• United States



Hammer time? WikiLeaks-inspired Java script DDoS planned

Dec 13, 20103 mins
Data and Information Security

The WikiLeaks weird fest continues, with Mastercard getting hammered some more this past weekend and a Java script-based DDoS being planned and launched through i-frame based images.

Before I go any further, I’d like to point you toward a timeline we created for the WikiLeaks story last week. It needs more updating this week but it will get you situated with how we got to this point.

The latest intel hit my inbox yesterday by way of Imperva’s Hacker Intelligence Initiative, a counter-intelligence security research team that’s been tracking Anonymous Group and Operation Payback activity all weekend.

Here’s what they have so far:

–Mastercard continues to get hammered and a Java script-based DDoS is being planned and launched through i-frame based images.

–Some quick background: Since the launch of Operation Payback, the LOIC has been downloaded more than 67,000 times. Over the weekend, Mastercard suffered downtime, as members of Anonymous continued to launch attacks. However, due to the disruptive nature of LOIC, the vast majority (at least 72 percent) of AV vendors have decided to block the program. As a result, Anonymous has developed a Java script-based DDoS to continue their movement.

–Tal Be’ery, web research team lead at Imperva, says: “By monitoring back channel communication, we have found recommendations to create a DoS utilizing Java script that can be run from browser with no installation required. The Anonymous Group plans to camouflage the Java script behind appealing content — such as pornographic images, to entice users into unknowingly executing attacks.”

–Imperva CTO Amichai Shulman says: “It isn’t surprising that hacktivists are using similar techniques. The incorporation of industrialization techniques seems quite natural. This past year alone has proven the success of cyber crime lords. The hacking industry is bursting with success stories. Why shouldn’t the attack techniques be adopted by the creators of politically-motivated attacks? Every borrowed technique, such as automation and viral distribution, makes Anonymous all the more powerful and potentially more successful.”

–Anonymous user Brickwall tried to justify the attacks recently, writing:”Even if we, somehow, managed to be found and arrested at least we’d know it was for something purposeful, for a good reason. Not something stupid like possesion of illegal drugs or theft. That we contributed to something we believe in, something for the greater good. We could be proud that we at least tried to help. Even if we were caught, we would not going to be in jail forever. Don’t be afraid.You are not in the wrong.”

The WikiLeaks case has been compared to that of the New York Times in the “Pentagon Papers” case. Some argue that WikiLeaks is providing a valuable service that’s exposing government wrongdoings around the world. Others, including the U.S. Department of State, say the site is a danger to national security.

It may have started with those similarities,but the WikiLeaks case has become something else entirely.

In the 1970s you had the Nixon White House to worry about when it came to revenge over the Pentagon Papers leak. Today every business with an online presence has to worry about massive attacks coming from the cyber world.

This is a whole new world. Stay tuned.

–Bill Brenner