Botnet Operators Set To Join Operation Payback

Anonymous hacker group now focusing DDoS attack energy onto PayPal

The distributed denial-of-service (DDoS) attack marathon waged earlier this week by a hacktivist group using volunteers computer resources to overwhelm high-profile targets could be gaining more dedicated firepower as it refocuses its aim specifically on PayPal.
Organizers of the so-called Operation Payback today asked for and appear to have received additional bots from established botnets to further their cause of disrupting firms they perceive as deterring Internet freedom of speech by not supporting WikiLeaks and its now-incarcerated founder, Julian Assange, according to researchers at Imperva.
Tal Beery, Web research team lead for Impervas Application Defense Center, has been monitoring IRC chats under way by Anonymous and its followers. He says the hacktivist group in the past few hours has asked for botnet operators to donate their botnets to Operation Payback. The operator of the IRC channel is explicitly asking for people for help and to respond via a private message, Beery says.
A few botnet operators have responded that they are willing to offer up their computing resources to the DDoS effort. Weve seen a couple of breaking announcements that, Ill donate my 30,000 botnet, my 100,000 botnet to attack PayPal, Beery says.
Just how many volunteer bots have been deployed thus far in the attacks, which
flooded MasterCard, Visa, a Swiss Bank that froze Assanges bank account, the Swedish prosecutors site, and Sarah Palins website
, is unclear. Impervas Beery estimates its anywhere from multiple thousands to tens of thousands.
Meanwhile, theres now at least one person is surfacing behind the attacks, and its a fresh-faced, 16-year-old Dutch boy arrested by authorities in the Netherlands for participating in attacks by Operation Payback that hit PayPal and MasterCard this week. According to
Sophos
, the teenager is said to have confessed to the attacks, and authorities have seized computers. More arrests are likely, and Dutch press are reporting that two ISPs have been identified as providing service to Anonymous, the group behind the attacks that has recruited the help of volunteer bots.
Security experts say Amazon most likely is next in line as the target of the hacktivists DDoS ire, but for now its PayPal fighting to deflect the attackers. Impervas Beery says DDoS traffic appears to be centered on a specific PayPal server, www.irc.paypal, which is likely the heart of the PayPal infrastructure, he says, and possibly a weak link.
UPDATE 12/10/10: In a
press release
issued this morning, Anonymous says it has not attacked Amazon and that While it is indeed possible that Anonymous may not have been able to take Amazon.com down in a DDoS attack, this is not the only reason the attack never occured. After the attack was so advertised in the media, we felt that it would affect people such as consumers in a negative way and make them feel threatened by Anonymous. Simply put, attacking a major online retailer when people are buying presents for their loved ones, would be in bad taste.
Anonymous began to retrench its efforts around 8 a.m. Pacific today, Impervas Beery says, after efforts to go after multiple targets werent quite so successful and the group realized it didnt have the resources to effectively DDoS all of them. They said, Lets concentrate on PayPal. They were asking whoever was connected to the central server with the C&C servers, he says. But there are also manual versions of the bot tool they dont have direct control over that had to be persuaded to turn their sights on PayPal, as well, he says.
As of this posting, PayPals website was still up and running. The plan is now to go after Amazons site, security experts following the attacks say. I think Amazon is on deck, says Jose Nazario, senior security researcher for Arbor Networks. Weve been tracking their tools and sharing how to defend against these [DDoS] attacks.
The manual version of the Low Orbit Ion Cannon DDoS bot program is a JavaScript plug-in for users who are queasy about downloading bot code or dont have administrative rights to their machines. If youre not the admin and you cant download or install software, or you are afraid this is really malware that can take over your computer, then you can use this JavaScript version of it and create a denial-of-service attack with your browser only, Beery says.
That version of the bot code has been downloaded 33,780 times since Dec. 1, and 27,981 times in the past 24 hours, according to data from Imperva. The C&C version, which is preferred by Anonymous for the attacks, has been downloaded 39,940 times since Dec. 1.
Meanwhile, Anonymous posted
a message on its blog
reiterating its purpose: Anonymous intentions are very clear. We are not vigilantes, regardless of the sentiment of quoting Boondock Saints, we are people on a campaign for freedom. Anonymous intentions are to change the current way the governments of the world and the people view true Freedom of Speech and The Internet.
The group was clear that it will go after any organization that doesnt support what it considers the free distribution of information over the Net. Pay attention citizens, governments, and the world. Anonymous peaceful campaign will focus on any organization, corporation, government, or entity until the Internet is truly free, the blog says. And the hacktivist group says it doesnt mean to hurt the opposition, just convert it: Anonymous, at this time, wants to persuade our counterparts rather than hurt them. We are campaigning for freedom for everyone, even the opposing side.
Have a comment on this story? Please click Discuss below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Botnet Operators Set To Join Operation Payback