Hacker News new | past | comments | ask | show | jobs | submit login
Anonymous takes down Department of Justice and Universal Music (rt.com)
365 points by coupdegrace on Jan 19, 2012 | hide | past | web | favorite | 97 comments

Anonymous has never had the firepower to take down those three sites simultaneously using LOIC, so I'd be interested to see what the mechanism is. I suspect it's one or more of the Sabu-types firing their botnets. If this is the case, to what extant can this action be attributed to Anonymous? I'm sure there's likely broad support for it, but if it is just the actions of one or two botherders it makes attribution a bit of a grey area.

Edit: Add mpaa.org to the mix, as well as an attempt on fbi.gov. They'd have to have several gigs worth of bandwidth available to be able to hold all 4 sites down simultaneously. With average upload speeds in the hundreds of kilobits, that's a reasonably large botnet (50k-100k, as an pulled-from-ass guestimate).

According to a tweet it's around 5600 guys with LOIC.

"The Largest Attack Ever by Anonymous - 5,635 People Confirmed Using #LOIC to Bring Down Sites! #Anonymous"


I'm highly doubtful that that's all that's happening. I simply can't see a 5600-strong botnet (voluntary or not) holding down 4 independent domains simultaneously.

On a separate note, I would have thought they had learned their lesson re: LOIC after OP:Payback. I guess we'll be seeing another string of arrests in the coming months.

They might manage to fill the connection limit for apache on each system (I think this is default to 256?).

It's not very likely that those sites are using Apache on the front lines.

They are.

mpaa.org is using nginx/1.0.5, but the other sites do indeed seem to be Apache servers.

This! Apache is the first casualty when attacked by DOS. Default is way lower than 256 I think... You can change that parameter but it kills the optimization.

Can't LOIC be operated through a VPN? (Assuming the VPN-operators allow it)

If you routed all your traffic through the VPN, LOIC would follow. That said, I know of no vpn that would allow it.

Basically, LOIC is a ticket to jail. The fact that it was used for so long without repercussions is that the Feds didn't care enough to do anything. That all changed with OP:Payback.

But how could an open source network stress testing utility become a ticket to jail?

Intentionally disabling someone else's computer system (even just their website) is a crime. And LOIC has no anonymity measures, so your IP shows up on every single packet that arrives at the target computer. If you participate in an attack, it will be very easy to find and prosecute you.

Richard Stallman used an analogy of voluntary DDoS with street protests.

Street protests make whole streets inaccessible, and may disable access to stores, businesses or what not.

In Europe this analogy has also been used by politicians (ones that are actually sitting in parliaments and not accused of crimes).

I'd also consider it a form of peaceful protest. Well, actually it's just data, nobody gets physically harmed so it's always peaceful. Anyways, you are not stealing data and you are not permanently harming the system. You basically do something the site is made for (serving requests). If you consider that a crime you could also consider telling a huge people to phone a company and complain about something a crime. I mean this certainly leads to a denial of service, because it makes it virtually impossible for others to use that service.

I for myself am a bit lazy for these kinds of protests. I actually prefer informing people so they draw their own conclusion, but I would never call something like that a crime. IMO it should be treated like a freedom. I know this can cause financial damage, but it's still not harming people. I mean every news article, every kind of information and just saying something like "Nike is child slavery" or "fast food from McDonalds is unhealthy" can make people not buy stuff there and therefore cause financial damage. In first place it's about an institution and we shouldn't consider an institution something that has human rights, because it devalues natural people.

The way I look at it is like having 100 of your friends all go to McDonalds and line up. One at a time you order a glass of water, and then go to the back of the line. Honest customers will enter and get in line. If they wait/keep trying for long enough they'll be able to fulfill a request but most will get fed up and quit trying.

Don't rule out a cyber-false-flag designed to raise the profile of "hackers" and build public demand for SOPA and friends.

Exactly. Who benefits the most from this attack? Anonymous or SOPA/PIPA supports who get to say "look what happened, we need stronger laws on the internet".

Possible, but if this were true, one would expect denials from anonymous mouthpieces as well.

also, poster child spokesperson Barrett Brown confirmed it.

It is interesting that this article appeared today: http://news.ycombinator.com/item?id=3484419

On HN's frontpage, hours before the take down, then this.

SOPA doesn't really have anything to do with DDOS afaik.

But I take your point , it contributes to a general "the internet is scary" atmosphere.

It has to do with the initiatives to regulate the Internet and tame the wild wild Net where "anything goes".

