Website attackers could be easily traced, researchers say

People using a simple denial-of-serivice tool in support of WikiLeaks can be tracked

People using a tool to conduct distributed denial-of-service (DDOS) attacks against other websites in support of WikiLeaks can easily be traced, according to computer security researchers.

Thousands of people have downloaded the "Low Orbit Ion Cannon," a tool that bombards a targeted website with garbled traffic in an attempt to knock it offline. The tool has been promoted by Anonymous, a loose-knit group of online campaigners that has attacked companies that cut off support for WikiLeaks since it began releasing secret U.S. diplomatic cables in late November.

But researchers at the University of Twente in Enschede, Holland, say it is easy for ISPs to identify those using the tool, as it takes no measures to protect the identity of its users, according to their paper.

There are several versions of the Low Orbit Ion Cannon: one is a client application that is downloaded by a user and can be remotely controlled via an IRC (Internet Relay Chat) or be manually configured. The other is a JavaScript-based Web site.

With the client application, the targeted Web site can see the real IP (Internet Protocol) address of the computer conducting the attack, the researchers wrote. The IP address can be linked to the ISP providing the service, which can then investigate which subscriber the address corresponds too. The same condition happens when someone uses the Web-based tool.

One method used by those conducting a DDOS attack is to configure the program to use a fake IP address, but the Low Orbit Ion Cannon does not do that. DDOS attacks can also be coordinated using a botnet, or a network of machines that have been compromised. The owners of those computers are usually unaware their computers is infected and taking part in an attack.

The danger with the WikiLeaks attacks is that many of those less tech-savvy people eager to join the online campaign may be unaware that they can be traced.

"The current attack technique can therefore be compared to overwhelming someone with letters but putting your real home address on the back of the envelope," the researchers wrote.

In the European Union, telecommunications operators must retain data for six months, which "means that hacktivists can still be easily trace after the attacks are over," they wrote.

Already, police in the Netherlands have arrested two teenagers in connection with the attacks. Dutch prosecutors said one of them was easily tracked down.

The DDOS attacks, dubbed Operation: Payback, by Anonymous appear to be continuing, according to security vendor Imperva. The Low Orbit Ion Cannon has been downloaded about 67,000 times, Imperva said.

MasterCard, which stopped processing payments for WikiLeaks, was attacked again over the weekend, with statistics showing it experienced some downtime, according to Netcraft. A vast majority of security vendors are now labeling the Low Orbit Ion Cannon a threat and will block the program, Imperva said.

Imperva also said it has been monitoring some of the communication between people coordinating the attacks. Those attackers are recommending development of a system by which people are lured to some other content, such as pornography, but by visiting the website would invisibly launch the DDOS JavaScript tool.

That approach is unlikely to be effective, said Paul Mutton, a security threat analyst with Netcraft. The traffic intended to harm the website would come from a person's Web browser.

Browser traffic is difficult to control, and there is processing overhead performed in the browser that tries to render whatever content comes back, Mutton said. That is in contrast to a dedicated tool that can send huge payloads.

"In a nutshell the Web-based version of the LOIC software is not as effective as the real thing, but they are far easier for anyone to use," Mutton said.

Join the PC World newsletter!

Error: Please check your email address.

Tags Criminalddossecuritylegalwikileakshackingcybercrime

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?