STE WILLIAMS

Anonymous Wikileaks supporters mull change in tactics

‘Coldblood’, a member of the group Anonymous, tells Jane Wakefield why he views its attacks on Visa and Mastercard as defence of Wikileaks.

Web attacks carried out in support of Wikileaks are being wound down as activists consider changing tactics.

Attacks against Amazon were called off late on 9 December and re-directed towards net payments firm Paypal.

Analysis suggests the earlier attacks were made more effective by the involvement of hi-tech criminals.

At the same time one wing of the activist group suggested ditching the attacks and doing more to publicise what is in the leaked cables.

Site saving

The attacks have been carried out using a tool, called LOIC, that allows people to bombard a site of their choosing with data or let the target be chosen by those running the Anonymous campaign.

Luis Corrons, technical director of Panda Labs, said during its investigation of Anonymous’ attacks its analysts got talking to some of the activists via Internet Relay Chat (IRC).

One of those activists said he had a botnet of 30,000 machines under his control that he was planning to use on behalf of Wikileaks.

“The guy said he had this botnet which was nothing special and was not specifically designed to do these attacks but could be used to do them,” said Mr Corrons.

A botnet is a network of hijacked home computers that have been compromised by their owners visiting a booby-trapped webpage that installs code to hand over control to a hi-tech criminal.

Mr Corrons said a botnet with 30,000 machines in it was “about average size”. Most of the spam sent around the net is funnelled through machines that are in botnets.

It was becoming clear, he said, that some attacks were aided by the 30,000 machines under the cyber criminals control.

“We know for sure the botnet was used in at least one attack on Paypal,” he said.

Panda itself has come under attack with its blog knocked offline for hours by an attack very similar to those Anonymous has been carrying out. Mr Corrons said that, so far, it did not why it was being attacked or who was attacking it.

Fresh leaks

There are also suggestions that the Anonymous group might be about to drop the web attacks in favour of another tactic.

A message posted on the 4chan image board, out of which Anonymous has grown, suggests dropping LOIC in favour of publicising information in the diplomatic cables that Wikileaks is releasing.

Searching for the less-well publicised cables and spreading the information they contain around the web could be more effective than simply knocking out sites deemed to be enemies of Wikileaks, it said.

The message also suggests using misleading tags on posts and YouTube videos to trick people into reading or viewing the information.

“They don’t fear the LOIC, they fear exposure,” read the message.

It is not yet clear if the call to change tactics has been taken up by the Anonymous group at large.

In related news, Wikileaks looks set to have a rival as former staffers of the whistle-blowing website prepare to launch. Set up by Daniel Domscheit-Berg, Open Leaks is expected to launch in mid_December and will host and post information leaked to it.

Is taking part in these attacks illegal?

The short answer is yes, according to Struan Robertson, legal director at law firm Pinsent Masons.

He told the BBC that in the UK, taking part in the attacks would be a breach of the Computer Misuse Act.

He said that anyone found guilty of taking part could face “up to ten years imprisonment”.

“Even downloading the [software] tools to assist in committing these attacks… are themselves guilty of an offence,” he said.

He said this could carry a sentence of up to two years in the UK.

Different countries will have different laws and penalties.

However, security expert Peter Wood said that in practice it would be very difficult to track down the people involved because the attacks used “anonymising software” to hid their tracks online.

The tool launches what is known as a distributed denial of service (DDoS) attack which tries to knock a website offline by bombarding it with so much data that it cannot respond.

The LOIC tool has been downloaded more than 46,000 times but, said Anonymous activists in a tweet, this did not translate into enough people using it to knock the retail giant off the web.

Instead, the attack was re-directed towards Paypal and its computer systems which, according to a status page, has intermittently suffered “performance issues” ever since.

Early on 10 December Moneybookers was chosen as the next target and its site was occasionally unreachable from about 1100 GMT.

The chances of success could be boosted by a new version of LOIC written in web programming language Javascript that allows anyone with a browser, including on a mobile phone, to launch attacks.

However, defences against the attacks were being drawn up as security firms scrutinise the code behind LOIC to work out how attacks happen. Some suggest that well-written firewall rules would be able to filter out most of the harmful traffic.

