Anonymous isn't: LOIC leaks internet address of user

Researchers at the University of Twente in the Netherlands report that the LOIC (Low Orbit Ion Cannon) software used in pro-Wikileaks Anonymous attacks discloses the identity of the user.

If hacktivists use this tool directly from their own machines, instead of via anonymization networks such as Tor, the Internet address of the attacker is included in every Internet message being transmitted. In the tools no sophisticated techniques are used, such as IP-spoofing, in which the source address of others is used, or reflected attacks, in which attacks go via third party systems. The current attack technique can therefore be compared to overwhelming someone with letters, but putting your address at the back of the envelop. In addition, hacktivists may not be aware that international data retention laws require that commercial Internet providers store data regarding Internet usage for at least 6 months. This means that hacktivists can still be traced easily after the attacks are over.

Here's a PDF with details on the report. Attacks by "Anonymous" WikiLeaks proponents not anonymous utwente.nl (via Slashdot)

Boing Boing editor/partner and tech culture journalist Xeni Jardin hosts and produces Boing Boing's in-flight TV channel on Virgin America airlines (#10 on the dial), and writes about living with breast cancer. Diagnosed in 2011. @xeni on Twitter. email: xeni@boingboing.net.

MORE: privacy • security • Technology

More at Boing Boing

Eurovision 2013: An American in London

The technology that links taxonomy and Star Trek

Frank W

If free enterprise existed, it would be forbidden.
Hath

LOIC is open source – search for it on http://sourceforge.net.
Its clear to see from this that is not sophisticated or loaded with mall-ware. it simply opens a socket and sends a message over and over.

Anyone using it would look at the source code and recognise that straight away and take steps to hide there illegal-ness in another way. Such as finding an open wireless connection or whatever.
Anonymous

When I read the story title, I thought the same as everyone else “Isn’t this common knowledge since the old DDoS days of the mid to late 90′s?”

I actually read the report, and thought it was an OK tech doc, it could of had more info or be more than several pages.

My impression is that it was done by freshman students as a school project. Most of the researchers (students) are studying network intrusion and detection. Except Rick Hofstede who graduated last year? I think Tiago Fioreze was scared and put someone else’s name?

However I did like that they told you how NOT to get caught by just blaming it on a virus on your computer. This worked well for me as a defense against Viacom and The Broken Lizard productions which kept me out of court. Also an IP address has already been proven (In the USA) that its not proof, or not accepted as evidence that the origin was actually you.
- Cowicide
  
  Also an IP address has already been proven (In the USA) that its not proof, or not accepted as evidence that the origin was actually you.
  
  You might want to let people who’ve been sued by the RIAA that.
Rob

I’m a fan of nonviolent forms of protest and civil disobedience… Unless such forms take the useless and unnecessary step of criminalizing the protesters. When the war protests were happening in my hometown several years ago, the organizers would inevitably have some sort of planned way that a signifigant number of people could get themselves arrested, or kettled, or teargassed for no good reason, and accomplishing nothing but getting people marginalized.

This action of DDOSing the sites down is a direct action… Not civil disobedience. It crosses a line from a token action of protest like a sit in and drum circle to something akin to chaining doors closed and supergluing locks shut. That kind of action requires one to not get caught to be effective. But activist-ism has clouded the judgements of so many… people confuse empty pointless gestures with real and effective acts of protest.

Best thing these “kids” have going for them is often they are just kids. Harder to prosecute. It’s trivial to track down 1000s of IP addresses. Cutting a thousand Internet connections off is doable. Backing access lists upstream on routers to stop DDOS traffic is simple. These companies and ISPs are sadly unequipped to deal with low tech floods from the same IPs and that’s just sad. What happens if they face a real enemy with sophisticated methods?

Proving intentional D/L and use is not tricky, depending on how far those looking want to go. Law enforcement seems to want to treat Wikileaks as a terrorist organization. That is a lot of heat. Antiterrorism doesn’t seem to know any bounds as far as what they will and won’t do. I assume more arrests are going to occur soon.
- Anonymous
  
  This sort of DDoS attack is exactly like a sit-in. It’s also no different than people calling the company phone # and asking dumb questions to tie up all the lines or walking in to a company’s physical location.
  
