
Anonymous plans to occupy Wall Street - jfruh
http://www.itworld.com/security/203799/anonymous-launch-more-effective-site-attack-tool-saturday-when-it-occupies-wall-stre
======
simonsarris
> Its stated intent is to persuade as many as 20,000 people to camp out on the
> streets of Manhattan's financial district until the Obama administration
> meets its demands.

This seems a little incongruous, doesn't it? Shouldn't they attempt to be
occupying some part of D.C. instead if that is their goal?

They may be championing some actual cause, but they have not articulated it
well. Both the reasoning and the demands seem very unclear for a protest that
is to occur two days from now.

<http://twitter.com/#!/OccupyWallSt> has only 2,000 followers. I highly doubt
this will go very far.

~~~
dissident
If you dig through their website, it looks like the common theme is "get money
out of government", which is a rather vague goal and doesn't explain much.

Assuming they mean political finance regulations, who objectively determines
when the goals are met? What kind of specific regulations do they want? You
can't find this information anywhere.

This is more of a symbolic protest than a redress of grievances. People who
have no idea how to solve problems and want one person to solve them all
because they're holding up traffic in New York.

~~~
sliverstorm
Silly thing about "getting money out of the government" is, where exactly do
you think that money comes from anyway?

~~~
jbooth
Did you see how a few months ago there was a patent carve-out explicitly for
wall st firms because one company was causing them a bunch of trouble?

That wasn't patent reform on the merits, that was 'the money' and where it
comes from.

------
irrumator
Didn't start as Anonymous, started on Reddit[1] but seeded by AdBusters[2], a
liberal "anti-consumerist" outfit. They're supposed to camp out on Wall St in
New York for reasons that aren't really clear at all. It's basically every
delusional Redditor on /r/politics slacktivism turned into reality.

They're supposed to be protesting something about banks, bailouts, corporate
personhood, jobs, and other assorted /r/politics common whining points.They
apparently weren't aware that very few of the evil big banks are actually on
Wall Street and that the NYSE is just a vestige of history by now. The only
thing that will happen is a lot of tourists will flock down and the street
will get even more clogged than it is for traffic and some arrests. People try
to protest here all the time. It's nothing new. Stick the word "Anonymous" on
it though and for some reason people take it to be a big deal for some reason.

This is the coming together of the most extremist Chomsky acolytes and
reactionary redditards all in one with some V for Vendetta masks. Huge parody
potential except for the fact that they're doing it for themselves already.
Quite hilarious.

edit: this sort of reminds me of the 2005 Greenpeace attempt[3] to stop open-
air trading at the International Petroleum Exchange by flooding the floor of
the exchange with loud buzzers and bells, but getting beaten back bloody
literally to the curb by all the angry traders. This was right around Kyoto.

[1] <http://www.reddit.com/r/occupywallstreet>

[2] <http://en.wikipedia.org/wiki/Adbusters>

[3] <http://www.timesonline.co.uk/tol/news/uk/article515384.ece>

~~~
knorby
So they should just start rioting instead, like many are predicting will
happen sometime next year?

~~~
gyardley
I haven't seen any predictions about rioting, but I probably read different
news sources than you do.

Whereabouts? I'm curious.

~~~
knorby
I saw this going around a bit last month:
[http://www.marketwatch.com/story/tax-the-super-rich-or-
revol...](http://www.marketwatch.com/story/tax-the-super-rich-or-revolution-
will-rage-in-2012-2011-08-16)

It is all speculation, so none of these predictions really should be called
'news,' but people have been known to riot over jobs or some proxy issue
before. Also, if you dismiss a protest for being silly, ineffective, and
stupid in these sort of circumstances, how are you not advocating riots? They
are going to protest under the banner of 'Occupy Wall St.,' with a list of
issues that boils down to 'generally pissed off.' I can definitely see how a
group like that could start rioting at some point if they feel their efforts
were ignored.

------
thaumaturgy
I was more interested in the claims made in #Ref#Ref. It _looks like_ the
exploit needs server-side Javascript execution in order to work. (edit:
Nevermind, no it doesn't, that was confusion on the part of people that had
written articles after reading other peoples' articles.) I don't see a lot of
the stodgy old Wall Street web-facing systems (or even internal systems)
supporting something like that.

It also looks like it requires a working SQLi on the target site, which means
that before it can even be used, someone's going to need to find a nice
exploit on the target, and if they find that, then using RefRef to take down
the target is kinda pointless.

Shucks. I was almost hoping to see a cool new exploit here.

edit: Bah, it's even more simple than that. It uses an SQLi to run the MySQL
"benchmark" function an absurd (99999999999) number of times, according to the
code I found. Not only that, but it's just benchmarking a simple text string;
they could have given MySQL something much more gnarly to chew on if they'd
wanted.