Yes, although I have no idea how one could effectively legislate against DDOS since it's already basically illegal.

This makes more sense than "Anonymous" taking down .gov websites in a coordinated attack.

"Anonymous" is so handy, if they didn't exist the government would just have to invent them.

You don't necessarily need a lot of bandwidth to take a site down. Slowloris, hash collisions (http://isc.sans.edu/diary.html?storyid=12286), or simply a lot of HTTP requests to pages that consume a lot of CPU time are generally sufficient to take a site offline temporarily.

Which hash functions built into the web server would they attack?

I can't think of a specific time in a normal HTTP request that would use a user-supplied hash.

I would assume only a minority of pages on the average site would eat CPU so surely the sensible defense to this would be to impose a maximum CPU usage on these parts so the rest of the website continues to work.

Any PHP page will propagate the $_POST and $_GET arrays from user supplied data.

good point, so the idea would be to supply something like:


where the x and y keys are going to have the same hash value, so that when it uses those vars in a page it will hit the same hash bucket and become O(n) not O(1)?

Of course you would want to send a lot of different vars in.

Yup, though I'd probably pass those in using a POST request. A 5,000,000 character long log entry sticks out a bit, and most people aren't logging POST params by default.

This is how they're doing it: http://gawker.com/5877707/

Reeling in unwitting volunteers from Twitter

Interesting. I wonder if the js version behaves identically to the .net one. If so, it could offer plausible deniability to any LOICers out there. I'm not condoning the practice, but it is a creative solution to having your primary tool be rendered toxic by the op payback arrests.

the js version does something like

    var i = new Image();
    i.src = target + randId + msg;
    ... // event handling
  }, 0)
so you end up requesting an url every 0 ms the randId is just a simple `Date.now`, the message is an actual message taken from an input in the html. Source code: http://hastebin.com/gasitinafo.js

That's pretty nasty. Surely defense against this kind of thing should be built into browsers although you would need to detect an unending loop causing HTTP requests so run into the halting problem I guess.

If they are tricking people into performing what is potentially a criminal act then they lose the limited amount of respect I did have for them.

My recent version of Firefox defaults to a limit of 15 connections per server. So there is some defense built in.

Yea but as soon as one connection is finished it can just spawn another one so 15 concurrent connections is more than enough to do damage.

Once you start doing thousands of concurrent connections you more likely to kill your router anyway.

The Firefox addon RequestPolicy will protect you from this.

This should be something that is default in the browser, the issue is to stop the less tech savvy user unwittingly perpetrate a DDOS.

Given the nature of both organizations are not too tech-savvy, I wouldn't be surprised if the sites in question were running an unpatched version of Apache and were susceptible to this:


But that is pure speculation. What I'm trying to say is there are far more tools than LOIC to pull of a DDOS attack.

riaa.org, mpaa.org, and universalmusic.com I could see being unpatched, but I would have thought justice.gov would have to be patched for compliance reasons.

That's a logical point. But compliance with what? All I can find after a quick google search is National Institue of Technology GUIDELINES, and the only laws mentioned seem to deal with user privacy.

In fact, the only compliance regulations I know of with government sites have to do with accessibility.

[EDIT] Wait, I might be wrong. The DoD guide seems to cite quite a few regs, some of which may apply to the Justice department. Too bad I can't check their site :P


> but I would have thought justice.gov would have to be patched for compliance reasons.

I don't think that's true. I'd imagine the server behind justice.gov has no connectivity to anything important for compliance reasons, so patching it isn't really a big deal.

Relevant xkcd: http://xkcd.com/932/

I'd be surprised, if I had the funds these organizations do and I knew I would be a likely be a target for this kind of thing I'd at least hire a security consultant to check these things over for me.

I was under the impression that Anonymous was just kind of a brand that anyone who wanted to could assign credit to for their activities (since they have the publicity infrastructure in place)

You're correct. But I believe there's a certain amount of coordination going on behind the scenes in order to arrange significant activities.

Anonymous is an interesting cultural phenomenon, but hiding behind a common shared identity is not new. For example, see here:



I'm trying hard to think of what could be more counterproductive to the gains made in combating SOPA and PIPA over the last week than this, and I basically can't think of anything. Unbelievable.

So taking a few sites down for a short while is counterproductive, but completely destroying a business without due process is the normal civilized legal procedure?

It's time we realized that we are no longer in the warm embrace of freedom and democracy here. Sure, it's throwing stones while the other party is using heavy artillery, but that's how uneven struggles start.