  It is definitely *not* hacking by any stretch of the imagination.
  
  Why do the attacked companies assume they have any sort of innate right to quality of service on the Internet? They’re using the network *we* are paying for to promote their own business. IMO we should all be getting a cut of those companies profits that is going over this infrastructure that is mostly funded by *us*. Who cares if company X site is up or down – I don’t. If we follow this logic then my local ISP will get sued by all those companies for business lost any time they can’t maintain their Internet connection. Hey they lost all those potential transactions. Bullshit.
  
  The Internet is a best effort medium, it doesn’t have enough capacity to support everyone using all their bandwidth at once. For return you get a really low price on your connection.
  
  If they want guaranteed QoS they can use other networks that provide that. They’ll be paying a lot more.
  
  If they don’t want anyone protesting against them they better hold themselves to the highest standards.
YarbroughFair

Does anyone know how to delete the LOIC? I downloaded it but could not figure out how to use it. I now have it and can’t delete it. If I try to select it I can’t, I can’t even inspect it. The only thing I can view is the time it was created 10/09/09. I also have a temporary file folder that was created on 12/08/10 that I also can not delete.
semiotix

I’m actually mildly surprised to find that the LOIC is buggy, or at least so easily counter-exploited. I doubt that was intentional or desired.

What I’m NOT surprised is to find a lot of consternation, FUD, and woo swirling around the now somewhat more obvious fact that Anonymous is more about social engineering than l33t haxx0ring, and that its target in that regard is not its enemies but its friends.
Anonymous

If enough people were running Tor servers it would work.
Anonymous

Gasp! If you DoS from your internet connection, it reveals your IP address?!
Ugly Canuck

Just because there’s no legal claim, does not make the action any less wrong.
Mitch

I hate the term “hactivists”. They are just sad little saboteurs who are neither hackers nor activists.

I hope a lot of them get prosecuted. They are just interfering with free enterprise and they are not helping Wikileaks or free speech one little bit.
- mdh
  
  I dunno Mitch, I think it gave a lot of people who felt powerless a feeling of empowerment – however misguided – and that’s a good thing.
  
  At least admit it kept “those meddlin’ kids”off your lawn for a day or two.
- Anonymous
  
  Let’s kill them all Mitch, the bastards.
- Art
  
  I agree, Mitch, but it does give the little whippersnapers something to do. After all, if you still lived with your folks and never had a date, this would be a really cool thing to do.
  
  Imagine the bragging rights in the school cafeteria?
- Cowicide
  
  I hate the term â€œhactivistsâ€. They are just sad little saboteurs who are neither hackers nor activists.
  
  If you’ve researched how this has developed and you still think only â€œsad little saboteursâ€ were behind the attacks, then you’ve only succeeded in simplifying and compartmentalizing the attack into your own narrow (yet comfortable) world-view. Are you relying on the “anonymous images” that have been “published” to form your opinion on ALL the attackers and organizers on all fronts? It certainly appears so.
  
  I hope a lot of them get prosecuted. They are just interfering with free enterprise and they are not helping Wikileaks or free speech one little bit.
  
  These attacks are a call to action to the people who still have healthy skepticism and aren’t fully indoctrinated by television and radio. Itâ€™s not a whimper. Itâ€™s a stern voice by the public, thatâ€™s says, â€œNO MORE. You corporatists have stepped over the line.â€ And, the more people support this stern voice, the better.
  
  What the alternative? A boycott? More wikileaks mirrors?
  
  While still a fantastic display of civil disobedience, mirrors just basically get us back to where we started and arenâ€™t sensational enough to penetrate the corporatist media firewalls.
  
  If you think a boycott is going to penetrate the indoctrinated through the corporatist media firewalls, GOOD LUCK with that, because it hasnâ€™t happened in decades. The media will hardly cover the boycott and itâ€™ll die with a whimper if it’s not propagated by the mainstream media.
  
  The attack is covered by the mainstream media because it makes them money. It draws interest and advertising. A boycott will help, but will not work alone at this point… itâ€™s too quiet. You absolutely have to use the corporatist media in ways where it’s weak and it’s only weakness is greed. They will cover the actions only if it’s interesting to the general public and it makes them…. MONEY.
  