Criminal chain

Information is also starting to emerge about the other resources that supporters of Anonymous have been able to bring to bear. Research by security firm Panda suggests that some of the earlier attacks on payment firms were aided by hi-tech criminals.

Who are Anonymous?

‘Anonymous’ is commonly used to describe a leaderless collective of people who come together online, commonly to stage a protest.

The groups vary in size and make-up depending on the cause. Members often identify themselves in web videos by wearing the Guy Fawkes masks popularised by the book and film V for Vendetta.

Its protests often take the form of disrupting websites and services.

Its use of the term Anonymous comes from a series of websites frequented by members, such as the anarchic image board 4Chan.

These allow users to post without having to register or provide a name. As a result, their comments are tagged “Anonymous”.

In the past, groups have staged high-profile protests against plans by the Australian government to filter the internet and the Church of Scientology.

The latter spilled over into the real world with protests by masked members outside churches. An offshoot of Anonymous called Project Chanology focuses purely on this cause.

Many Anonymous protests tackle issues of free speech and preserving the openness of the net.

Call of Duty DDoS attack police arrest teen

A 17-year-old from Manchester has been arrested by the Metropolitan Police’s e-crime unit (PCeU) on suspicion of being behind a denial of service attack against the online game Call of Duty.

The teenager was arrested in the Beswick area of Manchester early on Thursday morning.

He is suspected of involvement in denial of service attacks which severely disrupted the online version of the game, and the playtime of many other players, in September. Distributed denial of service attacks are currently being used against the websites of Sarah Palin, Mastercard and other perceived “enemies of Wikileaks and Julian Assange”.

The game’s publisher, Activision, contacted police after the attacks.

The investigation by PCeU found the DDoS attack was made using a malicious program called “Phenom Booter”.

Police found the malware being offered for sale on a web forum for Call of Duty players to allow them to attack other players of the game and thereby improve their own scores.

Police tracked the server to the UK and finally via its IP number to Greater Manchester.

The 17-year-old is still in custody and has been arrested on suspicion of offences against the Computer Misuse Act.

DI Paul Hoare of the PCeU said online gaming was a major retail sector so software aimed at disrupting such games could have commercial implications for the companies concerned, and for their reputations.

He also said: “This type of crime can often be the precursor to further offending in more traditional areas of online crime.” ®

US Army: Judge Dredd smartgun in every squad from 2014

The US Army has confirmed plans to equip every infantry squad and special-forces team by 2014 with an XM-25 Judge Dredd style computer smartgun able to hit enemies hiding around corners or behind rocks etc.

A soldier aims an XM-25 smartgun. Credit: PEO SoldierA trench won’t do it nowadays.

The XM-25 has been widely covered in the media recently, despite the fact that the last piece of actual news regarding the futuristic weapon – that it would at long last be put in the hands of US combat troops, in Afghanistan – came back in October, as we here on the Reg crazy-guns desk reported at the time (getting the tip from the Soldier Systems blog). However we also mentioned it about six weeks later in our widely-read Thanksgiving crazy-guns-o-the-future feature – and shortly thereafter the XM-25’s Afghan deployment decision was in all the mainstream outlets as “news”.

Anyway, pleasingly the media attention has prompted the people at the US Army’s Program Executive Office – Soldier, in charge of the XM-25, to issue a clarification in which they enlarge somewhat on plans for the future.

According to PEO Soldier:

• Prototypes arrived in theater in Afghanistan in November.• The prototype weapons are being carried actively on patrols, and in various combat outposts. Soldier feedback at this stage will allow the Army to make engineering refinements to the system…

• The next phase for the XM25 program is to build a large quantity of production representative weapons and ammunition in 2011 to deploy into Afghanistan for further combat assessments.

• Finally, with testing complete and Army approvals in place, 12,500 systems will be produced and issued beginning in early 2014 – enough to support one per infantry squad and Special Forces Team.

Presumably the XM-25 will lose its “X” (experimental) designator at some point to become the M-25 in line service.

