Numerous people may unwittingly be assisting Anonymous in its current campaign against the US Department of Justice (DoJ) and various Websites owned by film and music tycoons.
The hacker group has been peppering the sites with DDoS attacks to protest at the downing of the Megaupload file storage site. An international crimebusting team, headed by the DoJ’s Federal Bureau of Investigation (FBI), took over the Megaupload site and arrested many of its organisers.
Anonymous posted the following message: “We Anonymous are launching our largest attack ever on government and music industry sites. Lulz. The FBI didn’t think they would get away with this did they? They should have expected us.”
According to Graham Clueley, a Sophos’ Naked Security blogger and senior technology consultant, the group has been relying on natural curiosity to entrap “helpers”. By seeding Twitter with links in tweets, in a number of languages, the inquisitive reader is led to comments on the Pastehtml.com Website. The unsuspecting visitors may not realise it but they have been tricked into allowing their PCs to be used as DDoS bots.
Visitors who arrive at the site with JavaScript enabled will instantly be hit with a script that ties their machine into the botnet. No user interaction is involved and the script runs without the user being aware. The computer is then forced to flood a target of Anonymous’ choosing with network traffic.
Current targets appear to be the Recording Industry Association of America (RIAA) and Universal Music Group which have ceased to operate, but it has also aimed its guns at the DoJ site and several other digital rights supporters. A new assault on Whitehouse.gov has also been released.
The trick is aimed at obscuring the Anonymous group’s activities following several arrests of key members last year. Anyone arrested for the current attacks will claim to be unwitting stooges – an argument that has succeeded in the past.
In an attempt to sue various habitual music downloaders, the music industry convinced the courts that IP addresses never lie and that the owners of these addresses must be the guilty party. In May last year, a US judge ruled that an IP address did not equate to a person and the RIAA cases started to fall apart.
At the end of the year the RIAA was embarrassed when its IP addresses were found to be cruising illegal download sites and the organisation had to use the “it was not me, it was a spoofer” defence.
The problem for the involuntary attackers is that DDoS attacks on US government sites are being viewed as terrorist attacks. Anyone caught doing so is liable to prosecution, even UK citizens are likely to be extradited. The accidental terrorist argument may not prove to be sufficient defence.
Landmark ruling finds NSO Group liable on hacking charges in US federal court, after Pegasus…
Microsoft reportedly adding internal and third-party AI models to enterprise 365 Copilot offering as it…
Albania to ban access to TikTok for one year after schoolboy stabbed to death, as…
Shipments of foldable smartphones show dramatic slowdown in world's biggest smartphone market amidst broader growth…
Google proposes modest remedies to restore search competition, while decrying government overreach and planning appeal
Sega 'evaluating' starting its own game subscription service, as on-demand business model makes headway in…
View Comments
hell yea! GO ANONYMOUS!!! i really hope they can pull it off..since it's all BS...SOPA/PIPA were junk + MU arrest was unfair + I don't think swizz he has any legal connections to MU...imo it was all fabbed up to get other celebrity endorsements.
p.s. looks like someone is pissed - FBI vs ANONYMOUS video:
http://www.peeje.com/anonymous-hackers-we-legion-211/