Friday, January 20, 2012

Anonymous hackers trick users into helping DDoS government sites

It's reported today that the hacker group anonymous organized and executed a DDoS attack on several US government websites, including the Justice Department. DDoS attacks are described in this article as kind of "old school," inconvenient but of short duration and usually having no lasting effect. The attack is effected by sending thousands or millions of network requests to a website or to switches nearby, overwhelming the website's networking equipment. When the attack stops, the equipment quickly returns to normal. The attacks were more about getting attention than destroying anything.

One whiz kid at anonymous came up with a piece of javascript code, the same kind that's routinely loaded and processed by your web browser. They lured users to click on compressed links in Facebook pages and tweets. The code would load and immediately, while it was still loading, start firing off network packets to the government sites. One victimized journalist called foul for involving innocent bystanders, and set off a collective soul-search among the anonymi, at least some of whom disavowed and condemned this behavior.
Several anons speaking to Wired on condition of anonymity voiced dismay that a tactic they consider to be the modern-day equivalent of a sit-in (denial-of-service attacks leave no lasting damage) was ethically corrupted by the new version. [from the article]
Some white hats among the anons complained the duped users didn't contribute significantly to the overall attack, and by involving them with activities that could "land them in jail," (which sounds a bit ominous) the anonymous hackers were acting unethically. It's probably a good thing they're principled enough for a soul-search. Very few power groups in our world have that sort of ethics.

No comments:

Post a Comment