As regular readers will be well aware, the XM-25 shoots special, fat 25mm projectiles rather like a cross between ordinary rifle bullets and 40mm launched grenades. But the XM-25 rounds have an added special sauce: an extremely accurate time fuse which is set electronically by the gun’s systems at the moment of firing, permitting them to explode in midair at a precise distance from the muzzle.

The XM-25’s computing sight features an accurate rangefinding laser and corrects automatically for such variables as air temperature and pressure. This means that a user can ping a target feature – for instance a boulder behind which an enemy lurks – with the laser, then select an additional metre or two of range using a thumb control and raise his point of aim slightly.

The 25mm smartshell will thus fly over the boulder and explode just above the hidden enemy’s head, spraying him with deadly shrapnel. The same capability can be used to make rounds travel through shrubbery, windows, bunker entrances etc before exploding just where the user wants. And the XM-25 has a good bit more range than the M-4 carbines commonly carried by US troops, too, which should make it useful in the longer-distance gunfights often seen nowadays in Afghanistan.

Apart from the basic airburst shrapnel round, there are plans to produce various other specialist 25mm cartridges. PEO Soldier documents have mentioned an armour piercing variant – presumably intended for impact rather than airburst, and using a shaped-charge warhead – and non-lethal both airbursting and blunt. The airburst non-lethal would be a smaller version of the “flash bang” stun grenades popular with special-ops and police SWAT teams in hostage situations, and the blunt version a more ordinary plastic or rubber bullet.

Previously PEO Soldier had suggested that there might be some kind of shot or flechette round also, either scattering a cloud of small projectiles straight out of the end of the barrel like an everyday shotgun or CAWS – or airbursting downrange to deliver a pattern onto a selected area like a miniature artillery “beehive” shell. However, this is no longer mentioned in the latest version of the XM-25 factsheet.

Regular readers will also know that the imminent appearance of the amazing airburst computer-rifle has been predicted ever since the early 1990s, when it made its debut as part of the Objective Infantry Combat Weapon multishooter. But it is now, at last, in combat for real: so PEO Soldier’s vision of a US Army with an XM-25 smartgunner in every squad or A-team* may in fact come true beginning in 2014 as planned.

One does note, though, that just last year the date of initial mass issue was supposed to be 2012. ®

Bootnote

*The basic unit of the US Army Special Forces, aka Green Berets, nominally consisting of 12 men who sometimes split into two units of six. Presumably an A-team might have two XM-25s rather than one – or any other weapons it fancied, within reason.

Join in the Wikileaks DDoS war from your iPhone or iPad

The online “infowar” precipitated by the media circus surrounding Wikileaks and Julian Assange continues, with DDoS attacks occurring against a bewildering variety of websites assessed as having either aided or failed to aid the leak-publisher – or often merely for commenting on the brouhaha.

Meanwhile, interest has focused on the methods used to mount the DDoS attacks. It appears that in general most of the muscle is coming from botnets of the usual sort: ones made up of zombie machines infected with malware using the same methods as ordinary online criminals and spammers (and just as illegal).

However, some of the battling communities – for instance the loosely organised hacktivist collective Anonymous, aligned in support of Assange and Wikileaks – also use collaborative tools where supporters can voluntarily attach their machines to a botnet in order to assist with a DDoS attack. The preferred tools are usually some version of the Low Orbit Ion Cannon (LOIC) software. Machines running LOIC can then be controlled via IRC or some other channel (again the campaigners are aping criminals by using Twitter of late).

Downloading and installing LOIC (the code is freely available at such places as Sourceforge) is simple enough, but evidently off-putting enough that not many people are doing it. The LOIC hivemind net run by Anonymous has generally had only a few hundred machines in it, far too few to mount a serious DDoS, and most of the grunt has been delivered by larger malware-based botnets controlled by individual Anonymous members (just one reportedly containing more than 30 times as many machines as the anonops.net hivemind).

But in the last day or two, a new wrinkle has begun to gain prominence. It is now possible to visit a webpage which will convert your browser into a pocket LOIC instance, delivering DDoS packets from whatever device you are using to browse – not necessarily even a computer.

