Anonymous tricked people into joining Web site attacks
If you clicked a link distributed by Anonymous yesterday, you may have unwittingly helped the online activists in their attacks against U.S. government and entertainment industry sites that were organized to protest proposed antipiracy legislation.
Anonymous has launched distributed denial-of-service attacks, designed to shut down Web sites, against government and corporate sites in the past. Typically, supporters download software called Low Orbit Ion Canon (LOIC) that directs their computer to repeatedly try to connect to a target Web site. So many digital knocks on the door, as it were, can shut a site down so no one can get in.
However, the source of the attack—the IP address for the individual computers attempting to access the site—can easily be traced when LOIC is used, putting participants at risk of prosecution. (Despite that threat, people have been downloading LOIC like mad since Wednesday, including more than 19,000 downloads in the last day, according to a blog post by security firm Imperva.)
So, Anonymous has come up with a way to allow people to participate without risking arrest. In protest of the Stop Online Piracy Act (SOPA), as well as yesterday’s government takedown of file-hosting site Megaupload and the indictment of its operators, Anonymous launched DDOS attacks on more than a dozen sites and used a new tactic.
The group distributed Web links yesterday during its attacks on the Department of Justice, FBI, Universal Music and a host of other sites, that made joining the attacks as easy as clicking the mouse. The links led to Web pages with special JavaScript instructions that automatically redirected the visiting computer to a Web site being targeted for attack. The computer continues attempting to access the target site until the Web page is closed.
Another version of the tool, for people willing to participate, would direct computers to a Web page on which a visitor could type in the IP address to target and the page would automatically refresh in the background so the computer would continually try to access the target.
The tool relies on JavaScript being enabled, and given how many Web sites require JavaScript, it’s likely most of the people who clicked the links were unwittingly drawn into the attacks.