WikiLeaks: How supporters tried to take down Visa and MasterCard.

Innovation, the Internet, gadgets, and more.
Dec. 9 2010 5:46 PM

The Oldest Hack in the Book

How WikiLeaks supporters tried to take down Visa and MasterCard.

(Continued from Page 1)

But DDoS-defense tools aren't perfect, and Nazario says they never will be. That's because attackers are getting smarter, too. The savviest hackers have begun to analyze their targets for weaknesses. If they find a page on a site that generates a lot of internal processing, or makes a lot of database calls, then they craft their attack to take advantage of that resource-hogging feature. "We've seen them do a lot of reconnaissance to find out the best place on the site to attack—if they find that a handful of requests on this page, say, will bring down the whole site, they'll attack that," Nazario says. What's more, the tools to launch an attack are now much more easily available than in the past. Twitter and Facebook also make it simpler for attackers to recruit and organize their efforts. Anonymous, the group behind the pro-WikiLeaks attacks, has been launching its DDOS efforts using a program called LOIC, which stands for "Low Orbit Ion Cannon." Followers can download LOIC and instantly join a hive whose target is set by a central administrator.

The denial-of-service attacks that make the news are often ones that are launched for some ideological purpose. The most famous such example occurred in 2007, when hackers brought down the sites of banks, newspapers and other public institutions in Estonia. Although the attackers were never formally charged, many experts blame the attack on a group of Russian hackers who used DDoSes as a kind of cyber warfare, possibly with the blessing of the Russian government. Smaller, ideologically motivated attacks pop up all the time. In September, the meme-inspiring, prank-obsessed message board 4Chan took down the site of the Motion Picture Association of America. Last month, 4Chan set its sites on Tumblr, the blogging platform that 4Chan folks believe is overrun with lazy hipsters. That attack doesn't seem to have worked.

Advertisement

But ideological attacks, Nazario says, are the minority—most DDoSes are launched for much more pedestrian reasons. The main one is business competition; a shady company might hire the operators of a botnet to take down its rivals' site. Extortion is also a big thing, with hackers threatening to take companies offline unless they pay up. "Believe it or not," Nazario adds, "one of the big growth areas we see is people building small botnets to get an upper hand in online gaming. You've identified someone who's better at the game than you, but maybe you can knock his computer offline with an attack and then win the game."

This week's attacks didn't result in that sort of direct kill. While parts of the Visa, MasterCard, PostFinance (a Swiss bank that closed Assange's account), and PayPal Web sites went down for a brief while on Wednesday, the attacks don't seem to have done any serious damage to these companies. In particular, none of their primary operations were down—the attacks did nothing to prevent people from using their Visa and MasterCard accounts, or from paying with PayPal. It's unlikely that the DDoS can achieve much more than that. Still, for no money and very little time, the attackers made headlines around the world. That's not a bad return on their investment.

Become a fan of Slate  and  Farhad Manjoo  on Facebook. Follow us on Twitter.

TODAY IN SLATE

Medical Examiner

The Most Terrifying Thing About Ebola 

The disease threatens humanity by preying on humanity.

I Bought the Huge iPhone. I’m Already Thinking of Returning It.

Scotland Is Just the Beginning. Expect More Political Earthquakes in Europe.

Students Aren’t Going to College Football Games as Much Anymore

And schools are getting worried.

Two Damn Good, Very Different Movies About Soldiers Returning From War

The XX Factor

Lifetime Didn’t Think the Steubenville Rape Case Was Dramatic Enough

So they added a little self-immolation.

Politics

Blacks Don’t Have a Corporal Punishment Problem

Americans do. But when blacks exhibit the same behaviors as others, it becomes part of a greater black pathology. 

Why a Sketch of Chelsea Manning Is Stirring Up Controversy

How Worried Should Poland, the Baltic States, and Georgia Be About a Russian Invasion?

Trending News Channel
Sept. 19 2014 1:11 PM Watch Flashes of Lightning Created in a Lab  
  News & Politics
Weigel
Sept. 20 2014 11:13 AM -30-
  Business
Business Insider
Sept. 20 2014 6:30 AM The Man Making Bill Gates Richer
  Life
Quora
Sept. 20 2014 7:27 AM How Do Plants Grow Aboard the International Space Station?
  Double X
The XX Factor
Sept. 19 2014 4:58 PM Steubenville Gets the Lifetime Treatment (And a Cheerleader Erupts Into Flames)
  Slate Plus
Slate Picks
Sept. 19 2014 12:00 PM What Happened at Slate This Week? The Slatest editor tells us to read well-informed skepticism, media criticism, and more.
  Arts
Brow Beat
Sept. 20 2014 3:21 PM “The More You Know (About Black People)” Uses Very Funny PSAs to Condemn Black Stereotypes
  Technology
Future Tense
Sept. 19 2014 6:31 PM The One Big Problem With the Enormous New iPhone
  Health & Science
Bad Astronomy
Sept. 20 2014 7:00 AM The Shaggy Sun
  Sports
Sports Nut
Sept. 18 2014 11:42 AM Grandmaster Clash One of the most amazing feats in chess history just happened, and no one noticed.