Anonymous arrests
Five young men have been arrested in the UK in connection with DDoS attacks mounted by the Anonymous group, according to a report by the BBC. The five range in age from 15 to 26.
This was predictable - up to a point. Anonymous takes a fairly callous ‘cannon fodder’ attitude to its ‘members’ (if you can call them that).
The Low Orbit Ion Cannon (LOIC) software - the weapon of choice for most Anons - is a fairly crude tool. Originally developed by ‘Praetox Technologies’ (a suitably anonymous coder) as a network stress-testing tool, it fires HTTP, TCP or UDP packets directly at the target. It’s not possible to operate via proxies because that could simply DDoS the proxies themselves.
Most Anons will have run LOIC from their own machines, although there is also a Javascript version that can be hosted on websites. But no version of LOIC makes any attempt to spoof or obscure the originating IP.
A standard defence against DDoS is to monitor the IPs from which large numbers of packets are originating, and then filter those addresses. In the process, of course, you build an effective database of attacker IPs. Get a court order and match those against ISP server logs and you have the identities of the attackers.
Normally, this isn’t of much use: in a botnet-based DDoS attack, the attacker IPs belong to innocent (if sometimes careless) PC owners whose machines have become infected. In the case of Anonymous and LOIC, the IPs identify the attackers themselves - or websites that have made the Javascript version available (which could make both the website owner and the hosting company liable).
It’s quite probable that the majority of Anons have no idea that this is the case. Most of them are script kiddies caught up in the excitement, and the prospect of being able to create havoc with no apparent consequences.
Some are aware of the dangers, but there is a dangerously high level of naivety at work. On IRC channels and websites affiliated to Anonymous, advice on how to protect yourself includes claiming your computer was infected with a virus and setting your wifi router to be open so that you can claim someone else used it. Neither of these would stand up in court.
The UK arrests aren’t the first. While Anonymous attacks related to Wikileaks were still in progress, two teenagers were arrested in the Netherlands, and in the US, the FBI seized a server. Two Anons are currently serving time in jail for earlier attacks against the ‘church’ of Scientology.
Some Anons suggest that the authorities would be unable to prosecute the large number of people involved in their attacks. But, of course, they wouldn’t have to. A few test cases would probably be enough to discourage people from joining in — at least, enough people so that Anonymous wouldn’t get the volume of DDoS traffic required to be successful.
Claiming that these attacks were mounted as part of a social protest is unlikely to carry much weight outside of the Anonymous IRC channels (where the debate rarely rises above adolescent levels). DDoS attacks against legitimate companies going about their lawful business are unambiguously illegal in most countries - and pretty much all countries in which Anons are likely to have been operating.
