The tool of choice has been a simple open-source software program colorfully named Low Orbit Ion Cannon, or LOIC, that requires no technical or hacker skills to launch. All a would-be laser wielder would need do is download the tool, which they can operate manually or connect to “Hivemind,” a control system that make their computers part of a “voluntary botnet” that Anonymous commands.
It’s an interesting vocabulary choice. Most botnets are operated by organized-crime groups who use viruses to install malicious software and then link their involuntary conscripts – in some cases, millions of them – into networks used for everything from spamming to DDoS attacks. Anonymous promised that LOIC is not a virus and that the chances of getting caught or arrested for using it are “next to zero.”
Some, including Malcolm Gladwell, have noted how little personal risk has been involved in digital activism. But in this case, it may not be without danger. Unless LOIC users employ additional tools to make themselves anonymous, their I.P. addresses—the numerical strings that identify their computers—are visible, making these users trackable, according to Dutch university researchers. “The current attack technique can therefore be compared to overwhelming someone with letters, but putting your address at the back of the envelope,” they said. (Indeed, two Dutch teens have beenarrested.)
So how big is this voluntary pro-Wikileaks army anyway? It’s hard to know. The Windows version of LOIC was downloaded more than 53,000 times late last week, according to the developer, who goes by the name “NewEraCracker.” A new, similar program has emerged called HOIC, or Higher Orbit Ion Cannon. And there is a Mac version of LOIC, though it apparently can’t be connected to Hivemind. On Sunday, someone released an attack tool for mobile devices. (For those who didn’t dare download software, there was a Web site where they could hit the anointed targets, though their “attack” amounted to hitting refresh on the target sites a bunch of times.)
Fifty thousand is probably the “high-water mark” for a possible participant tally, says Craig Labovitz, chief scientist at security firm Arbor Networks. People tend to drop off, and lots of security pros have been downloading the tools, too.
However, Mr. Labovitz notes that a well-designed botnet doesn’t need millions of machines to gum up a site’s works, especially when hitting site that aren’t well defended. Today’s more sophisticated DDoS attacks make specific, highly costly requests of a target’s servers. Essentially, they crank call a pizza place and order lots of pizzas with complicated toppings, rather than just fill up the shop’s phone lines.
“Right now I don’t think [LOIC is] very sophisticated,” he says. But it has been improving, and “we’ve seen with Linux what a dedicated group of volunteers can do.”
To date, online political activism has been focused on tamer activities: communicating and expressing opinions, raising money, recruiting volunteers and organizing real-world gatherings. This more aggressive action is destined to provoke more calls for more controls on the Internet, said Rebecca MacKinnon, co-founder of Global Voices Online, at a symposium held by Personal Democracy Forum in New York.
Rather than quash Internet freedom, we ought to examine the source of the conflict, she argued. The public square is moving into a digital realm where the infrastructure is owned and controlled by private companies – from payment processors to Amazon and Facebook – with no legal requirement to protect controversial speech. “Companies need to recognize they have this responsibility,” she said, and put accountable processes in place for deciding who may or may not use the infrastructure.
Meanwhile, Wikileaks sympathizers would be better off taking more effective steps, like “mirroring,” or making online copies, of Wikileaks’ Web site, argued the hacker magazine 2600. Helping WikiLeaks stay online is a much better “method of keeping the flow of information free.”
0 comments:
Post a Comment