Dutch police announced Thursday they have arrested a 16-year-old boy for allegedly participating in the online attacks against Visa and MasterCard as part of a vigilante campaign to support WikiLeaks.
The secret-spilling site has raised the ire of the U.S. government and others around the world for its ongoing release of secret diplomatic cables allegedly provided to the site by Army Pfc. Bradley Manning. Though only a small portion of the 250,000 cables WikiLeaks possesses have been released so far, the cables include revelations about how countries in the Middle East urged attacks on Iran, what the U.S. diplomatic corps thinks of world leaders such as Russian President Vladmir Putin, and the details of behind-the-scenes negotiations on repatriating Gitmo prisoners, among other topics.
The U.S. State Department calls the publication “illegal,” and the Justice Department is investigating ways to indict the organization’s outspoken leader, Julian Assange. However, no news organization has ever been successfully prosecuted for publishing classified information, and no charges have yet been filed against Assange for the leaks.
According to a press release issued by the National Office, the boy confessed to participating in attackson the U.S.-based payments processing firms that angered WikiLeaks supporters by cutting off the ability to donate to the group using their cards. In response, a loosely organized group that goes by the name Anonymous organized a denial of service attack on a Swiss bank that cut off funds to the group’s founder Julian Assange, along with attacks on Visa.com, MasterCard.com and PayPal.com.
The attacks were the online equivalents of sit-ins, and while they successfully kept people from visiting the sites at certain times yesterday, they did not affect the payment-processing networks of the company. However, the attacks did impede certain transactions with credit cards that require users to use an additional online password form, known as Verified by Visa and Secure MasterCard.
The investigation from the Dutch High Tech Crime Team was commissioned by the National Prosecutor in the Netherlands. The announcement did not mention what crime the youth was being charged with, nor did it indicate whether the police thought the boy was deeply involved with organizing the group or was just one of thousands who volunteered their computers to attack the websites.
Online speech and corporate attempts to control it have sparked firefights before, but the naked control of commercial service providers over WikiLeaks’ cash flow and internet presence has sparked an unprecedented reaction that may not be easily brought to heel.
Anonymous, which started out with a digital-age teenage-prankster ethic, is not a traditional organization, but more of a banner under which individuals can call on others to join a cause or attack, which usually begins on the notorious /b/ message board, the “anything goes” section of the popular 4Chan message boards.
Anonymous has a history of such attacks, including a recent campaign against the record industry for attacking file sharing sites, mass-infiltrating an online game for kids to protest its stupidity, and an earlier long-running campaign against the Church of Scientology.
The Scientology attacks were investigated by the FBI, and two Anonymous member were prosecuted for clogging Scientology’s websites.
Few who are part of Anonymous are actual “hackers,” and instead join in the attacks by running specialized software provided by more technically adept members. Instruction for which sites to target and when are passed around dedicated online chat channels and websites, creating a sort of online insurgency.
Anonymous’ DDoS tool has an unusual twist, according to denial of service protection expert Barrett Lyon, incorporating features that allow members to connect to the botnet voluntarily, rather than mobilizing hijacked zombie machines. It is called LOIC, which stands for “Low Orbit Ion Cannon,” and evolved from an open source website load-testing utility.
A new feature called Hivemind was added, which connects LOIC to the anonops server for instructions, and allows members to add their machines to an attack at will.
However the software does not mask a user’s IP address, and has generated complaints from its users that it sucks up all their available bandwidth when it’s in attack mode.
Despite the high level of organization, Lyon said the attacks themselves are not particularly sophisticated. “It is mediocre, at best,” he said. “There is a lot they are doing wrong, and yet they are still succeeding.”
Taken from wired.com/