STE WILLIAMS

Anonymous Wikileaks supporters mull change in tactics

‘Coldblood’, a member of the group Anonymous, tells Jane Wakefield why he views its attacks on Visa and Mastercard as defence of Wikileaks.

Web attacks carried out in support of Wikileaks are being wound down as activists consider changing tactics.

Attacks against Amazon were called off late on 9 December and re-directed towards net payments firm Paypal.

Analysis suggests the earlier attacks were made more effective by the involvement of hi-tech criminals.

At the same time one wing of the activist group suggested ditching the attacks and doing more to publicise what is in the leaked cables.

Site saving

The attacks have been carried out using a tool, called LOIC, that allows people to bombard a site of their choosing with data or let the target be chosen by those running the Anonymous campaign.

Luis Corrons, technical director of Panda Labs, said during its investigation of Anonymous’ attacks its analysts got talking to some of the activists via Internet Relay Chat (IRC).

One of those activists said he had a botnet of 30,000 machines under his control that he was planning to use on behalf of Wikileaks.

“The guy said he had this botnet which was nothing special and was not specifically designed to do these attacks but could be used to do them,” said Mr Corrons.

A botnet is a network of hijacked home computers that have been compromised by their owners visiting a booby-trapped webpage that installs code to hand over control to a hi-tech criminal.

Mr Corrons said a botnet with 30,000 machines in it was “about average size”. Most of the spam sent around the net is funnelled through machines that are in botnets.

It was becoming clear, he said, that some attacks were aided by the 30,000 machines under the cyber criminals control.

“We know for sure the botnet was used in at least one attack on Paypal,” he said.

Panda itself has come under attack with its blog knocked offline for hours by an attack very similar to those Anonymous has been carrying out. Mr Corrons said that, so far, it did not why it was being attacked or who was attacking it.

Fresh leaks

There are also suggestions that the Anonymous group might be about to drop the web attacks in favour of another tactic.

A message posted on the 4chan image board, out of which Anonymous has grown, suggests dropping LOIC in favour of publicising information in the diplomatic cables that Wikileaks is releasing.

Searching for the less-well publicised cables and spreading the information they contain around the web could be more effective than simply knocking out sites deemed to be enemies of Wikileaks, it said.

The message also suggests using misleading tags on posts and YouTube videos to trick people into reading or viewing the information.

“They don’t fear the LOIC, they fear exposure,” read the message.

It is not yet clear if the call to change tactics has been taken up by the Anonymous group at large.

In related news, Wikileaks looks set to have a rival as former staffers of the whistle-blowing website prepare to launch. Set up by Daniel Domscheit-Berg, Open Leaks is expected to launch in mid_December and will host and post information leaked to it.

Is taking part in these attacks illegal?

The short answer is yes, according to Struan Robertson, legal director at law firm Pinsent Masons.

He told the BBC that in the UK, taking part in the attacks would be a breach of the Computer Misuse Act.

He said that anyone found guilty of taking part could face “up to ten years imprisonment”.

“Even downloading the [software] tools to assist in committing these attacks… are themselves guilty of an offence,” he said.

He said this could carry a sentence of up to two years in the UK.

Different countries will have different laws and penalties.

However, security expert Peter Wood said that in practice it would be very difficult to track down the people involved because the attacks used “anonymising software” to hid their tracks online.

The tool launches what is known as a distributed denial of service (DDoS) attack which tries to knock a website offline by bombarding it with so much data that it cannot respond.

The LOIC tool has been downloaded more than 46,000 times but, said Anonymous activists in a tweet, this did not translate into enough people using it to knock the retail giant off the web.

Instead, the attack was re-directed towards Paypal and its computer systems which, according to a status page, has intermittently suffered “performance issues” ever since.

Early on 10 December Moneybookers was chosen as the next target and its site was occasionally unreachable from about 1100 GMT.

The chances of success could be boosted by a new version of LOIC written in web programming language Javascript that allows anyone with a browser, including on a mobile phone, to launch attacks.

However, defences against the attacks were being drawn up as security firms scrutinise the code behind LOIC to work out how attacks happen. Some suggest that well-written firewall rules would be able to filter out most of the harmful traffic.

Criminal chain

Information is also starting to emerge about the other resources that supporters of Anonymous have been able to bring to bear. Research by security firm Panda suggests that some of the earlier attacks on payment firms were aided by hi-tech criminals.

Who are Anonymous?

‘Anonymous’ is commonly used to describe a leaderless collective of people who come together online, commonly to stage a protest.

The groups vary in size and make-up depending on the cause. Members often identify themselves in web videos by wearing the Guy Fawkes masks popularised by the book and film V for Vendetta.

Its protests often take the form of disrupting websites and services.