"Patching" against this attack should be as easy as adding an htaccess rule
for any requests containing "select+benchmark" and then restarting MySQL.

Son, I am disappoint.

~~~
emiraga
I am not sure if this is the whole thing <http://www.refref.org/p/refref.html>
but it does not seem very sophisticated

edit: #refref seems to refer to multiple tools, but looking at this screenshot
[http://2.bp.blogspot.com/-v_gCKJilPLw/TjPob43lXiI/AAAAAAAACo...](http://2.bp.blogspot.com/-v_gCKJilPLw/TjPob43lXiI/AAAAAAAACoU/dpq93BW25zY/s1600/anon_ddos_tool+%25281%2529.jpg)
is also trivial.

~~~
thaumaturgy
Yeah, that's what I found too. I think you beat my edit by a few seconds. :-)

It looks like several versions have been written, but they're probably all
based on the same basic concept. The "Javascript" version that people were
referring to is probably the screenshot you posted, which would be trivial to
launch with a few Ajax requests.

I will point my finger and laaaaaugh if this manages to take down any Wall
Street websites.

~~~
emiraga
Since they have a lot of members, bringing down a website is still possible
(even if they simply click refresh continuously).

Now, about the tool, assuming they are really smart (they aren't) they would
make a bookmarklet which would have to be clicked while Wall Street website is
open. This would allow all kinds of things to be done, including Ajax
requests.

If #refref tool is hosted on another domain, same-origin policy would prevent
Ajax from happening. Most likely, in that case they are simply creating a
bunch of IFRAMEs and refreshing them with javascript.

~~~
thaumaturgy
> _...same-origin policy would prevent Ajax from happening._

Actually, it doesn't! I decided to try this out for myself a while back. You
can get or post a request to any resource at another domain, you just don't
get to see the contents of the results. But the request itself works just
fine, and you'll even still get to know when the request is complete.

------
yummyfajitas
I'm a bit confused as to why Anonymous would be targetting Wall St. According
to opensecrets.org, only three corporations (AT&T, UPS and Goldman) make the
top 25 list of donors.

The vast majority of big donors seem to be unions, with professional
associations (trial lawyers, realtors, AMA) coming in a distant second.

<http://www.opensecrets.org/orgs/list.php?order=A>

~~~
jacoblyles
I'm sure this will not come as a surprise to you, but the progressive populist
narrative does not have a 1:1 correspondence to reality.

------
jwingy
"Bought by hard and soft dollars, disloyal, incompetent, and wasteful
interests have usurped our nation’s civil and military power, spawning a host
of threats to liberty and national security."

This. At least some people are trying to do something about it. What have you
done lately for your country?

------
brendn
I _live_ on Wall Street, as do many other hard-working New Yorkers. The
Financial District isn't just fat-cat bankers and hedge fund managers these
days. I don't expect that interfering with people's routines is an effective
way to win their hearts, regardless of the intentions of the protest.

~~~
momspete
And I think that it is very good that the Wall St. will be reminded that they
have their money as a result of wealth transfer from middle class. They
produce nothing but losses and we socialized those losses. There should be
protests there daily reminding them that. Bankers havent added any value to
the society, they destroyed it. To say any different is not to comprehend the
current economic crisis.

------
anamax
When buying and selling is regulated, regulators are the first thing to be
bought and sold.

The only way to stop govt from giving money to the politically powerful is to
not let govt have money.

Regulatory capture is like conservation of momentum; if the situation
satisfies the constraints, the results will happen, no matter how much one
might like otherwise, no matter how much better things would be if those
results didn't happen.

------
andr
Isn't Deutsche Bank the only bank with HQs still on Wall Street?

------
microkernel
Is it just me or do you get a download forced upon you when you open the page?
Mine is called 'ayUGOgFaCs8' and it's contents look executable.

------
vermontdevil
Why Saturday?

Why not during normal trading hours which are 9:30-4, Monday through Friday

~~~
veyron
increased police presence during normal trading hours. Have you tried to enter
wall street on the weekdays? It's a mess

~~~
vermontdevil
But who will pay attention on a Saturday?

------
rorrr
The message is not clear at all.

------
buff-a
_Bought by hard and soft dollars, disloyal, incompetent, and wasteful
interests have usurped our nation’s civil and military power, spawning a host
of threats to liberty and national security_

This is true. So If I were such interests, I would try to find a way to allow
mainstream media to stigmatize anyone making such claims, such that anyone
expressing these ideas can be sidelined.

A good, violent, riot in NYC should do it.

