No Stopping Operation Payback

I have been closely tracking the Anonymous Hacker Group and its attacks against various Web sites and have found that the tool to initiate a denial of service attack has been downloaded over 40,000 times with the majority of downloads occurring in the US.

The tool was originally developed as an open-source network stress-testing tool. It was recently tweaked to include a central command-and-control module. Operation Payback’s ability to challenge serious sites and do that simultaneously is very much coupled to the introduction of the new version with its [command-and-control] capabilities. My speculation is that due to the substantial increase in downloads, it is highly likely this is no longer just a social movement, but also a technical movement like a botnet.

“The “voluntary” botnet is illegal. These attackers are downloading code which is performing an attack. Although they did not write the code, and although they are hiding behind the mask of so-called ideology, they are engaging in activity to disrupt a service. Which is illegal. Now with the rate of machines engaging in this activity, we are speculating that the hacktivists are now operating using involuntary botnets – infecting unaware victims to involve them in this campaign. And operating a botnet, is of course, an illegal activity.

The hacker group is in the process of coordinating botnets with over 100,000 computers capable of generating 800MGBPS traffic to increase the attack horsepower. An attack of that magnitude is likely to better test Amazon’s ability to deal with DDoS attacks.

Since yesterday alone the number of downloads for the Operation Payback Denial of Service tool has increased by 5,000:

This morning (GMT):

payback_1

Last night (GMT):

payback_2

To see how many downloads are occurring you can visit: https://github.com/NewEraCracker/LOIC/downloads for the command and control version or http://sourceforge.net/projects/loic/files/loic/stats/timeline for the manual download (you can change the date to get analysis on a different period).

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Amichai Shulman is Co-Founder and CTO of Imperva, where he heads Imperva's internationally recognised research organisation focused on security and compliance. Prior to Imperva, Amichai was founder and CTO of Edvice Security Services, a consulting group that provided application and database security services to major financial institutions, including Web and database penetration testing and security strategy, design and implementation. Amichai served in the Israel Defense Forces, where he led a team that identified new computer attack and defense techniques. He has B.Sc and Masters Degrees in Computer Science from the Technion, Israel Institute of Technology.