DDoS war
Introduction
Last week in our article Ways to use botnets, we discussed among other issues, botnets for hire. One example we mentioned in our article was the company Aiplex Software, which was hired to try stop illegal distribution of copyrighted material. Aiplex Software used some unorthodox means to accomplish this, including Distributed Denial of Service (DDoS) technology to disrupt the sites that served the material.
Payback time
It did not take long however, before parts of the Internet community made a counter-move. A group, called "Anonymous", which was angry about Aiplex' behavior, set up a coordinated counter attack, and Aiplex Software's web site was taken down by a retaliated Distributed Denial of Service attack (RDDoS, might be an appropriate abbreviation for this phenomenon). As of this writing, Aiplex Software's web site still does not respond to web requests.
The counterattacks did not end by this success, however.
After Airplex was taken off the net, the group set up new attacks against the Recording Industry Association of America (RIAA) and the Motion Picture Association of America (MPAA). Both of these were also more or less unavailable during the next days.
"Anonymous" posted a letter online, in which the group describes the actions and the reasoning behind what was named "Operation: Payback is a Bitch".
(...) Anonymous is sick and tired of these corporations seeking to control the internet in their pursuit of profit. Anonymous cannot sit by and do nothing while these organizations stifle the spread of ideas and attack those who wish to exercise their rights to share with others. (...)
The letter is available here.
Participants in Anonymous' attacks
During the hours before the coordinated attacks, information about this, as well as requests to participate, were posted on the Internet.
We may guess that some people who normally do not engage in cybercrime, but who sympathized with the idea of freely available Internet content, volunteered to take part in the attack. The invitation had detailed instructions regarding how to do this.
Those who were willing to participate in the attack could do so with little effort. Furthermore, participating in such an attack, which probably would be illegal in most jurisdictions, had little chance of resulting in any (serious) consequences for the participants.
Compared to “old-fashioned” demonstrations where one can get physically hurt or arrested, participating in virtual protests require less effort and risk, but still poses a very significant threat to the party that is focused upon, as the cases mentioned above clearly show. Even if someone participating in a botnet, which were used for DDoS attacking, were found out, the option to use the "standard malware excuse" (*) is an option difficult to refute.
Preventive action points
As we mentioned in our previous security article taking down botnets is difficult.
Endpoint defense - like antimalware software and firewalls - will help, but it is a fact that these measures do not fully suffice. Coordinated efforts from organizations operating at a higher level in the Internet infrastructure (e.g. Internet Service Providers and Registrars) have so far proved to be quite effective, although these efforts are resource-demanding and require highly skilled security expertise in order to pinpoint the culprits and avoid "false positives". Such coordinated actions may not be feasible to combat smaller botnets of an ad hoc type.
We will continue to investigate and analyze botnets and the ongoing struggle against this threat. For sure, this is not the final security article from Norman in which botnets are discussed.
(*)
Standard malware excuse: Arguing that the reason why malicious programs and/or content (e.g. botnet software) were found on the computer is because it was infected without the owner's knowledge.