  Would there be this much interest if there had only been a small boycott right now? The boycott needs to get HUGE. These attacks will have made that possible, nothing else could get through the mainstream media corporatist firewall.
  
  Whether you like it or not, the attacks were a success. Everyone from WIRED magazine down to CNN is trying to frame it as a sputtering, unsuccessful venture, but they apparently missed the point… and the point was to penetrate the corporatist media firewall. Successful attack was successful.
  
  Oh, and it can happen again and again as needed. Now if you, Mitch, are raising hundreds of millions of dollars and somehow can get airplay all over the corporatist media about wikileaks, then have at it, buddy.
  
  And, it was very well known from the very beginning that the LOIC didnâ€™t obfuscate IP addresses. But, thatâ€™s another discussion Iâ€™ll save for a more worthy opponent who doesnâ€™t worship at the alter of â€œfree enterpriseâ€.
  - blurgh
    
    “If you’ve researched how this has developed and you still think only â€œsad little saboteursâ€ were behind the attacks, then you’ve only succeeded in simplifying and compartmentalizing the attack into your own narrow (yet comfortable) world-view. Are you relying on the “anonymous images” that have been “published” to form your opinion on ALL the attackers and organizers on all fronts? It certainly appears so.”
    
    My, aren’t we defensive?
    
    Obviously anyone who disagrees with you must be completely unaware of the subtle details. Otherwise they couldn’t possibly disagree. You’re not a sad little saboteur. You’re a hacktivist! With a ‘k’! That’s important! Quick, lecture them!
    - Cowicide
      
      Your panties. They’re in a bunch. Pick them out. You’ll be OK.
    - mdh
      
      my, aren’t we condescending and insecure.
  - user23
    
    well said, well said.
    
    re: Wired, CNN being ‘news’ outlets. HA!
    
    look who owns them. Ever noticed how many Wired articles pimp the latest death weapons o’ war?
    
    regarding the publication of IPs…someone was playing a little game on 4chan last night (so I heard. I never step into that cesspool) and publishing images of IPs taken from IRC channels….right next to statements by anonymous users & their nicks. Oops.
  - Jack
    
    These attacks are a call to action to the people who still have healthy skepticism and aren’t fully indoctrinated by television and radio.
    
    Itâ€™s breathlessly hilarious to read you trying to connect anyone against the â€œAnonymousâ€Â DDoS attacks as implicitly being â€œbrainwashedâ€ by â€œtelevision and radio.â€
    
    You sir, are hilarious! You are making Myrna Minkoff envious.
    - Cowicide
      
      Itâ€™s breathlessly hilarious to read you trying to connect anyone against the â€œAnonymousâ€ DDoS attacks as implicitly being â€œbrainwashedâ€ by â€œtelevision and radio.â€
      
      Catch your breath, calm down your little hissy-fit and you might realize the actual point of my post if you look at it in context.
      
      So I’ll quote you ONCE AGAIN… you say:
      
      They are just interfering with free enterprise and they are not helping Wikileaks or free speech one little bit.
      
      And I say that they rally people who aren’t already indoctrinated to hate wikileaks through media influences (who do YOU think influences them, genius?). In other words, if someone is already against wikileaks, they are already lost.
      
      If someone had the critical thinking skills to support wikileaks in the first place, these attack would not dissuade them from supporting wikileaks and in many cases it helped spread the word and brought more supporters into the fold who would have never known about wikileaks before (see mainstream media coverage).
      
      People with critical thinking skills aren’t going to stop supporting wikileaks because of the actions of others. Bringing more awareness to the ongoing battle helped and if you bother to research the aftereffects you’d know that too.
      
      There. I spoon-fed it to you. Hopefully now you can digest it.
  - Mitch
    
    “Whether you like it or not, the attacks were a success.”
    
    A success at what, scaring financial service providers into believing they will be attacked if they stop out of line? I don’t see one of those companies changing their minds about doing business with Wikileaks.
    
