Operation Payback and Hactivism 101

Orome1 writes "While individual acts of hacktivism are inconvenient, something else happens when hacktivists group together — they commonly perform a DDoS attack. Techniques have advanced to automate the process, making the attacks more powerful and thus more able to bypass security controls — the effect, however, remains the same. Let us take a look at the recent Operation Payback which has gained notoriety in the past few months."

Can we PLEASE....

[Haedrian]

Stop calling it HACKtivism?

Amongst nerds (which is pretty much whoever is following it on this site) - to 'hack' does not meant the same as 'to crack'.

And calling DDOSing 'hacking' is wrong on both definitions of hack. Especially if the client is just a script kiddie using a program which s/he doesn't know (or care enough) to work out what its doing exactly.

Re:This isn't activism

[Score Whore]

Is it freedom of speech if you don't let the other guy talk?

Re:This isn't activism

[Pojut]

In what way has Anonymous prevented their targets from talking? It's not like the only way Paypal or Mastercard have to communicate is through their website.

Re:This isn't activism

[ducomputergeek]

The problem is this "hacktivism" is doing far more damage than good because it easily allows the politicians to say "We need an internet kill switch". The overwhelming majority of people don't give a damn about wikileaks one way or the other. It's a side show on the 24 hours infotainment channels, that's all. The main reason being that what Wikileaks is doing has little to no effect on people's daily lives. Especially when most are more concerned with the job/family/economy. Instead they see these "attacks" as nothing more than a group of vandals. Nothing more and when authorities want tougher laws to deal with these "vandals", the public shrugs and says...."alright".

And attacking the public facing websites...okay that may work with Amazon or Paypal. But to Mastercard or Visa? So long as I can still use my Visa Debit card or Mastercard at the gas pump or grocery store, it's not like I notice.

That being said, if they did target the processing systems of mastercard/visa, I'm pretty sure that would be the golden goose the politicians have been waiting for to really clamp down on control of the internet because then you are messing with people pocket books.

Re:This isn't activism

[GNUALMAFUERTE]

Dude, It's 4chan. Have you ever been on /b/?

Here is what happens: Anon comes in with a novelty idea, /b/tards join in "just for the lulz". Then, new Anon (oldfag Anon is a cold, merciless beast. newfag Anon is the conscious, moral, cause-oriented joke of the internet) puts a tag on it and says they are doing it for X. I mean, some said they did the Habbo raids to fight racism. They also said they did project chanology to protect the victims of Scientology. Bullshit, they did it for the lulz.

Of course, DDoSing, Raiding, IRL stalking, etc, are fucking funny, and if it happens to overlay with a good cause, even better. Let them have fun, and bring them down while they are at it.

But in this case, it's pretty obvious that Anon had nothing to do with Amazon Europe going down. Anon is nothing but a bunch of script kiddies, and they don't have the sophistication nor the combined bandwidth to bring down Amazon with a ddos attack.

Re:Can we PLEASE....

[Anonymous Coward]

Amongst nerds (which is pretty much whoever is following it on this site) - to 'hack' does not meant the same as 'to crack'.

You know, for many of us, we simply don't care about this whiny distinction between "hacking and cracking".

It's stupid -- back in the day, you could hack some code, or you could hack into a system, or you could pull off a hack and hang a volkswagon from a bridge or make your calculator to something cool that nobody expect. We understood the difference between these things, and it was all one word.

You whiny kids who think you "own" the language and have to be telling everybody the "right" want to say it are just fooling yourselves. Even in the nerd community you think you represent, for many of us "hack" still means exactly what you claim it doesn't. Hell, 2600 [2600.com] has been around since the 80's, and it's always been hacker -- it's got a shitload more street cred than you kids who think that it's always been differentiated. Anybody under 40 who is saying anything about what is "hack" and what is "crack" is too fucking young to know what they're talking about.

It's all the same fucking thing -- "cracker" is a very recent word, and quite an arbitrary distinction which people tried to apply after the fact to make what they did sound less evil and dissociate itself from malicious break-in type stuff. Get over it.

Now, STFU, and get off my fucking lawn.

Re:It is Not DDoS

[AlexiaDeath]

Completely accurate definition. Calling simple request swamping hacking, cracking, cyber-war or any other alarmist title is bullshit. Nobody is breaking into the systems, they are simply utilized beyond their capacity to serve, and that happens because enough people band together to cause the disruption... Witch is in turn caused by company's actions.