As Panda Labs analyst Sean-Paul Correll notes:

Only a browser is needed, so you can even launch the attack from your fone, I just tested it with my iPhone … Of course I tested that it was real and worked, but I didn’t send any attack out.

Such a webpage will typically give you the option of adjusting how many requests per second to send to the target website (handy in the case of a phone or perhaps a fondle-slablet device with a limited data package and/or bandwidth) and allow you to attach an insulting message of your own devising.

This would appear to be rather less sophisticated than a proper IRC or Twitter-controlled LOIC install, but has the merit of being simpler. Whether this tremendously simple way of joining in botnets will finally mobilise large numbers of pro- or anti-Wikileaks vigilantes remains to be seen. For now, it appears that the effective DDoS attacks – and other more sophisticated meddling going on – are emanating from relatively small numbers of people.

It would seem that in general most people are aware how relatively unimportant and easily replaceable a part Julian Assange and Wikileaks have played in the release of the classified US files, which continue to mildly interest the outside world. ®

Bootnote
1) Reader be warned: Participating willingly in a DDoS attack is a crime in many countries. Even if this doesn’t bother you, you download software and visit webpages of this sort at your own significant risk: campaigners on both sides have shown little in the way of scruples, and ordinary criminal scammers are now exploiting the situation too.

Daniel Schmitt Interview by Der Spiegel

Daniel Schmitt Interview by Der Spiegel

Der Spiegel, 26 September 2010. Translation by Babelfish, massaged by Cryptome.
Original pages, in German, excerpted from purchased Der Spiegel issue.
“For me only withdrawal is left”

The German WikiLeaks spokesperson Daniel Schmitt, 32, on his disgreement with with Julian Assange, the founder of the leaks platform, his exit from the organization – and his correct name

DER SPIEGEL: Mr. Schmitt, WikiLeaks and you for several weeks could not be reached by email. What is the matter?

Schmitt: There are technical problems and nobody worries about them. WikiLeaks is in a phase of significant change. We have been insane in the last months due to rapid growth and we need to urgently to see that all matters become more transparent. This development is blocked internally. Even to me it is no longer clear how we make decisions, provide answers to questions and other matters. Because of high pressure since the publication of the American military documents, we are trying to convert the organization to respond to new conditions. That means that not everythng is working and resolved correctly. All this is making excessive demands on the project.

DER SPIEGEL: Is that only your view or does everyone involved see it that way?

Schmitt: That is one of the internal points at issue, but there are others. WikiLeaks was for example always discrimination-free in what we published. We have received minor submissions, only important locally, which were always treated exactly the same as major documents whether they were nationally or are even internationally important.

DER SPIEGEL: Why don’t you publish both?

Schmitt: We would gladly have done that, but unfortunately we are in a dead end. I tried several times to open up the dead end, but Julian Assange has reacted to each criticism with the accusation that I was refusing to obey and disloyal to the project. Four weeks ago he suspended me — a single person as prosecutor, judge and executioner. Since then for example I have had no access to my WikiLeaks mail. Thus much work remains undone, and other tools needed for the work are blocked. I know that nobody from our core team agreed with this. But the core team seems to play no role. WikiLeaks has a structural problem. For me without an answer to that problem I must leave the project.

DER SPIEGEL: Why has your controversy with Assange escalated?

Schmitt: We all had insane stress in the last months. Errors happen and can be corrected so long as one learns from them. But they must be admitted to be corrected. Above all it seems that confidence has been lost and we are at a stand still.

DER SPIEGEL: Assange says you questioned the power and guidance from WikiLeaks to do what you wanted.

Schmitt: From my point of view it was not struggle for power, it was not about personal interests, but about our organization and its development. Why he sees that differently, only he knows.

DER SPIEGEL: Nevertheless you have also suggested and advised, because of the rape accusations which have been made against him in Sweden, for him to withdraw from the public.

Schmitt: The investigations against Julian in Sweden are from my point of view a personal attack on him and it has nothing directly to do with WikiLeaks. All this costs to time and energy, and it adds to our burden. From my point of view it would have been best if these matters were handled privately in the background, to clarify and resolve them peacefully. It would have been nothing against him if resolved in the background and our work continued normally. That was my internal proposal but obviously he saw it as an attack on his role.