    Attacking Mastercard, Visa, Paypal, and Amazon has not helped Wikileaks one little bit. It is more likely to polarize people against Wikileaks and make it look like an organization supported by saboteurs and computer criminals.
    
    On the other hand, many small entrepreneurs sell on Amazon and Ebay and sabotaging the companies that we rely on to accept payment from customers interferes with our ability to earn a living.
    
    I suppose it helps a bunch of script kiddies using a program to flood a server with request feel like little revolutionaries, though!
    - Ugly Canuck
      
      Yeah, Mitch, better they be doing this and learning about computers, than be laying in some dirty alley shooting crack and be thinking about who to rip off to get the cash to pay for their next hit.
    - Cowicide
      
      A success at what … ?
      
      WikiLeaks grows stronger as supporters fight back
    - AnthonyC
      
      “Attacking Mastercard, Visa, Paypal, and Amazon has not helped Wikileaks one little bit.”
      
      I’m surprised no comment has touched on the obvious yet: a single protest never has lasting impact if it happens in a vacuum. Nothing is that easy. In order for anything to happen, they need to do it again. And again. And again, until service providers reverse their decision. If we’re serious about opposing the decision they made to stop doing business with Wikileaks, then the way to make this tactic effective (if you think it’s a tactic we should be using) is to DDoS *until it has an impact.* I’m sure that if you could take Paypal down for an entire week, it would amount to a significant hit on their earnings. It’s just like picketing outside a store, or sitting in at all the seats at a lunch counter. If you do it for an hour, it’s an annoyance. If you do it for many days, it’s a serious issue you need to actually deal with.
      - Mitch
        
        The only effect it is going to have is cause financial loss for all the merchants and individuals who need the services provided by the companies they are attacking, and that is what makes their method of protest morally wrong. There’s too much collateral damage. Shut down Paypal for a week and I don’t make my January rent (and I’m a goddamned Wikileaks supporter, at least for now) , but Julian Assange is still locked up and the US government will still try to find a way to prosecute Wikileaks or pressure another government to prosecute them.
        
        Mastercard, Visa, Amazon, and Paypal are not going to give in to a bunch of petty criminals. Why should they? That would set a terrible precedent.
        
        A constructive solution- providing an alternate way for Wikileaks to receive funds- would be a lot more impressive than the destructive non-solution of attacking companies that are afraid to continue to do business with Wikileaks.
      - futnuh
        
        Shut down Paypal for a week and I don’t make my January rent (and I’m a goddamned Wikileaks supporter, at least for now) , but Julian Assange is still locked up and the US government will still try to find a way to prosecute Wikileaks or pressure another government to prosecute them.
        
        I’m tired of hearing how the Paypal protest impacts on small business. If one’s financial solvency is truly threatened by a one-week PayPal outage, your business is going to fail regardless â€¦ it’s just a matter of time.
        
        No one expects the DDOS attack on Paypal to result in an about-face. It might make other corporate behemoths think twice though before caving in to government pressure.
      - Mitch
        
        Well, I don’t care if you’re tired of hearing about it. It’s completely unfair to punish small businesses because financial service providers are afraid of the potential consequences of doing business with Wikileaks.
      - Anonymous
        
        What if paypal close your account tommorow becouse you they got told to by the gov ? This is the case here. They closed wikileaks accounts not becouse they did something illegal or break the terms but becouse USA gov told them to. how can you feel safe whats the difference between mafia and government?
      - Antinous / Moderator
        
        Well, I don’t care if you’re tired of hearing about it.
        
        Well, you should care, because the Comment Policy is explicit about not repeating yourself, and you have a long and tedious history of doing just that. Consider this an official warning.
      - OldRipbeak
        
        Looking at Mitch’s recent history in this thread, it doesn’t seem to me like s/he’s repeating unnecessarily. It’s certainly not to a point where I would consider it worthy of banning. The fact that many small businesses may have been unfairly disrupted by Anonymous’s DDOS attacks is a valid point that Anonymous’s supporters seem to dismiss by saying that the ends justify the means. The fact is that a DDOS attack is extortion; to claim that extortion is a valid tactic means you must surrender the moral high ground.
      - mdh
        
        you might check some other threads. Mitch makes the sound of one axe grinding.
      - Mitch
        
        “No one expects the DDOS attack on Paypal to result in an about-face. It might make other corporate behemoths think twice though before caving in to government pressure.”
        