Let's break the law

[Enderandrew]

As advocates of Democracy and transparency, let's break the law and act in secret to take down big companies, which in turn hurts small businesses who use these payment services. Let's also inconvenience random shoppers. Let's create all kinds of random collateral damage to make a point about supporting transparency by supporting a completely secretive organization.

Sorry, I'm not buying it.

I was just at the Oklahoma City Bombing Memorial and museum. One of the more interesting aspects of it was that the people motivated to bomb the federal building (and kill infants in the nursery) were upset at the government. They felt the most effective way to change the government was a terrorist attack. The two responsible were caught. One will serve life in prison while the other was executed. They didn't change government, but they did forfeit their lives.

Conversely, families of vicitms banded together, formed a group and went to Washington D.C. to ask for reform in how the death penalty is handled in federal cases. They felt the best way to support Democracy and affect change was to use Democracy itself.

That is such a novel concept.

Re:This isn't activism

[Anonymous Coward]

Oh please.

100 people can sit in at a lunch counter, shutting down service, and it's considered activism and protest.
100,000 organized people could easily shut down 1,000 restaurants, or bank branches, or other retail storefronts by the same behavior. Again, activism and protest.
100-500,000 people can jam up the phone banks to Congressional offices and we call it a "Virtual March on Washington." And nobody suggests it doesn't qualify as activism and protest.

All of these count as activism. Yet when an unknown number of people voluntarily download an item to their computer to participate in a "virtual march" on the website of a bank, or the RIAA, or Paypal, or Scientology, somehow it's not activism?

The major difference is whether the participants are willing or unwilling. In the case of most botnet-based DDoS attacks, the participants are unwilling; their machines have been hijacked and often they don't even know they are participants. In the case of LOIC, they are all willing. They purposely downloaded and installed the software. They can leave it running or only turn it on at specific times. They can easily uninstall it if they believe it is being used in a way they don't support.

What is going on is not a "cyber attack." It is a virtual protest march.

Re:This isn't activism

[Pojut]

How do you figure? It what way were Paypal or Mastercard prevented from saying what they had to say?

Are you implying that they only communicate through their websites?

Re:This isn't activism

[Score Whore]

Yeah. Like they could totally go into the closet and whisper their opinions to the cockroaches. No need to be able to talk to the people who want to listen to them.

Get some maturity why don't you?

Freedom of speech involves freedom from retaliation. If you choose not to do business with them, that's great. But if you prevent others from doing business with them then you've crossed the line.

Re:It is Not DDoS

[thePowerOfGrayskull]

It is not DDoS or cyber-war it is cyber-picketing. It used to be that when you had a disagreement with a company people picked it and disrupted its business that way. Well, welcome to the 21 century you can now picket the business from the comfort of your own home.

When you're picketing, staging a sit-in, etc you're putting yourself at some risk. At minimum, there's the risk of recognition, of having your name and face associated with your action. You're also taking some of your time and energy to do something that's of value to you.

For a DDOS attack, you're anonymously pushing a "go" button. Quite possibly you're not even still at your computer while it runs. Woooo, there's a way to make a statement.

The nature of the attack itself strips it of both credibility and value - instead, it gets classified (by those who even notice it) as whiny children playing their whiny child games.

Re:It is Not DDoS

[Abcd1234]

So, what, every other DDoS wasn't an 'attack", it was an "event"?

Bullshit.

You just don't like the idea that something you happen to support *this time* is being referred to with *accurate*, pejorative terminology.

Well, suck it up, bucko. Your little wannabe-robinhood friends are nothing more than digital gangsters (actually, that's not fair... gangsters have worked hard to build a reputation for themselves, and it's hardly fair to equate them with a bunch of punk script kiddies), and what they're doing is *attacking* websites in a fit of whiny vigilantism.

Now, that's not to say they don't have legitimate grievances. But what they're doing has been called a "distributed denial of service attack" long before these little bastards decided to use it against VISA.

Re:This isn't activism

[DogDude]

"Freedom of speech involves freedom from retaliation. If you choose not to do business with them, that's great. But if you prevent others from doing business with them then you've crossed the line." Assuming that we're starting with a level playing field. Mastercard, Visa, Paypal, and Amazon are all able to buy Congressmen. Regular people can't. Our government is so corrupt at this point, there's really no recourse for regular people who have to go up against these corporations with more rights and privileges than actual people.

