How Operation Payback Hacked into Mastercard and PayPal Using DDOS in Defense of WikiLeaks Project

Posted on

Over the last few days, companies like Visa, Mastercard, PayPal and Amazon.com have found themselves targets of coordinated distributed denial-of-service attacks, designed to force their websites and other infrastructure elements offline.

The campaign, which is called “Operation Payback” (and is reportedly headed up by Anonymous), is targeting companies that have denied service to WikiLeaks and its founder, Julian Assange.

In essence, what is happening is that lots and lots of individuals are hammering specific websites with TCP or UDP packets or HTTP requests. There are only so many resources to go around, which means that with enough individuals involved, even large websites can be taken down very quickly.

Most of the participants in Operation Payback are not hackers — at least not in the true sense of the word. Instead, these users are using computer programs — or more recently, simply visiting websites — in order to stage their attack.

The tool being used to power these attacks is called LOIC (Low Orbit Ion Canon). This tool, which was purportedly originally created to stress test networks, is written in C# and can be downloaded off open source code repositories like Github and Sourceforge.

LOIC can be used to target a website the user inputs, or using an option called Hive Mind, to connect to IRC or even Twitter, and grab information for a targeted web attack.

Sophos's Naked Security blog and Mark Hofman at the Internet Storm Center have more technical write-ups on how the program actually works.

Because C# will only work on Windows (Windows) computers out of the box (Mac and (Linux) users have to install additional libraries and do extra configuration), a port of LOIC also exists.


One-Click DDoS Attack


The most recent variant of LOIC is a new proof of concept that is floating around called JS LOIC. The “JS” in the title stands for JavaScript.

This proof of concept, which doesn't appear to have as many features as LOIC or Java LOIC — and may also be easier to stop — is actually pretty clever.

Rather than requiring a user download program to run, someone can just visit a web page with a single HTML file and press a button to carry out their part of an attack.

On the one hand, the trick of using JavaScript to carry out this kind of flooding attack is pretty clever. On the other hand, it's also pretty scary.

From what we can gather, the majority of the attacks on Operation Payback targets are not coming from web clients. However, that could change.

We would caution users against clicking on any links claiming to aid in this series of attacks. Not only is willfully participating in a DDoS illegal in many countries, you never know what is behind the file you download or what action clicking on that web button could trigger.

As with many other aspects of the (Wikileaks) saga, the distributed and de-centralized nature of the Internet (Internet) means that shutting down all mirrors for documents — or even for attack tools — is an exercise in futility.

via Mashable

Rate this post

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.