        In other words a company’s business decisions should be driven by fear of what a criminal organization might do to the company if the criminals disagree with a choice the company’s management makes.
        
        Great, let’s be ruled by extortion.
      - merreborn
        
        In other words a company’s business decisions should be driven by fear of what a criminal organization might do to the company if the criminals disagree with a choice the company’s management makes.
        
        Great, let’s be ruled by extortion.
        
        Take out the negative bias, and you’ve pretty much just described the free market. Public opinion drives business decisions. Would you argue against boycotts?
      - Ugly Canuck
        
        The free market?
        Are you sure you don’t mean the IRS, or any other tax collecting authority?
        
        But seriously, I wouldn’t use the word “criminal” to describe those organizations…that’s really not the accurate way to think about it!
- Cowicide
  
  I hate the term “hactivists”
  
  Oh, by the way, it’s properly spelled “hacktivists”. The only other mouth-breather I know that spells it the way you do is Matt Drudge.
  - Mitch
    
    Oh, are we picking on typos now? Shame on me for not proofreading! It’s mighty brave of you to insult me anonymously, though!
    - Cowicide
      
      Oh, are we picking on typos now? Shame on me for not proofreading!
      
      Just thought it was funny that you spelled it the same as Drudge did. You can continue with your hissy-fit as normal though because it just makes it all the more funny.
      
      It’s mighty brave of you to insult me anonymously, though!
      
      So your full name is Mitch? Kind of like Cher or Madonna? Or are you simply a hypocrite?
- wnoise
  
  They are just interfering with free enterprise and they are not helping Wikileaks or free speech one little bit.
  
  I think the strongest comparisons of these DDoS attacks to real world tactics are the sit-ins of the civil rights movement. (Note, I’m explicitly *not* comparing the motivations and moral justifications.) There you also had people interfering with free enterprise by having non-customers take up resources that were intended for customers, in an effort to have businesses change their policy on who they would take for customers.
  - Mitch
    
    A sit in isn’t going to cause any harm to a regular guy trying to make ends meet by selling stuff on Amazon and Ebay, though.
    - wnoise
      
      Mitch, a sit-in does cause harm to the other customers of the business. Their plans are disrupted, because they can no longer count on doing business there, and these other customers are the analogous ones to the people selling things on eBay.
      - andygates
        
        wnoise, a sit-in’s harm is about as benign as you can get and still be “action”. While it’s in place, the organisation is interrupted and its customers are unable to do their thang: that’s the whole point, no? And when the sitters-in stop, they go away and no lasting harm is done.
        
        (sweaty sysadmins reaching for a case of beer don’t count)
        
        The disruption to the customers is, of course, part of it: “Oh, don’t shop there, Marlon, it’s always up and down with that hacker stuff.” And the word “hacker” is like “radiation” in carrying all sorts of extra-fine scary to the unedumacated.
josiah4jc

The tool makers have accomplished both their goals:
1. Give it to the man, in the nuts.
2. Give it to the noobs, in the nuts.
I am in awe of the flawless execution of both goals.
Chevan

I don’t see why anyone expected it NOT to broadcast your IP. The point of the tool’s use in the attacks was to make DDOS’ing as easy as possible, not to make it secure.

The point was security through obscurity, the same as with piracy. The more people that pirate, the lower the odds that when it comes time for the **AA to hand out lawsuits, your name isn’t on the list. Same deal here.

They wanted to get as many people as possible running the software. The more people running the software, the bigger the attack and the more comfortable people feel as part of the crowd. Including any kind of security or proxy activity would require either A. the user to set it up, which raises the barrier for people to join the attack, or B. puts all the traffic through a known set of proxies, making it easier to block the traffic.

