5 Questions About Anonymous’ New DDoS Techniques


In case anyone missed this news, Group Anonymous has put up code at pastehtml.com (a free and anonymous HTML code-hosting site) which uses your web browser to launch LOIC DDoS attacks.

Here’s a quick synopsis from the Computerworld report:

“According to Cluley, members of Anonymous distributed links via Twitter and elsewhere that when clicked automatically launched a Web version of LOIC and attacked predefined victims. The links pointed to a page on PasteHTML.com which in turn executed some JavaScript to fire LOIC at Anonymous-designated targets.”

This can of course be used on Facebook/Twitter and other sites to lure unsuspecting users into joining the DDoS attacks.

Given these new and ingenious techniques to ‘automate’ a DDoS attack with end-users essentially ignorant to the fact that they might have unintentionally launched a DDoS attack from a ‘rused’ link they clicked, escalates the “Hacktivists” war and adds yet another effective technical technique to their basket of tricks.

Given this new ‘tactical attack technique’ – what are the questions a security professional should be asking themselves right now? I’ve pondered this and have come up with the following and would appreciate your inputs as well:

  1. What other tools can be easily combined with this java script technique? E.g. besides LOIC, can malware be distributed this way as well? How about application layer attack tools such as refref?
  2. What does this mean for managed service providers who, no doubt will host a tremendous amount of unintentional DDoS attacks and whom will be left with the burden of contacting their customers of their initiated DDoS attacks?
  3. What does this mean for the victims of such attacks? Do they have any recourse if the ‘perpetrators’ didn’t really know that they were initiating the attacks?
  4. How does an attack like this scale? It seems to me that this technique effectively scales logarithmically which, if true, has ominous consequences.
  5. Because this technique will look like normal users, how effective will cloud and ISP scrubbers be going forward against this type of technique? Also, doesn’t it seem like DNS are a natural attack venue for something like this?


Please enter your comment!
Please enter your name here