involved by politics and just simply do their business where they are good at. Transferring money,’’ chief executive Andreas Fink wrote.
‘‘They have no problem transferring money for other businesses such as gambling sites, pornography services and the like so why a donation to a Website which is holding up for human rights should be morally any worse than that is outside of my understanding.’’
The Icelandic company did not elaborate on what type of legal action it was undertaking.
A Facebook page, Operation Payback, and Twitter account, Anon–Operation, were both suspended due to them promoting "unlawful activity".
But the Twitter account has returned with a new handle, Anon_Operationn.
Love that they are releasing the handles in the press that is very telling....
the FB page is back online also here...
http://www.facebook.com/pages/Operation-Payback/163859246989155?ref=ts&v=info#!/pages/Operation-Payback/163859246989155?v=wall
The Aussie who blitzed Visa, MasterCard and PayPal with the Low Orbit Ion Cannon
Asher Moses
December 9, 2010 - 4:20PM
An Australian has emerged as one of the key attackers responsible for shutting down the websites of the world's two biggest credit card companies and PayPal in support of WikiLeaks and its jailed editor, Julian Assange.
A Sydney man, whose identity is known to this website but spoke on condition of anonymity, said the group used an application called Low Orbit Ion Cannon (LOIC) to carry out the attacks. Each user of the program voluntarily signs up to be part of a "botnet" of computers and their collective power is used to take down websites.MasterCard and Visa's websites were both knocked out by a barrage of "denial of service" attacks that flooded their servers with millions of requests. Both stopped processing donations for WikiLeaks after pressure from US politicians.
PayPal, which also put a block on WikiLeaks' account, has also recently been attacked and its US site, paypal.com, was inaccessible at 2.25pm AEDT.
Operation Payback
A loosely connected group dubbed Anonymous, known for its attacks on Scientology and even Australian government websites, has claimed responsibility. The group, which has no central command structure, has dubbed the attacks "operation payback".
Internet Relay Chat (IRC) rooms are used to tell the botnet which targets to hit and members have been congregating in the notorious "/b/" forum on the 4chan message board site. The IRC server used, irc.anonops.net, has been up and down over the last few hours and the attackers suspect someone is running a counter-attack.
"Anonymous are targeting the corporations that have been coerced into not cooperating with WikiLeaks or in fact doing them damage such as MasterCard, Visa and PayPal, who have cut off transactions for donations to WikiLeaks," the Sydney Anonymous member said.
"Anybody who's accusing WikiLeaks of doing anything illegal - it's just rubbish, because if that were true every journalist in Australia would be going to jail every time they got a leak out of government."
PayPal caught fibbing
It is not clear what laws WikiLeaks has broken to lead it to be cut off by the US payments companies. The US Attorney-General Eric Holder has acknowledged that it would be difficult to use the Espionage Act to target Assange.
Speaking at the LeWeb conference in Paris, PayPal VP Osama Bedier faced boos from the audience when he was asked why PayPal froze WikiLeaks' account. He said the US State Department "wrote a letter saying the WikiLeaks activities were deemed illegal in the US".
However, the US State Department denied it had sent any such letter to PayPal. PayPal later clarified that its decision was merely "based on the American government's position".
In a new statement released this afternoon, PayPal general counsel John Muller wrote that PayPal had acted on a letter sent to WikiLeaks, not PayPal itself.
"Ultimately, our difficult decision was based on a belief that the WikiLeaks website was encouraging sources to release classified material, which is likely a violation of law by the source," he said.
The power of the internet
The attacker said it took just 800 computers to take down MasterCard and 1000 to take down Visa.
"Even on an ADSL account, LOIC can develop around 20 million connect requests per hour," he said.
"LOIC is basically a bot and it does the same thing that hacker and cracker botnets do but it's a voluntary botnet, it's people volunteering to have their machine taken over remotely and then the hivemind can direct the attacks."
The man said right now there were around 3000 people running LOIC and attacks would continue until they "feel like they've proven a point".
Conservative politicians targeted
They also extended their cyber assaults to the websites of US conservative standard bearer Sarah Palin and US Senator Joe Lieberman, an Independent who chairs the Senate Homeland Security Committee.
Palin has described WikiLeaks founder Julian Assange as "an anti-American operative with blood on his hands" and asked "Why was he not pursued with the same urgency we pursue al-Qaeda and Taliban leaders?"
Her website, SarahPac.com, came under cyber attack from a "small group of Anonymous protesters," according to Sean-Paul Carroll, a threat researcher at PandaLabs, the malware detection laboratory of Panda Security.
Carroll said Anonymous members also briefly took down the website of Lieberman, who issued an early call for US companies to withdraw their technical support from WikiLeaks, an appeal that has been widely followed.
In addition to Visa and Mastercard, Anonymous has already taken credit for temporarily taking down the Swiss Post Office bank and others.
Legal ramifications
This year, LOIC was used to attack the Prime Minister's website and several other government websites in protest over the government's planned mandatory internet filter.
This week, a 19-year-old Melbourne student who pleaded guilty to four charges relating to the attacks, Steve Slayo, escaped a criminal conviction.
Asked if he was worried about law enforcement catching up with him, the Sydney man responsible for the latest WikiLeaks-related attacks said "there's just so many copies of LOIC that it would be difficult for law enforcement to chase anybody in particular".
There have been rumours that, in addition to knocking out the websites, the group also obtained credit card numbers. A list has been published online but the attacker said this was fake.
"If you look at the credit card numbers that were posted the numbers are obviously bogus - there are prefixes that don't go with a MasterCard and expiry dates that don't make sense," he said.
MasterCard said the attack did not compromise its core payment processing capabilities, but that there had been some limited interruptions to web-based services it offers customers. It did not elaborate.
But a spokeswoman confirmed to Computerworld magazine that there had been disruption to SecureCode - a private code that MasterCard's customers have to enter when they are shopping online - although she said such transactions had not been affected.
There were only "isolated reports" of slowdowns and the SecureCode service was back to normal, she told the magazine.
The Guardian reported that SecureCode may have been affected by the LOIC attacks with a reader telling the newspaper: "MasterCard unwisely has both sites linked on the same network connection. Overload one and you also block the other."
Visa's website was still down at the time of writing. Visa spokesman Paul Cohen said that its processing network "is functioning normally and cardholders can continue to use their cards as they routinely would. Account data is not at risk".
The organisation facilitating Visa and Mastercard payments to WikiLeaks, DataCell ehf, said in a statement that it was taking ‘‘immediate legal actions to make donations possible again’’.
‘‘We strongly believe a world class company such as Visa should not get involved by politics and just simply do their business where they are good at. Transferring money,’’ chief executive Andreas Fink wrote.
‘‘They have no problem transferring money for other businesses such as gambling sites, pornography services and the like so why a donation to a Website which is holding up for human rights should be morally any worse than that is outside of my understanding.’’
The Icelandic company did not elaborate on what type of legal action it was undertaking.
A Facebook page, Operation Payback, and Twitter account, Anon–Operation, were both suspended due to them promoting "unlawful activity".
But the Twitter account has returned with a new handle, Anon_Operationn.
Love that they are releasing the handles in the press that is very telling....
the FB page is back online also here...
http://www.facebook.com/pages/Operation-Payback/163859246989155?ref=ts&v=info#!/pages/Operation-Payback/163859246989155?v=wall