Now, whether all this is an effective strategy, I don’t know (and I especially doubt that when you’re fucking with the government’s business they’re just going to throw their hands up and only pay attention to a few choice targets), but really this shouldn’t be surprising.
- Chevan
  
  Whoops, that should have read “lower the odds that your name IS on the list”
  
  My bad, but you probably got what I meant.
headfoo

Excellent honeypot software :-)
Anonymous

Whooooops I guess some folks are probably gonna be involved in some lawsuits and possible defending themselves in a Court over “hacking” charges. I guess when folks misbehave then there is always some way to find them. Forensic science includes computer searches these days. SO if your up for cavity searches and having your “puter” dismantled then “go for it”.
Anonymous

Everybody is aware of this, and it is declared up front. What’s more, using things like TOR with the software results in the software targeting TOR, not the target site (VPN can be used though).

It is accepted that your IP address is public. The point is, are they really going to try and track down thousands and thousands of internet users from across the world? Doubtful.
MrJM

“Somebody stepped on my dick! Oh, wait… it was me.” — Anonymous
Fang Xianfu

#2: It’s not a honeypot – read the post. It’s saying that the software does nothing to protect the LOIC user’s IP address from the people the user is attacking, or from anyone who might be listening (ie, the user’s ISP). It’s not saying that LOIC deliberately sets out to harvest IP addresses of users.

#1: I’m pretty certain you’ll have a hard time proving beyond reasonable doubt that the user was malicious and not, say, part of a botnet, even with such records. I guess we’ll see, but I wouldn’t hold your breath.
- OldRipbeak
  
  “I’m pretty certain you’ll have a hard time proving beyond reasonable doubt that the user was malicious and not, say, part of a botnet, even with such records. I guess we’ll see, but I wouldn’t hold your breath.”
  
  From what I can tell, the LOIC software has to be consciously installed by the user. There may be viruses/worms that install software that behaves in a similar manner, but I think the presence of LOIC on someone’s machine would be fairly damning if coupled with IP address info. Unless there already is a virus/worm that installs LOIC without the user’s consent, I wouldn’t bet on LOIC users having plausible deniability. At the very least, I would imagine that this revelation is going to have a bit of a chilling effect on future Anonymous attacks.
  - Anonymous
    
    “From what I can tell, the LOIC software has to be consciously installed by the user”
    
    That might be the case, but who’s to say the person you’re prosecuting is the user that installed? Could be family, friend, techie-down-the-road/-in-repair-shop or a remote user that’s backdoored machine already.
    
    Don’t want to stand up for the 4chan crowd, hitting 3rd party systems isn’t the answer (vandalism is vandalism; real world or virtual makes no difference); but I’m not a fan of the “it’s his IP, must have been him” train of thought.
    
    –Andrew/@infosanity
Brett Myers

Yes, yes, how dare anyone interfere with free enterprise.
- Curly
  
  Enterprise wants to be free?
Anonymous

This is well known. It’s a fairly loaded statement to say it “leaks” the IP address when it never proposed to hide it.

The reason that onion routing networks aren’t used is that it would totally flood the network used for anonymisation in the same way that is intended will happen to the target host.

Frequently ISPs will block IP Datagrams with forged source addresses. This is why clever IP spoofing techniques are not used (and possibly that the developers wanted to keep this a purely hacktivism tool, rather than a full on attack tool.)
Phart

“1) When corporations direct the government…

2) When corporations bow down to… government…”

Care to elaborate? Which is it, are corporations directing or bowing down to government?
BobbyMike

The sad thing is that even with this flaw being now known to exist there will still be people (kids?) using this software.

And how long until it makes it way into a TV show as a plot device?
- Nick
  
  “And how long until it makes it way into a TV show as a plot device?”
  CSI:4Chan?
Anonymous

Guys, I think you’re all missing the most important part of this revelation:

Consequences will never be the same.
- Anonymous
  
  Man, you had to go with that one?
  
  i would have gone with the slightly more obscure
  “GOOD LUCK, I’M BEHIND SEVEN PROXIES”
Anonymous

People are actually already being arrested in The Netherlands for these attacks.
http://www.nu.nl/binnenland/2399828/verdachte-van-aanval-website-aangehouden.html (dutch link)

The gist of that news story is that they tracked the dude down trough this same manner. Followingt he ip address sent in the packets. There’s a max jail sentence of 6 years for this kind of activity there.
jmcnaught

I really hope that people don’t start using Tor to cover their tracks while participating in a DDoS. Tor is already slow enough as it is, operating with very limited resources. If a DDoS campaign were conducted through Tor it would about to a denial of service on Tor itself. It’s best for the people who actually need Tor if Tor’s “tubes” aren’t clogged with the immense floods of traffic involved in a DDoS campaign.

