CTIT University of Twente
Research Business & Innovation About CTIT Research Calls Looking for a job? Intranet

DACS researchers discovered: Attacks by "Anonymous" WikiLeaks proponents not anonymous

Attacks by "Anonymous" WikiLeaks proponents not anonymous

For a number of days the websites of MasterCard, Visa, PayPal and others are attacked by a group of WikiLeaks supporters (hacktivist). Although the group calls itself "Anonymous", researchers at the DACS group of the University of Twente (UT), the Netherlands, discovered that these hacktivists are easy traceable, and therefore anything but anonymous. The LOIC (Low Orbit Ion Cannon) software, which is used by the hacktivists, was analyzed by UT researchers, who concluded that the attacks generated by this tool are relatively simple and unveil the identity of the attacker. If hacktivists use this tool directly from their own machines, instead of via anonymization networks such as Tor, the Internet address of the attacker is included in every Internet message being transmitted. In the tools no sophisticated techniques are used, such as IP-spoofing, in which the source address of others is used, or reflected attacks, in which attacks go via third party systems. The current attack technique can therefore be compared to overwhelming someone with letters, but putting your address at the back of the envelop. In addition, hacktivists may not be aware that international data retention laws require that commercial Internet providers store data regarding Internet usage for at least 6 months. This means that hacktivists can still be traced easily after the attacks are over.

A complete report can be downloaded from this link.

The study received attention at several websites (selection):

The New York Times: http://gadgetwise.blogs.nytimes.com/2010/12/13/how-anonymous-shut-down-sites/?src=busln (reference to DACS website)

BBC: http://www.bbc.co.uk/news/technology-11983246

Le Monde Informatique: http://www.lemondeinformatique.fr/actualites/lire-wikileaks-les-attaquants-utilisants-loic-pourraient-etre-facilement-traces-32417.html

Stern.de: http://www.stern.de/digital/online/hacken-fuer-wikileaks-die-rache-der-vernetzten-1634038.html

PC World: http://www.pcworld.com/businesscenter/article/213395/website_attackers _could_be_easily_traced_researchers_say.html

Wikipedia: LOIC: http://en.wikipedia.org/wiki/LOIC

The Sydney Morning Herald: http://www.smh.com.au/technology/security/wikileaks-cyber-war-proassange-anonymous-v-us-nationalists-20101213-18uuo.html

Tweakers: http://tweakers.net/nieuws/71280/universiteit-twente-anonymous-ddosers-helemaal-niet-anoniem.html

NOS headlines: http://headlines.nos.nl/forum.php/list_message/146455

The Tech Herald: http://www.thetechherald.com/article.php/201049/6543/A-week-with-Anonymous-Roundup

C-Net: http://news.cnet.com/technically-incorrect/

Slashdot: http://yro.slashdot.org/story/10/12/11/0228212/Anonymous-WikiLeaks-Proponents-Not-So-Anonymous

PC-World: http://www.pcworld.com/businesscenter/article/213395/website_attackers_could_be_easily_traced_researchers_say.html

RTV-Oost: http://www.rtvoost.nl/nieuws/default.aspx?nid=119242 (video)

Nucia Forum: http://www.nucia.eu/forum/showthread.php?p=577860

American News Now: http://www.boingboing.net/2010/12/11/anonymous-isnt-loic.html

Thinq.co.uk: http://www.thinq.co.uk/2010/12/13/anonymous-attackers-not-so-untraceable/

C-tjes: http://www.ctjes.com/viewtopic.php?f=117&t=21467&start=0

Gamers needs.net: http://www.gamerzneeds.net/news/701/ut-twente-anonymousddosers-not-anonymous/

Nieuwsblog België: http://www.nieuwsblog.be/nieuws/2010/12/11239/ut-twente--anonymous-ddos-ers-helemaal-niet-anoniem

Clippy.BE: http://www.kicero.be/2010/12/11/ut-twente-anonymous-ddosers-helemaal-niet-anoniem/

Glasgowwired: http://www.glasgowwired.co.uk/news.php/115164-Anonymous-Wikileaks-attackers-easy-to-find-says-study