5 Questions About Anonymous’ New DDoS Techniques

In case anyone missed this news, Group Anonymous has put up code at pastehtml.com (a free and anonymous HTML code-hosting site) which uses your web browser to launch LOIC DDoS attacks.

Here’s a quick synopsis from the Computerworld report:

“According to Cluley, members of Anonymous distributed links via Twitter and elsewhere that when clicked automatically launched a Web version of LOIC and attacked predefined victims. The links pointed to a page on PasteHTML.com which in turn executed some JavaScript to fire LOIC at Anonymous-designated targets.”

This can of course be used on Facebook/Twitter and other sites to lure unsuspecting users into joining the DDoS attacks.

Given these new and ingenious techniques to ‘automate’ a DDoS attack with end-users essentially ignorant to the fact that they might have unintentionally launched a DDoS attack from a ‘rused’ link they clicked, escalates the “Hacktivists” war and adds yet another effective technical technique to their basket of tricks.

Given this new ‘tactical attack technique’ – what are the questions a security professional should be asking themselves right now? I’ve pondered this and have come up with the following and would appreciate your inputs as well:

  1. What other tools can be easily combined with this java script technique? E.g. besides LOIC, can malware be distributed this way as well? How about application layer attack tools such as refref?
  2. What does this mean for managed service providers who, no doubt will host a tremendous amount of unintentional DDoS attacks and whom will be left with the burden of contacting their customers of their initiated DDoS attacks?
  3. What does this mean for the victims of such attacks? Do they have any recourse if the ‘perpetrators’ didn’t really know that they were initiating the attacks?
  4. How does an attack like this scale? It seems to me that this technique effectively scales logarithmically which, if true, has ominous consequences.
  5. Because this technique will look like normal users, how effective will cloud and ISP scrubbers be going forward against this type of technique? Also, doesn’t it seem like DNS are a natural attack venue for something like this?

3 Comments

  1. Harley says:

    Remarkable article, I will be viewing back again on a regular to discover posts.

  2. john smith says:

    great article people need to spread awareness about the pastehtml and simple mobile HTML code that hackers can embed on any website and set it to auto fire so that any visitor with javascript enabled automatically and immediately starts sending DOS traffic to their target image if they defaced a website like fox news or CNN etc with millions of hits and embeded this code in the background of the site without telling anyone.millions of people joining a DDOS unknowingly and for long periods of time given their reading the news..

  3. Carl Herberger says:

    Yes – – the notion of ‘weaponizing’ websites is becoming more and more maintstream! Look for my colleague David Hobbs on this blog who writes extensively about the topic!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>