About DDoS’ing, I can’t say that I’d advise anyone to use that tactic, but I think it’s important to consider it in context with other forms of resistance. How different is a denial of service from some of the nonviolent civil disobedience tactics used by the civil rights movement for example? It’s not their physical bodies that they’re putting in the way, but if one were to participate in a DDoS knowing beforehand that it can be traced back to them then one could argue that it still takes a measure of courage. It would be dishonest and shameful to label this tactic as terrorism if you ask me.

Another piece of context that gets easily forgotten is that the DDoS campaigns are a response to the extra-legal persecution of Wikileaks. Has the judiciary been involved in any of the decisions to deny Wikileaks access to services? What opportunities did Wikileaks have to defend itself against losing access to its bank accounts, donation channels and internet access?

It’s easy to see how angry, disenfranchised youngsters can justify tactics like DDoS when the behaviour of governments and corporations is so clearly wrong in this and many other cases. It doesn’t make them right. It means that there’s no simple break down of good team vs. bad team. If anything we should be happy that the kids from /b/ are interested in freedom of the press instead of picking on “no cussing” clubs and what not.
Anonymous

“DDoS is a legitimate form of civil disobedience.”
Seshan

This “problem” was already known, it’s the only way this could work. Either way, you can’t prove who was just connecting to the site or who was attacking it.
Anonymous

jmcnaught: “What opportunities did Wikileaks have to defend itself against losing access to its bank accounts, donation channels and internet access?”
What about using the courts to fight for their rights?
Remember, first the soap box, then the ballot box, then the jury box, then the ammo box. Going for the ammo box first, when the other resources have not been exhausted, is irresponsible.

Seshan: “Either way, you can’t prove who was just connecting to the site or who was attacking it.”
Perhaps the number of hits – a few versus a few million – may give them a clue.
- AnthonyC
  
  I don’t think they have any claim to bring to the courts. Their service providers’ TOS are generally broad enough that they don’t need to give a reason to terminating service. The real reason may be morally bankrupt, but that doesn’t amount to a real legal claim.
  
  And @#26: No, lynching is never ok, because murder is itself illegal. Connecting to a website it not inherently illegal, even if I do it many times. I don’t know what the people involved in the DDoS attacks can or can’t be charged with, but your conclusion does not follow from the previous comment’s argument.
jjsaul

I think it’s a good bet that there are some members of the “no such agencies” who are smart enough to realize that the best honeytrap on the internet would be free anonymous proxy services.

Just sayin’.

Anyway, I’d be concerned that trusting in a group of “elders” by virtue of their tag-teaming an IRC chatroom for a few years is going to result, inevitably and hilariously, in the gentlemen directing their interweb firepower onto some angry dude’s ex-wife.
nixiebunny

The D in DDoS means distributed. The attack only works if thousands of people engage in it simultaneously. A single person initiating a ping flood is harmless.

So anyone prosecuting the DDoS would have to bring conspiracy charges, and that won’t gain traction since the participants don’t know each other.

So how is the lack of anonymity a problem for the perpetrators?
- Ugly Canuck
  
  That’s right…like who could forget back when the NY State Police threw every single person who smoked grass at the Woodstock Festival into jail?
- Cowicide
  
  And as we all know everyone always uses their own Internet connection at their own home to do anything and everything on the Internet. There is no such thing as using a wireless hotspot, cracking the wifi and using someone else’s Internet, public wifi, etc. Hahaha…
lovelystrangeness

You mean they can be backtraced?!
Anonymous

nixiebunny: “The D in DDoS means distributed. The attack only works if thousands of people engage in it simultaneously. A single person initiating a ping flood is harmless.

So anyone prosecuting the DDoS would have to bring conspiracy charges, and that won’t gain traction since the participants don’t know each other.