Its use of the term Anonymous comes from a series of websites frequented by members, such as the anarchic image board 4Chan.

These allow users to post without having to register or provide a name. As a result, their comments are tagged “Anonymous”.

In the past, groups have staged high-profile protests against plans by the Australian government to filter the internet and the Church of Scientology.

The latter spilled over into the real world with protests by masked members outside churches. An offshoot of Anonymous called Project Chanology focuses purely on this cause.

Many Anonymous protests tackle issues of free speech and preserving the openness of the net.

Join in the Wikileaks DDoS war from your iPhone or iPad

The online “infowar” precipitated by the media circus surrounding Wikileaks and Julian Assange continues, with DDoS attacks occurring against a bewildering variety of websites assessed as having either aided or failed to aid the leak-publisher – or often merely for commenting on the brouhaha.

Meanwhile, interest has focused on the methods used to mount the DDoS attacks. It appears that in general most of the muscle is coming from botnets of the usual sort: ones made up of zombie machines infected with malware using the same methods as ordinary online criminals and spammers (and just as illegal).

However, some of the battling communities – for instance the loosely organised hacktivist collective Anonymous, aligned in support of Assange and Wikileaks – also use collaborative tools where supporters can voluntarily attach their machines to a botnet in order to assist with a DDoS attack. The preferred tools are usually some version of the Low Orbit Ion Cannon (LOIC) software. Machines running LOIC can then be controlled via IRC or some other channel (again the campaigners are aping criminals by using Twitter of late).

Downloading and installing LOIC (the code is freely available at such places as Sourceforge) is simple enough, but evidently off-putting enough that not many people are doing it. The LOIC hivemind net run by Anonymous has generally had only a few hundred machines in it, far too few to mount a serious DDoS, and most of the grunt has been delivered by larger malware-based botnets controlled by individual Anonymous members (just one reportedly containing more than 30 times as many machines as the anonops.net hivemind).

But in the last day or two, a new wrinkle has begun to gain prominence. It is now possible to visit a webpage which will convert your browser into a pocket LOIC instance, delivering DDoS packets from whatever device you are using to browse – not necessarily even a computer.

As Panda Labs analyst Sean-Paul Correll notes:

Only a browser is needed, so you can even launch the attack from your fone, I just tested it with my iPhone … Of course I tested that it was real and worked, but I didn’t send any attack out.

Such a webpage will typically give you the option of adjusting how many requests per second to send to the target website (handy in the case of a phone or perhaps a fondle-slablet device with a limited data package and/or bandwidth) and allow you to attach an insulting message of your own devising.

This would appear to be rather less sophisticated than a proper IRC or Twitter-controlled LOIC install, but has the merit of being simpler. Whether this tremendously simple way of joining in botnets will finally mobilise large numbers of pro- or anti-Wikileaks vigilantes remains to be seen. For now, it appears that the effective DDoS attacks – and other more sophisticated meddling going on – are emanating from relatively small numbers of people.

It would seem that in general most people are aware how relatively unimportant and easily replaceable a part Julian Assange and Wikileaks have played in the release of the classified US files, which continue to mildly interest the outside world. ®

Bootnote
1) Reader be warned: Participating willingly in a DDoS attack is a crime in many countries. Even if this doesn’t bother you, you download software and visit webpages of this sort at your own significant risk: campaigners on both sides have shown little in the way of scruples, and ordinary criminal scammers are now exploiting the situation too.

Daniel Schmitt Interview by Der Spiegel

Daniel Schmitt Interview by Der Spiegel

Der Spiegel, 26 September 2010. Translation by Babelfish, massaged by Cryptome.
Original pages, in German, excerpted from purchased Der Spiegel issue.
“For me only withdrawal is left”

The German WikiLeaks spokesperson Daniel Schmitt, 32, on his disgreement with with Julian Assange, the founder of the leaks platform, his exit from the organization – and his correct name

DER SPIEGEL: Mr. Schmitt, WikiLeaks and you for several weeks could not be reached by email. What is the matter?

Schmitt: There are technical problems and nobody worries about them. WikiLeaks is in a phase of significant change. We have been insane in the last months due to rapid growth and we need to urgently to see that all matters become more transparent. This development is blocked internally. Even to me it is no longer clear how we make decisions, provide answers to questions and other matters. Because of high pressure since the publication of the American military documents, we are trying to convert the organization to respond to new conditions. That means that not everythng is working and resolved correctly. All this is making excessive demands on the project.

DER SPIEGEL: Is that only your view or does everyone involved see it that way?

Schmitt: That is one of the internal points at issue, but there are others. WikiLeaks was for example always discrimination-free in what we published. We have received minor submissions, only important locally, which were always treated exactly the same as major documents whether they were nationally or are even internationally important.