DER SPIEGEL: How does it continue now?

Schmitt: I worked on WikiLeaks because I believed the idea correct and important. We tried several times with Julian to talk over and address all questions without success. I have given more than hundred interviews with world media, handled finances in Germany coordinated and cooperated on publications. Now I pull back from the project and hand my tasks over – to whomever remains.

DER SPIEGEL: Who do you mean by them of “we talk?”

Schmitt: A handful of the people from the core team, which see the situation similar to me, but do not want to go public with action. A majority of the work by people, that made anonymously, will likely continue. Because of disagreements I need to step out.

DER SPIEGEL: They leaves the project in a critical phase. Do you fear that many Internet activists will accuse you of betrayal?

Schmitt: I am aware of that, and you can assume I deeply considered this step for a long time. Nevertheless I have put in the past years very much time, money and energy into WikiLeaks. But because of that I must be able to be publicly accountable. Therefore this remains for me momentarily only a temporary withdrawal.

DER SPIEGEL: Which exactly do you no longer want to represent?

Schmitt: We promise for example everything from our sources will be published. We have concentrated lately however only on the big topics and practically all our resources are used for that, for example on the Afghanistan documents of the US army at the end of July. The video of the air strike in Bagdad from the year 2007, “Collateral Murder,” was an extreme demonstration of our growth. At the same time we have dozens of other documents we can publish. And due to our increased publicity in the last half year very much new material has been received that needs to be urgently worked on and published.

DER SPIEGEL: By the publication of the secret Afghanistan reports, also by DER SPIEGEL, you have come into conflict with the world power of the USA. Washington threatens you with prosecution because of espionage, WikiLeaks supporters have been contacted by the FBI. Bradley Manning, one of your alleged informants, sits in the prison. Are you afraid of great public pressure?

Schmitt: No, public pressure is part of the endeavor. But this direct confrontation with the USA is not what we intended. We were always against corruption and abuse, to uncover the exercise of power wherever that takes place, whether in a small location generally speaking or the whole world.

DER SPIEGEL: Which does it mean for the organization if after Assange the its most well-known public face is discharged? Is the future of WikiLeaks endangered?

Schmitt: That I do not believe. For WikiLeaks is very important idea. There is a large number of new people in Sweden and Great Britain, and I hope that they all will work together at something meaningful. I believe in the concept with which we began and I am confident that it will survive.

DER SPIEGEL: Must persons who submit material fear for its protection if now a part of the WikiLeaks crew leaves?

Schmitt: From my point of view material and all donated funds should remain with WikiLeaks, because both are explicitly protected in how the project worked. There are alos internally different opinions, in particular with ours technicians. We can however depend on everyone to guarantee that a clean publicaton takes place.

DER SPIEGEL: They have their job with WikiLeaks to continue. And how does it go further for you?

Schmitt: I will contribute to the effort that the idea of a decentralized leak platform not go down. On that I will now work. It in all other respects our earlier common convictions remain: In the end there must be a thousand WikiLeaks.

DER SPIEGEL: You have always spoken for WikiLeaks as “Daniel Schmitt.” What is your real name?

Schmitt: It probably time to stop hiding my name and attach my real name to my opinions. My real name is Daniel Domscheit-Berg.

INTERVIEW: MARCEL ROSENBACH, HOLGER STARK

Daniel Berg on Linkedin:

http://de.linkedin.com/pub/daniel-berg/3/610/663 (more at the link)

[Image]

A sends:

Anke Domscheit and Daniel Berg are married in July 2010.

Anke Domscheit-Berg is Director Government Relations at Microsoft Germany in Berlin.

Daniel and Anke supporting the Icelandic Modern Media Initiative:

# 194. daniel berg, germany
# 196. Anke Domscheit-Berg, Germany

Wikileaks insiders break away from ‘Emperor’ Assange

OpenLeaks opens on Monday.