Re:It is Not DDoS

[Ephemeriis]

"Cyber-picketers" sit behind a wall of more or less anonymity

Which is necessary because any attempt at cyber-picketing, peaceful or not, is deemed a crime.

often using hundreds or thousands of OTHER PEOPLE'S COMPUTERS to distance their person from the activity

Which is bad. But in the case of this LOIC client, the computers doing the DDOSing are not zombies. They're people who've decided to throw their computer into the picket line.

It really seems to me that this kind of voluntary DDOS is a fairly accurate digital version of the picket line. I mean, how exactly would you picket Amazon anyway? Line up a bunch of people outside their warehouses or something? It isn't like they've got a physical storefront to picket in front of.

Wikileaks did it to themselves

[Fujisawa Sensei]

Wikileaks did it to themselves.

Instead to sticking to the leaking criminal activity or human rights violations, leaks decided to just release everything they were given without regard to consequences.

They are now actually aiding countries like China and Saudi Arabia by exposing all the US information and opinions on them.

Good job leaks.

Re:Let's break the law

[DogDude]

"They felt the best way to support Democracy and affect change was to use Democracy itself. That is such a novel concept."

More than novel, it's incredibly naive. How do you propose that actual people (not corporations) influence their government in any way? How are regular people going to open up our horribly, horribly corrupt government? Politely vote in our Coke/Pepsi elections, and ask them to please tell us all of the illegal and immoral things they've been doing in our name with our tax dollars?

Re:This isn't activism

[Pojut]

Yeah. Like they could totally go into the closet and whisper their opinions to the cockroaches. No need to be able to talk to the people who want to listen to them.

So they don't have Twitter accounts? Facebook accounts? Or, you know...access to the fucking media?

Re:This isn't activism

[SuricouRaven]

"Freedom of speech involves freedom from retaliation. If you choose not to do business with them, that's great."

But choosing not to do business with them *is* retaliation.

Re:It is Not DDoS

[DriedClexler]

Wait, wasn't there just a slashdot story showing how the pro-Wikileaks "hacktivists" can be easily identified [slashdot.org]? If so, it seems they actually are putting themselves at risk.

Re:This isn't activism

[SuricouRaven]

Isn't this true of any protest though, online or off? As soon as the protest becomes effective enough to actually have any real impact, measures will be taken by someone to put it to an end. The only protests that can be allowed are those which achieve nothing.

Re:Let's break the law

[Xelios]

Tens of thousands of students in the UK put in the effort to make it work recently. They were out in freezing temperatures, protesting against legislation that would triple the tuition cap in the country. What did it get them? A new law that triples the tuition cap in the country, and a broken election pledge from the Liberal Democrats.

Re:Let's break the law

[SuricouRaven]

When people lose faith in democracy, they turn to violence. Right now a lot of people, espicially online, feel that they live in a society where corporations rule and people are regarded as nothing more than the consumers and employees that fuel them. Unless people can feel that they matter - that the government really will seriously listen to them - this is just going to continue.

Re:Let's break the law

[Ragun]

As advocates of Freedom and fairness, let's break the law and act in secret to take down the tea industry, which in turn hurts distributors who only transport tea. Let's also inconvenience random tea drinkers. Let's create all kinds of random collateral damage to make a point about supporting fairness by supporting the Boston Tea Party.*

No one here would be OK with the taking of human life, true terrorism, but honestly, you almost have to cause collateral damage to be taken seriously.

*No association with the modern conservative tea party.

Re:This isn't activism

[nametaken]

A silly point.

If a thug threatens harm to me or my family for saying something they don't like, that doesn't mean I can't still talk.

But I'd still say you're directly affecting my freedom of speech.

Re:This isn't activism

[stdarg]

Are you also against civil rights protests that interfered with businesses? Like sit-ins against restaurants that didn't serve black customers?

It's the same kind of thing. The government apparently isn't interested in making companies act fairly to minority customers, and the minority isn't big enough to cause significant damage through passive actions like boycotts. So you're left with vigilante justice or just ignoring it and moving on.

I don't know how I feel about it but I am very curious if people who oppose this DOS attack are also against civil rights sit-ins, which are exactly the same, and being done for the same motivations (even if you don't agree with them).

Re:This isn't activism

[Omestes]

I doubt it is just "for the lulz" (I feel stupider for typing that), I'm guessing that some portion of Anon does care. They probably care a bit more than you think, since there are probably targets out there that could get even more "lulz" with a bit less risk or work. Looking around, there is a ton of media, IRC channels, forums, and such supporting Operation Payback, or Leakspin, or whatever the hell their calling it these days.

