Edit: Add mpaa.org to the mix, as well as an attempt on fbi.gov. They'd have to have several gigs worth of bandwidth available to be able to hold all 4 sites down simultaneously. With average upload speeds in the hundreds of kilobits, that's a reasonably large botnet (50k-100k, as an pulled-from-ass guestimate).
"The Largest Attack Ever by Anonymous - 5,635 People Confirmed Using #LOIC to Bring Down Sites! #Anonymous"
On a separate note, I would have thought they had learned their lesson re: LOIC after OP:Payback. I guess we'll be seeing another string of arrests in the coming months.
Basically, LOIC is a ticket to jail. The fact that it was used for so long without repercussions is that the Feds didn't care enough to do anything. That all changed with OP:Payback.
Street protests make whole streets inaccessible, and may disable access to stores, businesses or what not.
I'd also consider it a form of peaceful protest. Well, actually it's just data, nobody gets physically harmed so it's always peaceful. Anyways, you are not stealing data and you are not permanently harming the system. You basically do something the site is made for (serving requests). If you consider that a crime you could also consider telling a huge people to phone a company and complain about something a crime. I mean this certainly leads to a denial of service, because it makes it virtually impossible for others to use that service.
I for myself am a bit lazy for these kinds of protests. I actually prefer informing people so they draw their own conclusion, but I would never call something like that a crime. IMO it should be treated like a freedom. I know this can cause financial damage, but it's still not harming people. I mean every news article, every kind of information and just saying something like "Nike is child slavery" or "fast food from McDonalds is unhealthy" can make people not buy stuff there and therefore cause financial damage. In first place it's about an institution and we shouldn't consider an institution something that has human rights, because it devalues natural people.
On HN's frontpage, hours before the take down, then this.
But I take your point , it contributes to a general "the internet is scary" atmosphere.
"Anonymous" is so handy, if they didn't exist the government would just have to invent them.
I can't think of a specific time in a normal HTTP request that would use a user-supplied hash.
I would assume only a minority of pages on the average site would eat CPU so surely the sensible defense to this would be to impose a maximum CPU usage on these parts so the rest of the website continues to work.
where the x and y keys are going to have the same hash value, so that when it uses those vars in a page it will hit the same hash bucket and become O(n) not O(1)?
Of course you would want to send a lot of different vars in.
Reeling in unwitting volunteers from Twitter
var i = new Image();
i.src = target + randId + msg;
... // event handling
If they are tricking people into performing what is potentially a criminal act then they lose the limited amount of respect I did have for them.
Once you start doing thousands of concurrent connections you more likely to kill your router anyway.
But that is pure speculation. What I'm trying to say is there are far more tools than LOIC to pull of a DDOS attack.
In fact, the only compliance regulations I know of with government sites have to do with accessibility.
[EDIT] Wait, I might be wrong. The DoD guide seems to cite quite a few regs, some of which may apply to the Justice department. Too bad I can't check their site :P
I don't think that's true. I'd imagine the server behind justice.gov has no connectivity to anything important for compliance reasons, so patching it isn't really a big deal.
Relevant xkcd: http://xkcd.com/932/
Anonymous is an interesting cultural phenomenon, but hiding behind a common shared identity is not new. For example, see here:
It's time we realized that we are no longer in the warm embrace of freedom and democracy here. Sure, it's throwing stones while the other party is using heavy artillery, but that's how uneven struggles start.
If anything, this Megaupload episode shows (and not for the first time) that SOPA and PIPA are just a distraction, and there are no real gains to be made here. We've already lost, they already have all the power they need. Megaupload is gone, complete with the data (and personal information) of thousands of users worldwide. Any actual trial that may follow is just for show, just like the whole SOPA debate.
Perhaps megaupload are not guilty of anything, but this entire episode was completely legal and proper. The owners were indicted and they served injunctions against the servers, and seized their domains. They have treaties with all of the countries involved to extradite the operators.
Regardless, this does not make it okay to DDoS government websites offline. It's really easy to download LOIC and DDoS whatever websites are mentioned in #anonops, but you relinquish all moral high ground in the process.
In fact, this rarely does anything. The websites usually just mitigate the attack within a couple hours, and in hindsight it just looks like a hissyfit that got nowhere.
To my mind the obvious answer to that is to work on gaining more support. Anonymous doesn't have anywhere near the power or support to change the world by themselves. They need other people.
But most other people respect private property (and would consider an organization's website private property). So random destructive acts don't help you gain support.
Note: I'm not saying they need to stay completely between the lines here. If Anonymous members put up a website stating their case and then hacked other sites with a relatively respectful message that makes their points and then links them to the Anonymous site for more information that would be productive.
Bottom Line: Making a difference means drawing people to the power of your ideas not the power of the technology you use to vandalize other sites.
Being confused with cyber terrorists will not strengthen anyones goals (apart from pro SOPA etc).
(Yes, I do consider taking a site down without a trial an abuse of the system.)
Agreed. Every other type of business gets to continue operating with the government just taking their books to investigate them and their practices. However any dotcom will have their entire business and profitability shut down the moment the government wants to investigate one iota of what they're doing/done. It also won't be returned for 3 years and when it is it will be in poor/unusable condition overlooking the fact that it's now likely technologically useless to a dotcom.
EDIT: I don't care about being downvoted, but I would like to know why anyone thinks this is a good idea? It accomplishes nothing and makes us look bad. I understand why people are upset, but this does not help.
I know they're not really doing anything harmful to the computers, but they're making us look like criminals.
Wait for it, you'll hear this line nearly verbatim on Fox News.
Are they also held in Guantanamo, or were they executed on the spot?
(Horrify me, yes, but not surprise me).
The original script required users to click the fire button but this does it by itself on load.
Strangely the current 'attack' page also features the google ad script, a twitter widget, kontextua ad script and whos.amung.us visitor tracking.
Page two of the grand jury indictment linked from original post says, "...reported income in excess of $175,000,000."
Still a very large figure.
I hope that's a pseudonym.
not because they did it, but because they know how to. i wish i understood the web's infrastructure more.
Let us not forget that DOS attacks present potential for man-in-the-middle attacks. Its a perfect cover for their real hacking teams to infiltrate and gather further intelligence.
EDIT: seems that the parent comment was edited :)