Anonymous, the amorphous hacktivist collective, has claimed its “largest attack ever” on 10 music industry and government websites in retaliation for Thursday’s shutdown of MegaUpload.
An Auckland court has refused bail to New Zealand resident Kim Dotcom, aka Kim Schmitz, and three other individuals alleged to be involved in running MegaUpload and its vast network of file-sharing sites, after the US Department of Justice charged seven people with copyright infringement, racketeering and money laundering.
Soon after the news broke, sites including the FBI, the US Department of Justice and the White House, as well as Warner Music, Universal Music and the Recording Industry Association of America (RIAA) were knocked offline by a distributed denial of service attack (DDoS), whereby sites are flooded with more traffic than their servers can handle.
UPDATE: In a second wave of attacks on Friday, Anonymous claimed credit for taking out the New Zealand police’s website and movie studio MGM’s online store. The group said it was again targeting the FBI and Department of Justice sites too.
Data from Akamai, a content delivery network, showed global internet traffic spiked up to 24 per cent higher than normal during Thursday night’s DDoS wave.
With no small amount of glee, Anonymous claimed responsibility for the attacks from various Twitter accounts and other online statements. One tweet indicated 5,600 people were involved in Thursday’s assaults.
“The FBI didn’t think they would get away with this did they? They should have expected us,” Anonymous said in a press release which also posted what it claimed to be the home address and other personal details of Chris Dodd, chief executive of the Motion Picture Association of America, and his wife.
Anonymous, which has previously targeted Sony and the Church of Scientology among many others’ websites, rose to prominence after a wave of attacks on payment firms and hosting providers who were seen as opponents of WikiLeaks, the whistleblowing site whose free-speech goals the hacktivist group says it shares.
The affected sites came back online after a time but, if Anonymous is to be believed, so too has MegaUpload, with several IP addresses being passed around Twitter supposedly leading to the revived site.
However, such links should be handled with care. Graham Cluley, senior technology consultant at Sophos, has warned of a new tactic by Anonymous which appears to have helped to scale up its attacks.
“In the past, Anonymous has encouraged supporters to install a program called LOIC (Low Orbit Ion Cannon) which allows computers to join in an attack on a particular website, blasting it with unwanted traffic.
“This time, things are slightly different: you only have to click on a web link to launch a DDoS attack… If you visit the webpage, and do not have JavaScript disabled, you will instantly, without user interaction, begin to flood a website of Anonymous’s choice with unwanted traffic, helping to perpetuate a DDoS attack.”
This method may have encouraged many people to unwittingly participate in the attacks or give Anonymous activists an “I didn’t know what I was clicking” excuse.
The attacks immediately prompted awkward parallels with Wednesday’s voluntary blackout of Wikipedia and other popular websites in protest at two proposed US anti-piracy laws, SOPA and PIPA.
John Perry Barlow, co-founder of the Electronic Frontier Foundation, a leading campaigner against SOPA, tweeted: “Dear Anonymous… I don’t want to sound like your Uncle Gandhi, but DDoS is its own form of censorship. Chill, please.”
Some commentators have speculated that the timing of the MegaUpload raid was no coincidence – either because of the blows to SOPA and PIPA from Wikipedia and Google’s online lobbying, or as a deliberate attempt to provoke Anonymous into action, perhaps paving the way for further arrests. Several alleged Anonymous members have already been charged with hacking offences around the world in recent months.
Cary Sherman, chief executive of the music-industry body RIAA, was quick to welcome the arrests from people allegedly connected with MegaUpload, which the Justice Department’s indictment said had its main data centre in Virginia.
“We are deeply grateful to the Justice Department professionals who worked tirelessly on this case for two years,” Mr Sherman said in a statement. “The government has many tools at its disposal, including criminal prosecution. But if this service were hosted and operated, for example, in a foreign country, our government would be essentially powerless to do anything about it. That needs to change.”