DER SPIEGEL: Why don’t you publish both?

Schmitt: We would gladly have done that, but unfortunately we are in a dead end. I tried several times to open up the dead end, but Julian Assange has reacted to each criticism with the accusation that I was refusing to obey and disloyal to the project. Four weeks ago he suspended me — a single person as prosecutor, judge and executioner. Since then for example I have had no access to my WikiLeaks mail. Thus much work remains undone, and other tools needed for the work are blocked. I know that nobody from our core team agreed with this. But the core team seems to play no role. WikiLeaks has a structural problem. For me without an answer to that problem I must leave the project.

DER SPIEGEL: Why has your controversy with Assange escalated?

Schmitt: We all had insane stress in the last months. Errors happen and can be corrected so long as one learns from them. But they must be admitted to be corrected. Above all it seems that confidence has been lost and we are at a stand still.

DER SPIEGEL: Assange says you questioned the power and guidance from WikiLeaks to do what you wanted.

Schmitt: From my point of view it was not struggle for power, it was not about personal interests, but about our organization and its development. Why he sees that differently, only he knows.

DER SPIEGEL: Nevertheless you have also suggested and advised, because of the rape accusations which have been made against him in Sweden, for him to withdraw from the public.

Schmitt: The investigations against Julian in Sweden are from my point of view a personal attack on him and it has nothing directly to do with WikiLeaks. All this costs to time and energy, and it adds to our burden. From my point of view it would have been best if these matters were handled privately in the background, to clarify and resolve them peacefully. It would have been nothing against him if resolved in the background and our work continued normally. That was my internal proposal but obviously he saw it as an attack on his role.

DER SPIEGEL: How does it continue now?

Schmitt: I worked on WikiLeaks because I believed the idea correct and important. We tried several times with Julian to talk over and address all questions without success. I have given more than hundred interviews with world media, handled finances in Germany coordinated and cooperated on publications. Now I pull back from the project and hand my tasks over – to whomever remains.

DER SPIEGEL: Who do you mean by them of “we talk?”

Schmitt: A handful of the people from the core team, which see the situation similar to me, but do not want to go public with action. A majority of the work by people, that made anonymously, will likely continue. Because of disagreements I need to step out.

DER SPIEGEL: They leaves the project in a critical phase. Do you fear that many Internet activists will accuse you of betrayal?

Schmitt: I am aware of that, and you can assume I deeply considered this step for a long time. Nevertheless I have put in the past years very much time, money and energy into WikiLeaks. But because of that I must be able to be publicly accountable. Therefore this remains for me momentarily only a temporary withdrawal.

DER SPIEGEL: Which exactly do you no longer want to represent?

Schmitt: We promise for example everything from our sources will be published. We have concentrated lately however only on the big topics and practically all our resources are used for that, for example on the Afghanistan documents of the US army at the end of July. The video of the air strike in Bagdad from the year 2007, “Collateral Murder,” was an extreme demonstration of our growth. At the same time we have dozens of other documents we can publish. And due to our increased publicity in the last half year very much new material has been received that needs to be urgently worked on and published.

DER SPIEGEL: By the publication of the secret Afghanistan reports, also by DER SPIEGEL, you have come into conflict with the world power of the USA. Washington threatens you with prosecution because of espionage, WikiLeaks supporters have been contacted by the FBI. Bradley Manning, one of your alleged informants, sits in the prison. Are you afraid of great public pressure?

Schmitt: No, public pressure is part of the endeavor. But this direct confrontation with the USA is not what we intended. We were always against corruption and abuse, to uncover the exercise of power wherever that takes place, whether in a small location generally speaking or the whole world.

DER SPIEGEL: Which does it mean for the organization if after Assange the its most well-known public face is discharged? Is the future of WikiLeaks endangered?

Schmitt: That I do not believe. For WikiLeaks is very important idea. There is a large number of new people in Sweden and Great Britain, and I hope that they all will work together at something meaningful. I believe in the concept with which we began and I am confident that it will survive.

DER SPIEGEL: Must persons who submit material fear for its protection if now a part of the WikiLeaks crew leaves?

Schmitt: From my point of view material and all donated funds should remain with WikiLeaks, because both are explicitly protected in how the project worked. There are alos internally different opinions, in particular with ours technicians. We can however depend on everyone to guarantee that a clean publicaton takes place.

DER SPIEGEL: They have their job with WikiLeaks to continue. And how does it go further for you?

Schmitt: I will contribute to the effort that the idea of a decentralized leak platform not go down. On that I will now work. It in all other respects our earlier common convictions remain: In the end there must be a thousand WikiLeaks.

DER SPIEGEL: You have always spoken for WikiLeaks as “Daniel Schmitt.” What is your real name?

