Continued cyber warfare

Megaupload Shutdown Prompts Continued Anonymous Attacks, New Tactics

Hacker collective Anonymous continued its attack on the Justice Department Web site today in retaliation for yesterday's Megaupload takedown.

PR Magazine,

20 January, 2012

Separately, different versions of Megaupload popped up all over the Web in a "high tech game of whack-a-mole," ABC News reported.

"US Department of Justice http://justive.gov TANGODOWN (yeah again and again...) #ALLYOURBASEAREBELONGTOUS #Anonymous #cocks," Anonymous tweeted this afternoon.

Justice.gov has been intermittently accessible today; as of 2:45pm Eastern time, it was offline. In a statement issued last night, the DOJ said its server was experiencing "a significant increase in activity, resulting in a degradation in service."

The agency said it was investigating the origins of the attack, "which is being treated as a malicious act until we can fully identify the root cause of the disruption."

Last night, Anonymous also successfully targeted the Web sites of the FBI, the Recording Industry Association of America, the Motion Picture Association of America, and Universal Music.

The distributed denial of service (DDoS) attacks came after the DOJ shut down Megaupload.com for massive copyright infringement. Property and domains were seized and executives were indicted on numerous charges that could land them in jail for up to 50 years.

According to data from Imperva, Anonymous used a low orbit ion canon (LOIC) to DDoS the Web sites.

"Looking at the LOIC downloads so far this year, its clear there has been a sudden, sharp increase in the past few days which coincides with the latest Anonymous campaign," Imperva said in a blog post.

The attack tool was downloaded most in the United States, Imperva said, at 7,328, followed by France and Brazil with about 4,000 downloads each. Germany and Spain rounded out the top five.

In addition to a LOIC that is downloaded and used locally, however, some Web sites deployed a tool that will DDoS that site simply by loading it, Imperva said. Security firm Sophos reported the same phenomenon.

"We've seen many links posted on Twitter, and no doubt elsewhere on the Internet, pointing to a page on the pastehtml.com website," Sophos analyst Graham Cluley said in a blog post. "If you visit the webpage, and do not have JavaScript disabled, you will instantly, without user interaction, begin to flood a website of Anonymous's choice with unwanted traffic, helping to perpetuate a DDoS attack."

Cluley suggested that Anonymous might be using this tactic because hackers could claim they were unwitting participants.

"Don't forget, denial-of-service attacks are illegal. If you participate in such an attack you could find yourself receiving a lengthy jail sentences," he wrote. "With this method, however, Anonymous might be hoping that participants could argue that they did not knowingly assist in the DDoS attack, and clicked on the link in innocence without realising what it would do."

Megaupload.com remains offline, but as ABC reported, new iterations of the site are popping up online, like one hosted at http://109.236.83.66, which claims to be the new Megaupload but has no functionality. Megavideo.bz was another one, but that appears to be down. Some users would likely be happy to see Megaupload come back online, even briefly, as there are many legitimate files stored on the site in addition to the pirated material.

In a statement, the DOJ said the recovery of legitimate files "is still an ongoing matter."

"It is important to note that Mega clearly warned users to keep copies of any files they uploaded," the DOJ continued. 

"Megaupload.com expressly informed users through its Frequently Asked Questions ('FAQs') and its Terms of Service that users have no proprietary interest in any of the files on Megaupload's servers, they assume the full risk of complete loss or unavailability of their data, and that Megaupload can terminate site operations without prior notice."

The Megaupload shutdown came the same week that many top Web sites went dark in opposition to the Stop Online Piracy Act (SOPA) and the PROTECT IP Act (PIPA). The anti-piracy measures would go after overseas, "rogue" Web sites, but detractors argue they are too far-reaching and could harm legitimate Web sites.

After Wednesday's blackout and much public backlash, the sponsors of PIPA and SOPA announced today that they would delay any action on both bills in order to reach a more agreeable solution.

For article with links GO HERE