Anonymous lures unwitting users into online campaign

It shouldn’t have come as much of a surprise. Hacktivists took quick action against law enforcement and entertainment industry sites Jan. 19 in the wake of the announcement of copyright violation charges against the Megaupload file-sharing site.

The Anonymous group claimed credit, but according one to researcher it added a new twist to this round of actions, apparently taking advantage of visitors to a malicious website who unwittingly downloaded a script that joined them in the attacks.

“In the past, Anonymous has encouraged supporters to install a program called LOIC (Low Orbit Ion Cannon), which allows computers to join in an attack on a particular website, blasting it with unwanted traffic,” Graham Cluley, senior technology consultant at Sophos, wrote in a posting on Naked Security. “This time, things are slightly different: You only have to click on a Web link to launch a [distributed denial-of-service] attack.”


Related coverage:

SOPA undercuts Internet security, experts say; lawmakers float alternative


Links were posted to a site at pastehtml.com containing the JavaScript that directed a flood of traffic to the Justice Department site at www.justice.gov.

This was the latest skirmish in what has already been a long week in the battle over intellectual property rights and anti-piracy legislation. On Jan. 18 numerous websites peacefully protested anti-piracy legislation pending in Congress by going offline, posting homepage banners or displaying other messages against the bills. The next day came the news that Megaupload had been shuttered and a number of its operators arrested, with the attacks that followed.

Strictly speaking, the two issues are not related. The Megaupload case is being prosecuted under existing law, and it has been cited as an illustration that there is no need for the House’s Stop Online Piracy Act and the Senate’s Protect IP Act. But with tensions running high, the backlash against the Justice Department was almost inevitable.

In fact, the DOJ attacks might have been presaged a day earlier in the Senate, which had been scheduled to vote on the controversial Protect IP Act on Jan. 24. Member pages on the Senate website were offline for a while Jan. 18 during the online protests. This was explained as a problem with the Senate’s server, and it apparently was not a denial-of-service attack. No one has claimed responsibility for the outage, but who knows? The timing is awfully suspicious.

By the way, protests against the legislation have borne fruit. Senate Majority Leader Harry Reid (D-Nev.) issued a statement Jan. 20 that the PIPA vote had been postponed, although the bill is not necessarily dead. “There is no reason that the legitimate issues raised by many about this bill cannot be resolved,” Reid said. He encouraged Senate Judiciary Chairman Patrick Leahy (D-Vt.) to continue efforts to address concerns. “We made good progress through the discussions we've held in recent days, and I am optimistic that we can reach a compromise in the coming weeks.”

One thing that is clear from the past week is that cyberspace is emerging as an arena for grassroots political activism and public discourse, civil or not. Not only can the Internet be used to raise money that can counter the impact of well-financed lobbyists, it is providing a channel for individual access to legislators and policy-makers on a scale that has become hard for them to ignore.

But a word of caution: Make sure that your participation in this discourse is done knowingly. Be careful about which links you click on, which software you download, and which actions you take. Don’t be co-opted into an anonymous attack without your consent.

About the Author

William Jackson is freelance writer and the author of the CyberEye blog.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above