Anonymous Launches DDoS Attack on USChamber.com

Tuesday, May 24, 2011

Headlines

69dafe8b58066478aea48f3d0f384820

After dealing with some internal strife and remaining relatively silent for some time, the rogue movement Anonymous has launched a distributed denial of service (DDoS) attack against the U.S. Chamber of Commerce website.

The campaign was launched in protest of the Protect IP Act, a legislative proposal that would essentially cut off U.S. Internet users from accessing any website the government decides is blatantly in violation of copyright infringements, as well as any site that attempts to mirror the offender's content.

The legislation would also require search engines to eliminate references to the offending sites from their search indexing, as well as require advertising networks and payment services to cease business with the blacklisted sites.

The press release posted on AnonNews.com states: 

"This message is a response to recent actions of the U.S. Government, the RIAA, the MPAA and others. For some time now, powerful interests have been vigorously lobbying the US Government in a campaign to censor the Internet. The PROTECT IP Act is the result of their campaign. Through domain seizures, ISP blockades, search engine censorship, and funding cuts to allegedly copyright infringing websites, the PROTECT IP Act will take Internet censorship to the next level. In its present form, this act threatens the very foundation on which the Internet was built: freedom of thought."

The Protect IP Act would allow the Justice Department to decide which websites were in violation of copyright laws, as well as provide the opportunity for copyright holders to file for court orders to have infringing websites blacklisted and blocked.

"This bill would allow the US Government to force ISPs and search engines to censor websites they do not like under the guise of "copyright protection". Instead of reducing piracy, this bill endangers the free flow of information. Through domain seizures, ISP blockades, search engine censorship, and the restriction of funding to websites accused of infringement, this bill promises to take Internet censorship to the next level. Furthermore, it violates the citizens ' rights to due process, to free speech, to free expression and to legal representation at their hearing."

Attachment

The Anonymous campaign is being coordinated through the OperationPayback Web IRC, which displayed the following messages leading up to the attack:

Current Target: U.S. PROTECT IP Bill (www.uschamber.com)

Target: www.uschamber.com || Status: FIRE!

At the time of this article's publication, the U.S. Chamber website was experiencing intermittent downtime, and the Anonymous IRC discussion showed indications that the Chamber may have implemented defensive measures with the aid of a service called DosArrest.

Anonymous now seems to be probing the systems for other vulnerabilities, such as susceptibility to a SQL-based attack:

Ocean80: Timeline: 8:00pm - Protest launched. 8:20 - site was down. 8:30 - site returned online with aid from DosArrest, a DDOS protection website (commerce paid $5000/hr for their services). At around 10:00pm, members started probing SQLi vulns...their was little success with the SQL attacks due to a lack of admin panel, however, the vulns are there...

Anonymous employs a downloadable tool called the Low Orbit Ion Cannon for the DDoS attacks, and makes the tool available for download to those who want to participate.

The success of an attack largely depends on the operation organizer's ability to publicize and gain crowd-sourced participation for the attack "hive". Operations that fail to attract enough participants fail to take the targeted website off-line.

Most recently, Anonymous had targeted Sony with a DDoS attack campaign in early April, but called off the assault after receiving backlash from Sony customers who did not appreciate the network downtime. When the network failed again due to the network breach, Anonymous issued a press release on April 22 that sought to dispel any notion that the movement had taken part in the latest PSN outage.

Anonymous is also known for having breached the systems of HBGary Federal - a security company who was involved in efforts to reveal the identities of the Anonymous leadership - and for defacing the website of the controversial Westboro Baptist Church.

Anonymous has also previously targeted the websites of PayPal, Visa, MasterCard, PostFinance Bank, Amazon, Bank of America and others who had halted business relations with WikiLeaks, as well as also launching attacks against the websites of Senator Joe Lieberman and Sarah Palin for speaking out against the WikiLeaks data dumps.

Possibly Related Articles:
22423
Network->General
Denial of Service SQl Injection Attack DDoS Headlines Anonymous Hacktivist LOIC Protect IP Act U.S. Chamber of Commerce
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.