WikiLeaks: How supporters tried to take down Visa and MasterCard.

Innovation, the Internet, gadgets, and more.
Dec. 9 2010 5:46 PM

The Oldest Hack in the Book

How WikiLeaks supporters tried to take down Visa and MasterCard.

(Continued from Page 1)

But DDoS-defense tools aren't perfect, and Nazario says they never will be. That's because attackers are getting smarter, too. The savviest hackers have begun to analyze their targets for weaknesses. If they find a page on a site that generates a lot of internal processing, or makes a lot of database calls, then they craft their attack to take advantage of that resource-hogging feature. "We've seen them do a lot of reconnaissance to find out the best place on the site to attack—if they find that a handful of requests on this page, say, will bring down the whole site, they'll attack that," Nazario says. What's more, the tools to launch an attack are now much more easily available than in the past. Twitter and Facebook also make it simpler for attackers to recruit and organize their efforts. Anonymous, the group behind the pro-WikiLeaks attacks, has been launching its DDOS efforts using a program called LOIC, which stands for "Low Orbit Ion Cannon." Followers can download LOIC and instantly join a hive whose target is set by a central administrator.

The denial-of-service attacks that make the news are often ones that are launched for some ideological purpose. The most famous such example occurred in 2007, when hackers brought down the sites of banks, newspapers and other public institutions in Estonia. Although the attackers were never formally charged, many experts blame the attack on a group of Russian hackers who used DDoSes as a kind of cyber warfare, possibly with the blessing of the Russian government. Smaller, ideologically motivated attacks pop up all the time. In September, the meme-inspiring, prank-obsessed message board 4Chan took down the site of the Motion Picture Association of America. Last month, 4Chan set its sites on Tumblr, the blogging platform that 4Chan folks believe is overrun with lazy hipsters. That attack doesn't seem to have worked.

Advertisement

But ideological attacks, Nazario says, are the minority—most DDoSes are launched for much more pedestrian reasons. The main one is business competition; a shady company might hire the operators of a botnet to take down its rivals' site. Extortion is also a big thing, with hackers threatening to take companies offline unless they pay up. "Believe it or not," Nazario adds, "one of the big growth areas we see is people building small botnets to get an upper hand in online gaming. You've identified someone who's better at the game than you, but maybe you can knock his computer offline with an attack and then win the game."

This week's attacks didn't result in that sort of direct kill. While parts of the Visa, MasterCard, PostFinance (a Swiss bank that closed Assange's account), and PayPal Web sites went down for a brief while on Wednesday, the attacks don't seem to have done any serious damage to these companies. In particular, none of their primary operations were down—the attacks did nothing to prevent people from using their Visa and MasterCard accounts, or from paying with PayPal. It's unlikely that the DDoS can achieve much more than that. Still, for no money and very little time, the attackers made headlines around the world. That's not a bad return on their investment.

Become a fan of Slate  and  Farhad Manjoo  on Facebook. Follow us on Twitter.

Farhad Manjoo is a technology columnist for the New York Times and the author of True Enough.

TODAY IN SLATE

Culturebox

The Ebola Story

How our minds build narratives out of disaster.

The Budget Disaster That Completely Sabotaged the WHO’s Response to Ebola

PowerPoint Is the Worst, and Now It’s the Latest Way to Hack Into Your Computer

The Shooting Tragedies That Forged Canada’s Gun Politics

A Highly Unscientific Ranking of Crazy-Old German Beers

Education

Welcome to 13th Grade!

Some high schools are offering a fifth year. That’s a great idea.

Culturebox

The Actual World

“Mount Thoreau” and the naming of things in the wilderness.

Want Kids to Delay Sex? Let Planned Parenthood Teach Them Sex Ed.

Would You Trust Walmart to Provide Your Health Care? (You Should.)

  News & Politics
The World
Oct. 22 2014 2:05 PM Paul Farmer Says Up to Ninety Percent of Those Infected Should Survive Ebola. Is He Right?
  Business
Business Insider
Oct. 22 2014 2:27 PM Facebook Made $595 Million in the U.K. Last Year. It Paid $0 in Taxes
  Life
The Eye
Oct. 22 2014 1:01 PM The Surprisingly Xenophobic Origins of Wonder Bread
  Double X
The XX Factor
Oct. 22 2014 10:00 AM On the Internet, Men Are Called Names. Women Are Stalked and Sexually Harassed.
  Slate Plus
Tv Club
Oct. 22 2014 5:27 PM The Slate Walking Dead Podcast A spoiler-filled discussion of Episodes 1 and 2.
  Arts
Brow Beat
Oct. 22 2014 10:39 PM Avengers: Age of Ultron Looks Like a Fun, Sprawling, and Extremely Satisfying Sequel
  Technology
Future Tense
Oct. 22 2014 2:59 PM Netizen Report: Twitter Users Under Fire in Mexico, Venezuela, Turkey
  Health & Science
Wild Things
Oct. 22 2014 2:42 PM Orcas, Via Drone, for the First Time Ever
  Sports
Sports Nut
Oct. 20 2014 5:09 PM Keepaway, on Three. Ready—Break! On his record-breaking touchdown pass, Peyton Manning couldn’t even leave the celebration to chance.