If anything, this Megaupload episode shows (and not for the first time) that SOPA and PIPA are just a distraction, and there are no real gains to be made here. We've already lost, they already have all the power they need. Megaupload is gone, complete with the data (and personal information) of thousands of users worldwide. Any actual trial that may follow is just for show, just like the whole SOPA debate.

I'm a completely anti-copyright, pro-piracy, pro-megaupload person, but there was due process and complete legitimacy with them taking down megaupload.

Perhaps megaupload are not guilty of anything, but this entire episode was completely legal and proper. The owners were indicted and they served injunctions against the servers, and seized their domains. They have treaties with all of the countries involved to extradite the operators.

Regardless, this does not make it okay to DDoS government websites offline. It's really easy to download LOIC and DDoS whatever websites are mentioned in #anonops, but you relinquish all moral high ground in the process.

In fact, this rarely does anything. The websites usually just mitigate the attack within a couple hours, and in hindsight it just looks like a hissyfit that got nowhere.

exactly. It's an uncreative form of hacking.

Lets say you're completely right. What then would be the productive thing to do next?

To my mind the obvious answer to that is to work on gaining more support. Anonymous doesn't have anywhere near the power or support to change the world by themselves. They need other people.

But most other people respect private property (and would consider an organization's website private property). So random destructive acts don't help you gain support.

Note: I'm not saying they need to stay completely between the lines here. If Anonymous members put up a website stating their case and then hacked other sites with a relatively respectful message that makes their points and then links them to the Anonymous site for more information that would be productive.

Bottom Line: Making a difference means drawing people to the power of your ideas not the power of the technology you use to vandalize other sites.

Exactly, websites making a legit protest against stuff like this need to distance themselves from these idiots as much as possible.

Being confused with cyber terrorists will not strengthen anyones goals (apart from pro SOPA etc).

... unless it's a false flag.

While it's a bad way to protest in many ways, I somehow feel that it's pretty fair considering that Megaupload was taken down without a trial. Both sides taking the laws in their own hands, except that the media industry gets away with it.

(Yes, I do consider taking a site down without a trial an abuse of the system.)

> I do consider taking a site down without a trial an abuse of the system.

Agreed. Every other type of business gets to continue operating with the government just taking their books to investigate them and their practices. However any dotcom will have their entire business and profitability shut down the moment the government wants to investigate one iota of what they're doing/done. It also won't be returned for 3 years and when it is it will be in poor/unusable condition overlooking the fact that it's now likely technologically useless to a dotcom.

I'm not sure this is the kind of PR that SOPA opponents need right now. I'm not saying that attacking UM website is good or bad, but the timing is certainly awkward imho.

I thought the same. There couldn't be an easier way to say, "Look at the lawlessness of the internet. These pirates have to be stopped, oh, and they're also a threat to homeland security."

Yeah, this was a really bad idea on all counts.

EDIT: I don't care about being downvoted, but I would like to know why anyone thinks this is a good idea? It accomplishes nothing and makes us look bad. I understand why people are upset, but this does not help.

I don't really want to get meta but it's possible you were downvoted not in disagreement but because someone felt your post contributed little more than a "+1" post.

You might be right about that, but I think it's pretty important not to get mixed up with this.

I know they're not really doing anything harmful to the computers, but they're making us look like criminals.

Isn't the other side that it supports why SOPA isn't fair in seeing how a GOV site was taken down without due process?


That's irrelevant to the optics of the situation, however. SOPA's efficacy at preventing any of these acts wouldn't be a factor in its proponents' use of them to advocate in favour of it.

Yeah, no amount of logic matters when appealing to the general public. Right now, the average person thinks Megaupload anonymously took down the DOJ.

This is another case of: http://xkcd.com/932/

Seriously. They're taking down websites. If it was, like, eBay or Amazon or something, and 100% of business was conducted through their website, it would be meaningful. In this case, no business goes through the website, and it just seems like it would be an annoyance.

Which means it's a PR victory for anonymous ; it makes them appear stronger than they are.

Also, unfortunately, a PR opportunity for the RIAA who can now point to the wild west of the internet and the fact that sites like Megaupload are supported by the most "dangerous" hackers in the world, the guys who took down the DOJ.

sites like Megaupload are supported by the most "dangerous" hackers in the world, the guys who took down the DOJ

Wait for it, you'll hear this line nearly verbatim on Fox News.

"Megaupload had been brought down by federal authorities and four people linked to the site, all outside of America, were arrested and charged with a conspiracy related to copyright infringement."

