Interesting DDOS activity around Wikileaks

Published: 2010-12-08
Last Updated: 2010-12-08 20:36:08 UTC
by Rob VandenBrink (Version: 2)
26 comment(s)

Valentin reports that several sites related to the recent activity around Wikileaks and the prosecution of Julian Assange seem to be under DDOS, confirmed here ==>

The main Mastercard website is offline right now - note that this outage does not affect transaction processing.  The Swedish prosecutors office was taken offline, they were back on around 12:30 GMT.  Other sites that the attackers deem to be "anti-Wikileaks" are also affected.

Update: 2010-12-08 20:34 UTC Mastercard has released a statement about the DDOS

The attackers are rumoured to actually be asking for volunteers "for the cause' in their activity.  Since this activity is illegal in most countries, participating in these attacks may have legal implications.  Readers should use caution, participation in something like this is NOT anything like donating to a charity - it's more like smashing windows and setting fires at a peaceful demonstration.  Plus knowingly downloading code to participate in a botnet isn't the best move for the continued health of your workstation ...

If we see developments in this story, we'll update this post.  Comments of course are welcome!

=============== Rob VandenBrink Metafore ===============

26 comment(s)


It is also, however, terribly common for computers to be co-opted into botnets through unpatched vulnerabilities, thus providing plausible deniability. There is also at least one open source voluntary botnet agent out there called Low Orbit Ion Cannon, which has been called into use a couple of times at least once this year for revenge DDoS. It's not impossible that someone who is sufficiently clued in and motivated to seek out and make use of such a tool would be sure to back their data up and open fire, later claiming that they'd been compromised.
to me there is no known case where a botnet member (zombie pc) has been sued.

and yes, loic is used against the "anti-wikileaks" targets, as well as other tools, like slowloris and so on. they changed targets, yesterday it was which was down for 2 days i think.
While I find the actions of the individuals perpetuating these DDOS attacks deplorable, it is rather interesting as an observer to see something like this being driven by what some deem a 'social injustice' being done on such a large scale. Also very scary.
I think this has actually impacted MC payment processing. I was purchasing airline tickets online in a routine transaction, and the mastercard securecode stage stalls and fails. The transaction eventually worked after several attempts, but I would definitely call this "affected"
I think what we are witnessing is the power of the "cloud" being flexed for the first time. As people begin to understand what they can do, we may see this happening more often.

"May you live in interesting times." - Unknown is down now too
Anybody know what IP LOIC is currently pointed at?
My bank is still online. I'm lucky ;-)

Let's face it: wikileak's next target is a bank and those are nervous or maybe driven.

The reaction was foreseeable.

No related activity here.

Would be interesting to know which component does not match these attackes. . They link to tools etc. That's not really my point. It's pretty simple to get on their IRC server(s) and monitor C&C. Also in channels like #target they talk about "next targets". Most of the channel chatter reminds me of "herding cats". Can be interesting to read at time amongst the chaos.
On more thing for those who aren't aware. LOIC is a self joining "botnet" (so to speak). That is, they are just asking people to "join" the DDoS cause by downloading the DDoS client(s).

Diary Archives