We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Website attackers could be easily traced

Researchers say it's easy to identify those helping in DDoS attack

Hackers using a tool to conduct distributed denial-of-service (DDOS) attacks against other websites in support of WikiLeaks can easily be traced, say security researchers.

Thousands of people have downloaded the 'Low Orbit Ion Cannon', a tool that bombards a targeted website with garbled traffic in an attempt to knock it offline. The tool has been promoted by Anonymous, a loose-knit group of online campaigners that has attacked companies that cut off support for WikiLeaks since it began releasing secret US diplomatic cables in late November.

But researchers at the University of Twente in Enschede, Holland, say it is easy for ISPs to identify those using the tool, as it takes no measures to protect the identity of its users, according to their paper.

There are several versions of the Low Orbit Ion Cannon: one is a client application that is downloaded by a user and can be remotely controlled via an IRC (Internet Relay Chat) or be manually configured. The other is a JavaScript-based website.

With the client application, the targeted Web site can see the real IP (Internet Protocol) address of the computer conducting the attack, the researchers said. The IP address can be linked to the ISP providing the service, which can then investigate which subscriber the address corresponds too. The same condition happens when someone uses the Web-based tool.

One method used by those conducting a DDOS attack is to configure the program to use a fake IP address, but the Low Orbit Ion Cannon does not do that. DDOS attacks can also be coordinated using a botnet, or a network of machines that have been compromised. The owners of those computers are usually unaware their computers is infected and taking part in an attack.

The danger with the WikiLeaks attacks is that many of those less tech-savvy people eager to join the online campaign may be unaware that they can be traced.

"The current attack technique can therefore be compared to overwhelming someone with letters but putting your real home address on the back of the envelope," the researchers said.

In the European Union, telecommunications operators must retain data for six months, which "means that hacktivists can still be easily trace after the attacks are over".

Already, police in the Netherlands have arrested two teenagers in connection with the attacks. Dutch prosecutors said one of them was easily tracked down.

The DDOS attacks, dubbed Operation: Payback, by Anonymous appear to be continuing, according to security vendor Imperva. The Low Orbit Ion Cannon has been downloaded about 67,000 times, Imperva said.

MasterCard, which stopped processing payments for WikiLeaks, was attacked again over the weekend, with statistics showing it experienced some downtime, according to Netcraft. A vast majority of security vendors are now labeling the Low Orbit Ion Cannon a threat and will block the program, Imperva said.

Imperva also said it has been monitoring some of the communication between people coordinating the attacks. Those attackers are recommending to develop a system by which people are lured to some other content, such as pornography, but by visiting the website would invisibly launch the DDOS JavaScript tool.

See also: How to detect and thwart DDoS attacks


IDG UK Sites

Best Black Friday 2014 tech deals: Get bargains on smartphones, tablets, laptops and more

IDG UK Sites

What the Internet of Things will look like in 2015: homes will get smarter, people might get fitter

IDG UK Sites

Artist creates a geometric rave in a chapel for The House of St Barnabus

IDG UK Sites

Mac mini (Late 2014) 1.4 GHz review: Mac mini is sort of upgradable, but is it any good as it is?