Cyber Defense Weekly: Anonymous Attacks, Dutch Cyber Strategy

Tuesday, January 24, 2012

Cyber Defense Weekly

6d1c762d9c16395a7e258d098091ee00

The week ended with a bang as Anonymous hooligans went on a rampage in reaction to the Justice Department take down of MegaUpload.com  

Is Crowd-Sourced DDoS from Anonymous a Threat?

On Thursday, January 19, the US Justice Department shut down MegaUpload.com and arrested four of its members in New Zealand. The file sharing site was known for being a popular means of distributing music and videos as well as large files of leaked credit cards and usernames.

Anonymous was quick to react. At one point over 5,000 members used LOIC (Low Orbit Ion Cannon), a simplistic Denial of Service tool, to target and disable the sites:

  • Justice.gov
  • FBI.gov
  • Universal.com
  • RIAA.com
  • MPAA,com

Then over the weekend Anonymous Brazil got in the act with attacks against two Military Police sites:

  • pm.go.gov.br
  • policiamilitar.rj.gov.br

And, while they were flexing their muscles they took down payment card industry sites:

  • Mastercard.com.br
  • Visa.com.br

Anonymous Brazil also responded to the call to attack Polish sites because Poland was the next country to vote on the ACTA Agreement, a measure to counter online piracy. Both these sites were claimed to have been disabled:

  • mkidn.gov.pl
  • premier.gov.pl

So what is the  damage to these organizations and their infrastructure? Nothing. Nada. The sites come back as soon as the Anons get bored. Crowd sourced attacks are not effective. Twitter and IRC channels have to be used to continue the riots. 

But each attacker only has so much time and energy. And while they are attacking their computers and Internet connections are busy. It's like trying to get a crowd at a stadium to do the wave. As soon as the pitcher winds up on the mound the wave peters out.

What should you do if you are the target of an Anonymous DDoS attack? Just wait, they will go away...

Now, if you are worried about more powerful DDoS, such as one driven by a botnet you might want to consider hosting with CloudFlare or Akamai. Or you could buy special purpose equipment from Corero. Or you could sign up for Prolexic or Verisign's cloud based defenses.

All of these make sense if a DoS means loss of revenue.

Dutch Cyber Strategy Document

Open source researcher Matthijs R. Koot has provided a translation of the recently published Dutch Advisory Council on International Affairs document on Digital Warfare. It contains some of the first thinking on how to interpret UN Charter non-aggression language in terms of cyber aggression. Worth the read!

Best of @cyberwar

I post frequent updates to the @cyberwar stream on Twitter. Follow me for breaking news and commentary.

Possibly Related Articles:
16897
Network->General
Information Security
Denial of Service Cyberwar Attacks DDoS Anonymous DOJ LOIC hackers Netherlands Cyber Defense SOPA PIPA Protest Megaupload Low Orbit Ion Cannon Matthijs R. Koot ACTA Agreement
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.