Website attackers could be easily traced, researchers say

People using a simple denial-of-serivice tool in support of WikiLeaks can be tracked

People using a tool to conduct distributed denial-of-service (DDOS) attacks against other websites in support of WikiLeaks can easily be traced, according to computer security researchers.

Thousands of people have downloaded the "Low Orbit Ion Cannon," a tool that bombards a targeted website with garbled traffic in an attempt to knock it offline. The tool has been promoted by Anonymous, a loose-knit group of online campaigners that has attacked companies that cut off support for WikiLeaks since it began releasing secret U.S. diplomatic cables in late November.

But researchers at the University of Twente in Enschede, Holland, say it is easy for ISPs to identify those using the tool, as it takes no measures to protect the identity of its users, according to their paper.

There are several versions of the Low Orbit Ion Cannon: one is a client application that is downloaded by a user and can be remotely controlled via an IRC (Internet Relay Chat) or be manually configured. The other is a JavaScript-based Web site.

With the client application, the targeted Web site can see the real IP (Internet Protocol) address of the computer conducting the attack, the researchers wrote. The IP address can be linked to the ISP providing the service, which can then investigate which subscriber the address corresponds too. The same condition happens when someone uses the Web-based tool.

One method used by those conducting a DDOS attack is to configure the program to use a fake IP address, but the Low Orbit Ion Cannon does not do that. DDOS attacks can also be coordinated using a botnet, or a network of machines that have been compromised. The owners of those computers are usually unaware their computers is infected and taking part in an attack.

The danger with the WikiLeaks attacks is that many of those less tech-savvy people eager to join the online campaign may be unaware that they can be traced.

"The current attack technique can therefore be compared to overwhelming someone with letters but putting your real home address on the back of the envelope," the researchers wrote.

In the European Union, telecommunications operators must retain data for six months, which "means that hacktivists can still be easily trace after the attacks are over," they wrote.

Already, police in the Netherlands have arrested two teenagers in connection with the attacks. Dutch prosecutors said one of them was easily tracked down.

The DDOS attacks, dubbed Operation: Payback, by Anonymous appear to be continuing, according to security vendor Imperva. The Low Orbit Ion Cannon has been downloaded about 67,000 times, Imperva said.

MasterCard, which stopped processing payments for WikiLeaks, was attacked again over the weekend, with statistics showing it experienced some downtime, according to Netcraft. A vast majority of security vendors are now labeling the Low Orbit Ion Cannon a threat and will block the program, Imperva said.

Imperva also said it has been monitoring some of the communication between people coordinating the attacks. Those attackers are recommending development of a system by which people are lured to some other content, such as pornography, but by visiting the website would invisibly launch the DDOS JavaScript tool.

That approach is unlikely to be effective, said Paul Mutton, a security threat analyst with Netcraft. The traffic intended to harm the website would come from a person's Web browser.

Browser traffic is difficult to control, and there is processing overhead performed in the browser that tries to render whatever content comes back, Mutton said. That is in contrast to a dedicated tool that can send huge payloads.

"In a nutshell the Web-based version of the LOIC software is not as effective as the real thing, but they are far easier for anyone to use," Mutton said.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags Criminalsecurityddoswikileakslegalcybercrimehacking

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?