Fed up with what they perceive as autocratic leadership, former members of St Julian d’Assange’s core inner circle at WikiLeaks will start a breakaway site on Monday called OpenLeaks. The site will act as an intermediary between whistleblowers and the press, reports Dagens Nyheter.

Defectors include Daniel Domscheit-Berg, otherwise known as Daniel Schmitt, who made a high-profile exit from WikiLeaks in September, and Herbert Snorrason, an Icelandic student. Both resigned in September. Snorrason is quoted as telling Assange, in an online chat log acquired by WiReD:

And you’re not even fulfilling your role as a leader right now. A leader communicates and cultivates trust in himself. You are doing the exact opposite. You behave like some kind of emperor or slave trader.

Snorrason’s departure was fomented by this declaration from Assange:

I am the heart and soul of this organization, its founder, philosopher, spokesperson, original coder, organizer, financier and all the rest. If you have a problem with me, piss off.

And he did.

According to the Swedish newspaper, the former inner circle “were dissatisfied with the operation’s association with Assange’s personal problems and how he used the organisation in his explanation of the criminal charges.”

Assange handed himself in to police earlier this week, and is remanded in London pending an extradition hearing next week following a request from the Swedish authorities which want to speak to him in relation to two alleged sexual offences. ®

Dutch Police Arrest 16yr-old WikiLeaks Avenger

Dutch police said they have arrested a 16-year-old boy for participating in web attacks against MasterCard and Visa as part of a grassroots push to support WikiLeaks.

A press release issued on Thursday (Google translation here) said the unnamed boy confessed to the distributed denial-of-service attacks after his computer gear was seized.

He was arrested in The Hague, and is scheduled to be arraigned before a judge in Rotterdam on Friday. It is the first known report of an arrest in the ongoing attacks, which started earlier this week.

The arrest came shortly after anonops.net, a Netherlands-hosted website used to coordinate attacks against companies perceived as harming WikiLeaks, was taken offline. A Panda Security researcher said the website was itself the victim of DDoS attacks, but the investigation by the Dutch High Tech Crime Team has also involved “digital data carriers,” according to the release.

It didn’t specify the crimes the boy was charged with or say exactly what his involvement in the attacks was.

According to researchers, the Low Orbit Ion Cannon tool, which thousands of WikiLeaks sympathizers are using to unleash the DDoS attacks, takes no steps to conceal their IP addresses. It wouldn’t be surprising if attackers who used the application from internet connections at their home or work also receive a call from local law enforcement agencies. ®

Ballmer Proposed $15bn Facebook Acquisition

Microsoft’s reported to have conceded it once tried to buy Mark Zuckerberg’s Facebook for $15bn.

Steve Ballmer, Microsoft’s chief executive, made two trips meet Zuckerberg at the company’s HQ in Palo Alto, California, where he popped the proposal during a long walk.

The tease Zuckerberg rebuffed Ballmer, as he wanted to keep control of Facebook according to a report here on TechCrunch.

Microsoft instead settled for a $240m investment in Facebook in October 2007, giving it 1.6 per cent of the company and the “opportunity to further collaborate as advertising partners.” Facebook at the time was calculated to be headed towards revenue of $150m.

Fritz Lanman, Microsoft’s senior director of corporate strategy and acquisitions, detailed the story on stage during discussion at the Le Web 2010 in Paris, France.

Lanman is the first person from Microsoft to confirm the company had tried to buy Facebook, a tale first told in David Kirkpatrick’s book The Facebook Effect.

Today, Microsoft has added Facebook to its Bing search engine and offered a version of web-based Word to Facebook users that’s called Docs.com.

You can soak up the full account of what went down on the long but frustrating walk here. ®

Gunshot Sensors Used in UK for First Time

Sensors which can detect gunshots being fired have been installed in areas of Birmingham.
Pistol

The scheme has been used in 50 US cities since 1995

It is the first time the Shotspotter Gunshot Location System has been installed in the UK.

It has been used across 50 US cities since 1995 and can pick up gunshots within a 25 metre (82ft) radius.

West Midlands Police say the sensors had been placed on high buildings mainly in northwestern areas of the city.

Project Safe And Sound records an audio clip and sends police a GPS location.