There is no rule stating that you can't find amusement in protests. Go to some modern protests, or view some footage of protests in the '60s, there was almost a carnival like atmosphere. People enjoyed it. You don't have to be serious faced, completely devoted zealot to have a meaningful protest. You can find it fun as well. It might even be better, since to be human is to garner more sympathy (how much sympathy do we have for raving, utterly devoted, religious zealot protesters?), and it makes a better mockery of whoever your protesting. Your having fun inspite of their nasty behaviors.

Rebellion has always been playful.

I would never argue against doing things you believe in AND getting your "lulz" from it, I would rather you go protest laughing. Everything is better when there is some humor, and element of joie de vivre involved. There is a difference between being serious about something, and being just plain creepy.

I do have some distaste over anything 4Chan, and specifically /b/ does, but I think thats mainly just a generational, or cultural thing and really has no relevance on much of anything.

Re:This isn't activism

[Opportunist]

Visa, MC and Amazon didn't "choose" not to do business with Wikileaks. They have been "asked" to do so, and presented with the alternative to piss off Wikileaks or the US governments, they choose the (presumably) smaller problem. Note that they were not required by law to cease business with Wikileaks or that the government had any (legally backed) reason to require them to cease business. It was just "convenient" for the US government. They just "wanted" to cut off Wikileaks from its resources.

Visa, MC and Amazon were not required, neither by law nor convention nor any other reason to comply with the "request". They just did because it can be beneficial to do the US government a "favor". Especially if it doesn't really cost you anything.

The only thing the DDoSs did is, they made it cost something. And hopefully companies will from now on be more considerate when doing "favors".

Re:Let's break the law

[Omestes]

University is a cult, it should be regulated as one.

Huh?

I don't want to live in the world you embrace, where the least educated are the highest regarded. A little education is alway better than none. A little more education is always a little better than less. The pridefully uneducated are idiots and shouldn't be allowed to make decisions that impact anyone outside of themselves.

Perhaps education is about more than employment (as written by a person who majored in philosophy, living with a woman with english and art degrees). The fact that university has become a glorified trade school is more troubling to me than... whatever your ranting about.

There is no nobility in ignorance.

Also... How the hell do you change society? Care to give us a guide book on that one? Generations change society, and in the mean time we just live with tyranny and injustice? Should we be mad at all those black protesters fighting for rights, since they wasted their time picketing and sitting in, and disrupting poor white people by sitting in the wrong section of buses and diners? They shouldn't have inconvenienced us, they should have changed society in a more polite way. You don't need to use the white man's bathroom, or sit at the front of buses to be successful anyways.

Hell, I would be happy if the streets of my city were closed once a week for protests! It would mean we are doing something other than sitting on our ass talking about stupid. I would be happy even if I didn't agree with them.

Re:This isn't activism

[Opportunist]

Freely? Are you kidding me?

Do you really think Visa and MC woke up one morning and found out that "Hmm. We suddenly don't like Wikileaks anymore." And Amazon, Paypal and that Swiss bank the name of which I keep forgetting, all had the same idea all at the same time? Boy, talk about great minds thinking alike.

They didn't "freely" decide to stop doing business with Wikileaks. You may rest assured that they were "asked" to freeze the funds and stop dealing with Wikileaks. Note that they were not required BY LAW to do so. If they were, I'd be fully on your side. There is no law that requires them to cease business with Wikileaks. They were just "asked" to cease business and figured that it doesn't matter, so we better do what the US gov wants, even though there is zero legal reason to comply.

Simply allowing this to happen means that whoever just happens to be in power in the US can basically decide who may and who may not do business, with whomever. Is that what we want? A government that may dictate who may and who may not buy, sell or otherwise trade? Not based on laws but on whim?

That's because you deny access

[Sycraft-fu]

Picketing is NOT about denying access to something, it is about persuading people not to go in. Picketing is non-violent, and non-disruptive. The idea is to call attention to a problem, and to hopefully persuade others to not do business with a place. If you are forcibly stopping people from going in, that's a blockade and that isn't legal.

If you think I'm an asshole, you are within your rights to picket my house. You can stand outside, not on the property, with a sign and let people know, including people who come to visit. However, if you try to block me from entering my house, the police will come and remove you and charge you with a crime. You can't prevent me from going where I want.

Now occasionally protesters do blockade a business as a form of protest. Guess what? They get arrested for that, and they KNOW they will. It is a form of civil disobedience and they understand the consequences.

This is not picketing, it is blockading and it is illegal.