We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,079 News Articles

Website attackers could be easily traced

Researchers say it's easy to identify those helping in DDoS attack

Hackers using a tool to conduct distributed denial-of-service (DDOS) attacks against other websites in support of WikiLeaks can easily be traced, say security researchers.

Thousands of people have downloaded the 'Low Orbit Ion Cannon', a tool that bombards a targeted website with garbled traffic in an attempt to knock it offline. The tool has been promoted by Anonymous, a loose-knit group of online campaigners that has attacked companies that cut off support for WikiLeaks since it began releasing secret US diplomatic cables in late November.

But researchers at the University of Twente in Enschede, Holland, say it is easy for ISPs to identify those using the tool, as it takes no measures to protect the identity of its users, according to their paper.

There are several versions of the Low Orbit Ion Cannon: one is a client application that is downloaded by a user and can be remotely controlled via an IRC (Internet Relay Chat) or be manually configured. The other is a JavaScript-based website.

With the client application, the targeted Web site can see the real IP (Internet Protocol) address of the computer conducting the attack, the researchers said. The IP address can be linked to the ISP providing the service, which can then investigate which subscriber the address corresponds too. The same condition happens when someone uses the Web-based tool.

One method used by those conducting a DDOS attack is to configure the program to use a fake IP address, but the Low Orbit Ion Cannon does not do that. DDOS attacks can also be coordinated using a botnet, or a network of machines that have been compromised. The owners of those computers are usually unaware their computers is infected and taking part in an attack.

The danger with the WikiLeaks attacks is that many of those less tech-savvy people eager to join the online campaign may be unaware that they can be traced.

"The current attack technique can therefore be compared to overwhelming someone with letters but putting your real home address on the back of the envelope," the researchers said.

In the European Union, telecommunications operators must retain data for six months, which "means that hacktivists can still be easily trace after the attacks are over".

Already, police in the Netherlands have arrested two teenagers in connection with the attacks. Dutch prosecutors said one of them was easily tracked down.

The DDOS attacks, dubbed Operation: Payback, by Anonymous appear to be continuing, according to security vendor Imperva. The Low Orbit Ion Cannon has been downloaded about 67,000 times, Imperva said.

MasterCard, which stopped processing payments for WikiLeaks, was attacked again over the weekend, with statistics showing it experienced some downtime, according to Netcraft. A vast majority of security vendors are now labeling the Low Orbit Ion Cannon a threat and will block the program, Imperva said.

Imperva also said it has been monitoring some of the communication between people coordinating the attacks. Those attackers are recommending to develop a system by which people are lured to some other content, such as pornography, but by visiting the website would invisibly launch the DDOS JavaScript tool.

See also: How to detect and thwart DDoS attacks


IDG UK Sites

Swatch to release its own line of smartwatches to rival iWatch

IDG UK Sites

From the iPhone 6 to the iWatch and a new Apple TV we look at the products Apple is set to launch...

IDG UK Sites

Miranda July's Somebody app offers a very unusual take on messaging

IDG UK Sites

The 7 most ridiculous iPhone 6 rumours: what Apple WON'T reveal on 9 September