• United States



by Matt Peckham

Did Anonymous Trick You Into Crashing Sites for MegaUpload Bust?

Jan 23, 20123 mins
BrowsersData and Information SecurityEnterprise Applications

A new tool, allegedly released by Anonymous, unwittingly ropes casual browsers into helping with distributed denial of service attacks.

Many of you were clearly rooting for hacktivist group Anonymous when it took aim at the U.S. Department of Justice’s website (among others) after the DOJ busted file sharing site MegaUpload for alleged copyright infringement, but did you unwittingly participate in the hack group’s illicit attacks?

Don’t be so sure: A tool recently deployed by Anonymous can apparently turn casual browsers into unwitting hack-attack patsies. The tool’s a bait-and-switch, redirecting users from phony websites to the very real ones Anonymous intends to sabotage.

In its attacks, Anonymous often employs a piece of public domain software dubbed LOIC, or “low orbit ion cannon,” named after a fictional weapon in the Command & Conquer real-time strategy video game series. LOIC was originally designed to help network admins stress test whether a network can fend off what’s called a distributed denial of service attack, or DDoS. In a DDoS attack, someone attempts to overwhelm another computer by spamming it with data requests. If the computers that serve a given website to the public can’t keep up with those requests, they start to stutter and occasionally crash entirely.

Anonymous allegedly trained its LOIC on several music and entertainment industry-related websites last week after the DOJ shut down MegaUpload and arrested several of the file sharing company’s employees (four more were arrested by New Zealand police at various locations near the city of Auckland). Anonymous targeted 10 websites in all, including (the DOJ), (the FBI), (the Motion Picture Association of America), (the Recording Industry of America) and (the U.S. Copyright Office).

But this time, the group had help: If you clicked on links handed out by Anonymous during the attacks, you may have added your own hand to the blitz.

Here’s how it works: Someone creates a website running code (usually Javascript, says security researcher Imperva) that redirects visitors to one of the target websites, say for the DOJ or FBI or U.S. Copyright Office. Anonymous (and others) then distribute those links during the attack period. Anyone clicking on them is automatically redirected to one of the sites designated for attack, then repeatedly hammers the target site with requests until the webpage is closed.

A less surreptitious version of this tool serves up web pages that allow Anonymous supporters to participate in the attacks by simply typing in the network information of a target computer — all you need is a browser and the computer’s IP address and you’re in business. Call this the “junior Anonymous member” option.

If you clicked one of these links and unwittingly launched a personal salvo last week, are you guilty of criminal activity? Surely not, but the safe bet — and it ought to be common sense in any case — is to avoid clicking random links in general, especially if you’re not sure where they go.

Matt Peckham writes for PCWorld and TIME. You can find him on Twitter, Facebook, or Google+.