A specially trained police officer listens to the clip to decide whether a firearms team should be deployed.

A spokesman for West Midlands Police said: “The technology is designed to detect the sound of gunshot fire and will enable police to despatch officers to the scene in a timely and effective manner.

“The technology is not surveillance equipment and does not monitor or record actions or movements of individuals within the community.

“The overall aim of the project is to reduce gun crime and potentially save lives.”

CCTV cameras

CCTV cameras had to be scrapped after local residents were not consulted

The system can detect whether multiple shots were fired and whether they were fired on the move.

The manufacturers claim an 85% accuracy rate.

Residents have been consulted about the scheme which will include the Aston and Handsworth areas of the city where gun crime has been a problem in the past.

Last month the force agreed to scrap surveillance cameras installed in parts of the city with large Muslim populations after they failed to consult local people.

Police are not revealing exactly where the sensors have been placed or what they look like.

They maintain that there is no surveillance issue because the sensors record decibels and not individual voices.

WikiLeaks supporters milk Twitter API in DDoS attacks

WikiLeaks supporters are milking Twitter’s application programming interface to carry out attacks that have led to crippling slowdowns at MasterCard.com, Visa.com and other websites that cut off funding to the whistle-blower outfit.

A relatively new Java-based version of the Low Orbit Ion Cannon, which protesters use to direct torrents of traffic at sites they disapprove of, allows users to specify a Master Twitter ID, according to a Thursday post on the Sans blog. It’s the first time the point-and-click attack tool has included the Twitter field, security researchers said.

“The Twitter angle in this application piqued my interest,” Sans handler on Duty, Mark Hofman, wrote. “It is using the Twitter API in a new and creative way, certainly one that hadn’t readily occurred to me.”

He didn’t say exactly what JavaLOIC did with Twitter’s API, but Jose Nazario, senior manager of security research at Arbor Networks, speculated it probably coordinated the timing and targets of attacks. If so, it wouldn’t be the first time Twitter has been used as a command and control channel for corralling large networks of PCs. There are even tools available to streamline the configuration of Twitter-based C&Cs.

Sophos has more more additional details about LOIC, including its Twitter feature, here.

Other versions of LOIC use internet relay chat channels to coordinate attacks. Volunteers install the program and then enter the address of an IRC server. From there, organizers are able to instruct thousands of machines to march in lock step as they attack websites. The ability to turn on and off huge amounts of traffic quickly makes the attacks much harder to defend against.

Sean-Paul Correll, a threat researcher with Panda Security, said at the height of the attacks on Wednesday, there were more there 3,000 machines participating in LOIC-based attacks against MasterCard, Visa, PayPal and other sites that cut off services used to fund WikiLeaks. He also observed independent botnets with as many as 30,000 compromised computers also participating in the attacks.

The attacks have wreaked a fair amount of damage. By Correll’s estimate, MasterCard has suffered more than 32 hours of downtime since Tuesday, with 23 of those hours being almost continuous. Parts of Visa’s site saw more than 21 hours of downtime. The most crippling attack on Visa started a little before 1pm California time on Wednesday, when organizers transmitted a command over IRC to flood the site with more traffic than it could handle.

“It was down instantly,” he told The Register. “As soon as they started pointing the servers over to it, it was toast.”

Visa and MasterCard representatives have said no customer data has been accessed as a result of the attacks, and transactions have been able to go normally. Still, it was widely reported that MasterCard’s Securecode service for secure online transactions was offline for much of Wednesday.

Nazario said as the attacks have progressed many have begun attacking targets’ backend servers, where damage is often more severe despite it being less obvious to outside observers.

“If you can’t load the Visa homepage, so what,” he explained. “But if the backend for some of these sites is down, where it integrates with other vendors or other sites, then they have a problem. That’s what [the attackers] seem to be trying to do now as a way of shutting down their ability to take and make payments.”

WikiLeaks sympathizers aren’t the only ones getting into the denial-of-service game. Anonops.net, a site used to by organizers of the attacks, was itself taken down on Wednesday night, Correll said. At time of writing, it was inaccessible. ®