By Graham Cluley
Naked-Security
In the past, Anonymous has encouraged supporters to install a program called LOIC (Low Orbit Ion Cannon) which allows computers to join in an attack on a particular website, blasting it with unwanted traffic. This time, things are slightly different: you only have to click on a web link to launch a DDoS attack.
We’ve seen many links posted on Twitter, and no doubt elsewhere on the internet, pointing to a page on the pastehtml.com website. If you visit the webpage, and do not have JavaScript disabled, you will instantly, without user interaction, begin to flood a website of Anonymous’s choice with unwanted traffic, helping to perpetuate a DDoS attack.
Don’t forget, denial-of-service attacks are illegal. If you participate in such an attack you could find yourself receiving a lengthy jail sentences.
With this method, however, Anonymous might be hoping that participants could argue that they did not knowingly assist in the DDoS attack, and clicked on the link in innocence without realising what it would do.
I’m not a lawyer, so I can’t tell you if that’s going to be an adequate defense or not if you end up in court.
Warning: Twitter Users To Be Jailed, Tricked Into Joining Anonymous Cyber Attacks On U.S. Gov’t
Hacker group Anonymous have become a cult hit on Twitter, with 249,000 followers – but security experts Sophos warn that fans, are being tricked into taking part in its attacks. Links being forwarded via Twitter actually make people’s PCs part of Anonymous’s ‘denial of service’ attacks against U.S. government sites and anti-piracy organisations.
The links are being forwarded as part of Anonymous’s recent ‘Operation Megaupload’ – a retaliation for the U.S. government ‘taking down’ a file-sharing site. They look like ordinary web links, but launch cyber attacks from whatever PC you access them on. People who click the links unwittingly become part of Anonymous’s attacks – and hit any website that the ‘hacktivist’ group chooses.
It’s a change of tactics for Anonymous – and security experts warn that claiming you clicked on a link by accident may not be a defense. The attacks, a ‘denial of service’ attack, rely on thousands of PCs sending information to sites at once to crash them.