Are they also held in Guantanamo, or were they executed on the spot?

We probably have extradition treaties with those countries. And if those countries signed the Berne Convention, those jurisdictions must uphold US copyrights.

extradition != arrest

You need to habeas some corpus before you can put that corpus on a plane to America.

But isn't extradition only applicable after you have been found guilty?

Not usually, since the act might not even be illegal in the jurisdiction where you are finally arrested. Usually you're brought back for a trial and sentencing.

sorry, I was unclear and referred to a trial in the country asking for extradition, but you answer is good anyway, thanks.

If the MegaUpload owners are Muslim, it wouldn't surprise me one bit.

(Horrify me, yes, but not surprise me).

I hate to be the guy who bemoans fun, but I'm sure this makes the Senators who changed their minds over SOPA lately feel great about who they're on the side of.

Anonymous operative Barrett Brown So that guy still goes around pretending he is some Anonymous official? What a weird character: http://www.dmagazine.com/Home/D_Magazine/2011/April/How_Barr...

I just downloaded their page (not via browser) and saw that they've just taken this code: http://pastebin.com/grNdf3Mj (safe to visit, plaintext) and wrapped the js in a self invoking function. At the end of the function they included a call to another function which starts firing.

The original script required users to click the fire button but this does it by itself on load.

Strangely the current 'attack' page also features the google ad script, a twitter widget, kontextua ad script and whos.amung.us visitor tracking.

Based on the extremely slow loading of both sites, it seems to be a DDOS.

Don't feel too sorry for megaupload, they did manage to rake in several hundred million dollars.

That's a very large figure. Source?

Not quite a several hundred.

Page two of the grand jury indictment linked from original post says, "...reported income in excess of $175,000,000."

Still a very large figure.

That's before expenses, depending on their hosting costs etc they could have lost money. IMO, profit may have been in the 10's of millions but copying them is unlikely to make you rich.

> “It was in retaliation for Megaupload, as was the concurrent attack on Justice.gov,” Anonymous operative Barrett Brown tells RT on Thursday afternoon.

I hope that's a pseudonym.

Barrett Brown is neither a pseudonym, nor an operative. He was, at one time, a self-described spokesman for Anonymous. He since has said that he is no longer an active participant, but that he hangs out in IRC to keep abreast of goings-on.

Ahh, pure e-thuggery. I'm sure the DOJ will think twice about using international treaties to enforce federal law next time?

i'm just amazed when i read about hacks like this. i can't help to think that these guys really know their shit and seem kinda "powerful."

not because they did it, but because they know how to. i wish i understood the web's infrastructure more.

It's just brute force. It's not like they're sneaking into the site and disabling the web server. They're just assaulting it from the front until it cracks under the pressure. In other words, they're taking down the site, but they're not gaining access to any of the source or data in the site, or gaining control over the servers.

ahhh. i thought they gained access, etc.. thanks for the clarification.

Take HN commenters' infosec analysis with a large grain of salt. Their assumption is that everyone is a script kiddie, especially Anonymous. Even if there is a call for a DDOS, infiltration and gained access could likely precede or follow as a supplement to the attack.

Let us not forget that DOS attacks present potential for man-in-the-middle attacks. Its a perfect cover for their real hacking teams to infiltrate and gather further intelligence.

good point, in other words its a bunch of guys without girlfriends.

Indeed. There are very few sites that can hold up to even a blunt hammer like LOIC.

Well, let's see Anonymous host a website. I'm sure the DOJ or FBI could take it down, by legal or technical means. What is the point? There's no such thing as a webserver that "never goes down", or a network that is "always up". Things fail under stress, things are taken offline and put back online, and redundancy or rerouting usually covers it all up. Not all organisations put 100% of their efforts into maintaining an external public website that "stays up" 24/7. I doubt any member of the public is pounding their keyboard because they can't access the FBI, DOJ or UMG websites. How many visitors do you think those sites even normally receive?

Do you think these organizations are going to sit back and let their sites get shut down without a response? No, they're going to ramp up their security and network teams to subvert the attack and make sure the attack isn't covering a penetration. Bring down the firewall, bring down the company. It costs real money to keep a company running through a DDoS.

It´s indeed a LOIC on all those sites.

WARNING: It looks like these links actually cause your computer to attack sites. Don't click these if you have a problem with that, fear getting arrested, etc.

EDIT: seems that the parent comment was edited :)

This is correct! NSFW!!!

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact