Foot Soldiers for Wikileaks: 27,000 Download Attack Software Overnight



Downloads of the software program used by Wikileaks supporters to launch cyberattacks online spiked overnight, topping more than 43,000 downloads in the past week, according to the U.S. data security company Imperva.
More Video
1 2 3 4 5
VIDEO: The website's founder surrendered to police in London.
Watch: Wikileaks' Assange Arrested, Held Without Bail
VIDEO: The Wikileaks founder is taken into custody to face charges for sex crimes.
Watch: Julian Assange Arrested in London
VIDEO: Secretary of state meets with world leaders after release of sensitive cables.
Watch: Wikileaks Fallout: Clinton Repairs Relations

While impossible to know whether all the computer users had joined the ongoing "cyberwar" against U.S. companies that severed ties to Wikileaks, the data suggest a growing number of people are answering the call to arms put out by a scrappy, decentralized coalition of WikiLeaks defenders that calls itself Anonymous.

There were 700 worldwide downloads of the widely available software, Low Orbit Ion Cannon, or LOIC, Monday, with more than 27,000 downloads occurring Thursday, according to Imperva web security researcher Tal Beery.

Over the past few days, members of Anonymous have successfully knocked corporate websites for MasterCard, Visa and Paypal offline. There are also signs that it was behind attacks on Swedish government websites and those tied to Sarah Palin and Sen. Joe Lieberman.

How'd they do it? The technology behind Operation Payback is surprisingly simple, cybersecurity experts say.


The massive hack attack appears to have been orchestrated by a handful of organizers with control over a virtual army of tens of thousands of computers. The networks -- called botnets -- can inundate their targets with denial of service attacks, so overwhelming a site's server that regular customers can't get through.

Security experts reached by ABC News estimated that several thousand computer users have voluntarily dedicated their machines to the campaign, downloading attack software, installing it on their computers and connecting to a central server called a HiveMind.

Anonymous has posted online step-by-step instructions for download, telling participants that after installing the software they simply "sit back and enjoy!"

Then, HiveMind masterminds input the IP address of their desired target, and all the affiliated computers running the special software begin to bombard the site.

"Remember: current target is, port 443. We are currently FIRING!" one of the HiveMind organizers posted under the Twitter handle AnonOpsNet late Thursday.

The software, a simple Windows application called Low Orbit Ion Cannon, or LOIC, was developed decades ago to test the ability of a website to handle traffic. Because it's open source, meaning its code is publicly available, it is also easily shared and manipulated.

"This program just goes and grabs data on the target website at a high rate, in effect having no pause in your viewing of a webpage," said Barrett Lyon, an Internet security expert who created the first denial of service defense company in 2004 and has analyzed the ongoing cyberwar. "It's basically just blasting the website using all the resources of the user."

But the attacks don't appear to be meant to do more than create a show, Lyon said, noting the hackers don't seem to be seeking confidential company or consumer information, such as credit card account numbers.

In their manifesto posted online Thursday, Anonymous said it did not intend to attack the "critical infrastructure" of sites like Visa and MasterCard but instead to disrupt their corporate websites. "Anonymous does not seek to disturb the public peace nor the average internet citizen; for average internet citizens are most of us who are Anonymous," the statement says.

WikiLeaks' founder, Julian Assange, has vehemently denied directing these attacks in any way. His lawyer told ABC News' Jim Sciutto, "Wikileaks is not in the business of revenge."


o you support WikiLeaks? Are you mad at critics trying to snuff it out? Maybe you're thinking about joining the online protests aimed at shutting down the Web sites of its opponents. Don't.

A loosely organized group of vigilantes under the name Anonymous have turned the botnet guns of their Operation Payback campaign, which previously targeted antipiracy organizations, on PayPal, Visa, MasterCard, Senator Joe Lieberman, Sarah Palin, and others who have criticized WikiLeaks or stopped doing business with the document-sharing project. The WikiLeaks fallout has hit a frenzy since the site began releasing diplomatic cables last month that have proved embarrassing for the U.S. government's diplomatic efforts.

The modern-day equivalent of walking the picket line with a sign is launching denial-of-service attacks against target Web sites in order to send a message and try to interfere with their business. But the electronic version is illegal.

"Participating in a botnet with the intention of shutting down a Web site violates the Computer Fraud and Abuse Act," said Jennifer Granick, a lawyer at Zwillinger Genetski who specializes in Internet law and hacking cases. "The thing people need to understand is that even if you have a political motive, it doesn't change the fact that the activity is unlawful."
"There may be strength in numbers...There's only so many people the police could go after. But that doesn't mean that they couldn't find out who is behind the unmasked IP numbers and file computer charges against them."
--Jennifer Granick, attorney, Zwillinger Genetski

One person accused of being connected with the attacks has already been arrested. Police in the Netherlands arrested a 16-year-old hacker earlier this week. It's unclear what his role allegedly was.

Typical botnets are created by criminals who use viruses and other methods to sneak malware onto computers that then allows them to commandeer the machines for distributed denial-of-service (DOS) attacks without the computer owners knowing it. Hijacked computers are being used in the Operation Payback campaign, but the focus has been getting individuals to voluntarily join.

Thousands of people from around the world are downloading the LOIC (Low Orbit Ion Cannon) software so that their computer will attack the targets the Anonymous organizers specify. New versions of the DOS tool have emerged this week. There is a version for Linux and a Windows version that includes a "Hivemind" feature to connect to an Internet Relay Chat server and allow the organizers to control what site the computer targets.

There is even a JavaScript version that runs on any device, including smart phones. "The JavaScript one, you just point the browser at a site and say 'go,'" said Jose Nazario, senior manager of security research at Arbor Networks.

As many as 3,000 computers voluntarily participated in attacks earlier this week, and an estimated 30,000 others appeared to be hijacked, according to Sean-Paul Correll, a threat researcher at Panda Labs who has been following the attacks closely and communicating with Operation Payback organizers.

There's a snag, however, for the volunteer botnet protesters--their Internet Protocol (IP) addresses are not masked, so the attacks could ultimately be traced back to the computers launching them, experts say. Of course, it's up to the discretion of prosecutors as to whether or not individual botnet volunteers will be fingered by authorities.

"There may be strength in numbers," said Granick. "There's only so many people the police could go after. But that doesn't mean that they couldn't find out who is behind the unmasked IP numbers and file computer charges against them."

Operation Payback is fending off DOS attacks that have scuttled its efforts. The servers being used to provide the infrastructure for Operation Payback have been taken offline intermittently. No one has taken responsibility for those attacks. "Right now it appears they are regrouping and strategizing for future attacks," said Correll. (Anonymous explains that its goal is to raise awareness not interfere with targets' critical infrastructure.)

Meanwhile, a separate campaign sprang up out of nowhere that could give WikiLeaks fans a more legal way of expressing their support for the cause. An online flyer for "Operation Leakspin" published by Boing Boing encourages people to find juicy bits in the leaked cables and spread them virally on the Internet in blog posts and YouTube videos and use unrelated tags that will ensure broad interest.

It's unclear who is behind Operation Leakspin. "There's no hierarchical structure (to the Anonymous collective), so when things happen, like their server infrastructure is under attack, people tend to want to take control of the campaign," Correll said.

"Even though thousands of people want to participate there doesn't seem to be a cohesive plan about what to do next," he said. "It's fizzling out."


REUTERS - Cyber attacks in retaliation for attempts to block the WikiLeaks website have already hit the websites of credit-card giants MasterCard and Visa.

Using distributed denial-of-service (DDoS) attacks, hundreds of cyber activists have joined forces and temporarily disabled computer servers by bombarding them with requests.

On Thursday, supporters of WikiLeaks were plotting attacks on other perceived enemies of the publisher, which has angered U.S. authorities by starting to release details of 250,000 confidential diplomatic cables.

Here are details of how they go about bringing down a website:

-- The weapon of choice is a piece of software named a "Low Orbit Ion Cannon" (LOIC) which was developed to help Internet security experts test the vulnerability of a website to a DDoS attack. The LOIC is available for download on the Internet.

-- The LOIC can be controlled centrally by an administrator in an Internet Relay Chat (IRC) channel, a type of computer chat room, which can seize control of a network of computers whose combined power is used in a DDoS attack.

-- The attack is aimed at the target website and when the LOICs are activated they flood the website with a deluge of data requests at the same time.

-- The DDoS attack prevents the overloaded server from responding to legitimate requests and slows down the website to a crawl or shuts it down totally.

-- The attacks are coordinated in the IRC channel and on Thursday, around 3,000 people were active on the channel at one stage.

-- The current situation has some historical parallels to a decade ago, when, in February, 2000, several of the biggest U.S. ecommerce and media sites came under attack in denial-of-service attacks. Targets included, eBay, E-Trade, and CNN, the news site. The ecommerce sites endured substantial losses during the outages, at a time when the Internet shopping phenomenon remained in its infancy.

(Reporting by Marius Bosch and Eric Auchard)
Last edited:


Yes have been reading reports of Op PayBack from BBC and elsewhere. I am really fascinated with all these. I guess some thing major will come out from all these things. That maybe anything.

Waiting to see the outcome or rather how it ends...
Top Bottom