So how is the lack of anonymity a problem for the perpetrators?”
So lynching is OK if it is done by a high enough number of people?
EH

BB goes breathless over hax0rz!

“Warning! Your computer may be broadcasting an IP address! Click here to learn how to fix it!”
Anonymous

The attacks on the corporations (and therefore the hassles they cause to customers) are totally justifiable because:

1) When corporations direct the government more so than the will of the people, the government is corrupt and therefore corporations are corrupt.

2) When corporations bow down to the will of an authoritarian government and therefore violate freedoms and rights of people, the corporation needs to be put in check.

3.) Anyone supporting such companies by giving them money need to suffer for their blind consumerism and therefore are taking part in the annihilation of our rights and freedoms.
Anonymous

You’re completely missing the point: No, I’m spartacus.
insert

I feel like this is pretty obvious. That’s how packets were designed, after all — they include your IP address.

I don’t think LOIC was meant to be a point-and-shoot, easy-to-use DDoS tool for the masses, but an easy-to-use one for people who already know what their doing and will use proxies or the public library’s wifi.

Fang Xianfu had a good point — there’s probably not any way to tell which users were involuntary members of a botnet (i.e. they got a virus) and which were voluntary members (i.e. using LOIC) without investigating the computers linked to the incriminated IP address. But if that IP leads to a NAT, there’s no way to tell which computer sent the pings (unless the router kept logs) and therefore might have the virus or LOIC.
Ito Kagehisa

There is no anonymity, nor is any required. The Internet address is not “leaked”, because it was never hidden and cannot be. It does not need to be hidden. A ping is not illegal in and of itself. IP spoofing, on the other hand, is strong evidence of criminal intent, and bouncing DDOS traffic off others without their consent is a criminal act.

Here’s a metaphor, Xeni, stay with me here.

The targeted site is like a convenience store. The people using the LOIC are like individual people joining the line at the store and asking the clerk what time it is. They aren’t doing anything illegal if each action is taken individually. However, because thousands of people are doing this, they are creating an incredibly long line, which prevents anyone who needs to do some shopping from being able to do it in a timely fashion. That is how it works; you are clogging the queue with people who have no intention of buying anything, they are just going to ask the clerk for a price check or directions. Get it? No anonymity.

Tor is like a person who performs actions on the part of other people. Like, you have somebody else go to the convenience store on behalf of ten people in your workplace and buy ten lottery tickets, one for each of you. The advantage is that the ten people get to remain anonymous because they don’t visit the store. But the Tor is not anonymous – he’s that guy who bought ten lottery tickets, perhaps for himself, perhaps for others.

If any significant number of people are foolish enough to redirect the LOIC through tor, three things will happen. First, the DDOS doesn’t work, because now instead of ten thousand people being in line you’ve got ten Tors in line. Second, you are making the Tors identifiable, so that Tor traffic is trivially banned – instead of banning ten thousand people who may or may not be legitimate customers, you just block ten Tors who are 90% likely to be LOIC channels. Third, you destroy Tor, because now you’ve created a way to trivially and automatically identify and segregate Tor nodes, which means it no longer works for penetrating dictatorial firewalls and protecting the identities of WikiLeakers and such.

So, to recap – redirecting the LOIC through an anonymizer will destroy both the effectiveness of the attack and the effectiveness of the anonymizer.

Red China and the Torturer General of the United States rub their hands in glee.
Anonymous

Well. Durr.
I told them to use hping3, but nobody listens to me.
They believe that their numbers will be too large for everyone to be persecuted. It works well for many, but some will fall.
- Anonymous
  
  IP spoofing, which is what hping3 does, does NOT work for most ISPs, because their routers block outgoing IP packets where the source IP address doesn’t match the costumer’s given IP.
  
  IP spoofing is mostly useful in a network with layer 2 switching.
Pantograph

You’re right. It is not fair. Fighting fair over the past decade has brought no results. The time of fighting fair when the other side fights dirty is over.
When the financial sector started denying service over politics they crossed a line. It is sad that it has had to come to this but I find it impossible to condemn the perpetrators of these attacks.