Do you support WikiLeaks? Are you angry at critics trying to suppress it? Maybe you're considering joining online protests to shut down the websites of its opponents. Don't.
A group of vigilantes named Anonymous has turned their Operation Payback campaign, previously targeting antipiracy organizations, on PayPal, Visa, MasterCard, Senator Joe Lieberman, Sarah Palin, and others who have criticized WikiLeaks or stopped doing business with the document-sharing project. The fallout from WikiLeaks has reached a fever pitch since the site began releasing diplomatic cables last month, causing embarrassment for U.S. diplomatic efforts.
Launching denial-of-service (DOS) attacks against target websites to send a message and disrupt their operations is the modern-day equivalent of walking the picket line with a sign. However, the electronic version is illegal.
"Participating in a botnet with the intention of shutting down a website violates the Computer Fraud and Abuse Act," said Jennifer Granick, a lawyer at Zwillinger Genetski who specializes in Internet law and hacking cases. "Even if you have a political motive, it doesn't change the fact that the activity is unlawful."
One person accused of being connected with the attacks has already been arrested. Police in the Netherlands arrested a 16-year-old hacker earlier this week, though his role is unclear.
Typical botnets are created by criminals using viruses and other methods to install malware on computers, allowing them to commandeer the machines for distributed denial-of-service (DOS) attacks without the owners' knowledge. In the Operation Payback campaign, hijacked computers are being used, but the focus is on getting individuals to join voluntarily.
Thousands of people worldwide are downloading the Low Orbit Ion Cannon (LOIC) software to attack targets specified by Anonymous organizers. New versions of the DOS tool have emerged, including a Linux version and a Windows version with a "Hivemind" feature that connects to an Internet Relay Chat server, allowing organizers to control the attack targets. There is even a JavaScript version that runs on any device, including smartphones. "The JavaScript one, you just point the browser at a site and say 'go,'" said Jose Nazario, senior manager of security research at Arbor Networks.
As many as 3,000 computers voluntarily participated in attacks earlier this week, with an estimated 30,000 others appearing to be hijacked, according to Sean-Paul Correll, a threat researcher at Panda Labs who has closely followed the attacks and communicated with Operation Payback organizers.
There's a snag for the volunteer botnet protesters—their Internet Protocol (IP) addresses are not masked, so the attacks could be traced back to the computers launching them. Prosecutors have the discretion to decide whether to pursue charges against individual botnet volunteers.
"There may be strength in numbers," said Granick. "There's only so many people the police could go after. But that doesn't mean they couldn't find out who is behind the unmasked IP numbers and file computer charges against them."
Operation Payback is also facing DOS attacks that have disrupted its efforts. The servers providing the infrastructure for Operation Payback have been intermittently taken offline, and no one has claimed responsibility for these attacks. "Right now, it appears they are regrouping and strategizing for future attacks," said Correll. Anonymous explains that its goal is to raise awareness, not interfere with targets' critical infrastructure.
Meanwhile, a separate campaign called "Operation Leakspin" has emerged, providing WikiLeaks supporters a more legal way to express their support. An online flyer for Operation Leakspin, published by Boing Boing, encourages people to find interesting information in the leaked cables and spread it online through blog posts and YouTube videos, using unrelated tags to ensure broad interest.
It's unclear who is behind Operation Leakspin. "There's no hierarchical structure to the Anonymous collective, so when their server infrastructure is under attack, people tend to want to take control of the campaign," Correll said. "Even though thousands of people want to participate, there doesn't seem to be a cohesive plan about what to do next. It's fizzling out."