Schmitt: It probably time to stop hiding my name and attach my real name to my opinions. My real name is Daniel Domscheit-Berg.

INTERVIEW: MARCEL ROSENBACH, HOLGER STARK

Daniel Berg on Linkedin:

http://de.linkedin.com/pub/daniel-berg/3/610/663 (more at the link)

[Image]

A sends:

Anke Domscheit and Daniel Berg are married in July 2010.

Anke Domscheit-Berg is Director Government Relations at Microsoft Germany in Berlin.

Daniel and Anke supporting the Icelandic Modern Media Initiative:

# 194. daniel berg, germany
# 196. Anke Domscheit-Berg, Germany

Wikileaks insiders break away from ‘Emperor’ Assange

OpenLeaks opens on Monday.

Fed up with what they perceive as autocratic leadership, former members of St Julian d’Assange’s core inner circle at WikiLeaks will start a breakaway site on Monday called OpenLeaks. The site will act as an intermediary between whistleblowers and the press, reports Dagens Nyheter.

Defectors include Daniel Domscheit-Berg, otherwise known as Daniel Schmitt, who made a high-profile exit from WikiLeaks in September, and Herbert Snorrason, an Icelandic student. Both resigned in September. Snorrason is quoted as telling Assange, in an online chat log acquired by WiReD:

And you’re not even fulfilling your role as a leader right now. A leader communicates and cultivates trust in himself. You are doing the exact opposite. You behave like some kind of emperor or slave trader.

Snorrason’s departure was fomented by this declaration from Assange:

I am the heart and soul of this organization, its founder, philosopher, spokesperson, original coder, organizer, financier and all the rest. If you have a problem with me, piss off.

And he did.

According to the Swedish newspaper, the former inner circle “were dissatisfied with the operation’s association with Assange’s personal problems and how he used the organisation in his explanation of the criminal charges.”

Assange handed himself in to police earlier this week, and is remanded in London pending an extradition hearing next week following a request from the Swedish authorities which want to speak to him in relation to two alleged sexual offences. ®

Dutch Police Arrest 16yr-old WikiLeaks Avenger

Dutch police said they have arrested a 16-year-old boy for participating in web attacks against MasterCard and Visa as part of a grassroots push to support WikiLeaks.

A press release issued on Thursday (Google translation here) said the unnamed boy confessed to the distributed denial-of-service attacks after his computer gear was seized.

He was arrested in The Hague, and is scheduled to be arraigned before a judge in Rotterdam on Friday. It is the first known report of an arrest in the ongoing attacks, which started earlier this week.

The arrest came shortly after anonops.net, a Netherlands-hosted website used to coordinate attacks against companies perceived as harming WikiLeaks, was taken offline. A Panda Security researcher said the website was itself the victim of DDoS attacks, but the investigation by the Dutch High Tech Crime Team has also involved “digital data carriers,” according to the release.

It didn’t specify the crimes the boy was charged with or say exactly what his involvement in the attacks was.

According to researchers, the Low Orbit Ion Cannon tool, which thousands of WikiLeaks sympathizers are using to unleash the DDoS attacks, takes no steps to conceal their IP addresses. It wouldn’t be surprising if attackers who used the application from internet connections at their home or work also receive a call from local law enforcement agencies. ®

WikiLeaks supporters milk Twitter API in DDoS attacks

WikiLeaks supporters are milking Twitter’s application programming interface to carry out attacks that have led to crippling slowdowns at MasterCard.com, Visa.com and other websites that cut off funding to the whistle-blower outfit.

A relatively new Java-based version of the Low Orbit Ion Cannon, which protesters use to direct torrents of traffic at sites they disapprove of, allows users to specify a Master Twitter ID, according to a Thursday post on the Sans blog. It’s the first time the point-and-click attack tool has included the Twitter field, security researchers said.

“The Twitter angle in this application piqued my interest,” Sans handler on Duty, Mark Hofman, wrote. “It is using the Twitter API in a new and creative way, certainly one that hadn’t readily occurred to me.”

He didn’t say exactly what JavaLOIC did with Twitter’s API, but Jose Nazario, senior manager of security research at Arbor Networks, speculated it probably coordinated the timing and targets of attacks. If so, it wouldn’t be the first time Twitter has been used as a command and control channel for corralling large networks of PCs. There are even tools available to streamline the configuration of Twitter-based C&Cs.

Sophos has more more additional details about LOIC, including its Twitter feature, here.

Other versions of LOIC use internet relay chat channels to coordinate attacks. Volunteers install the program and then enter the address of an IRC server. From there, organizers are able to instruct thousands of machines to march in lock step as they attack websites. The ability to turn on and off huge amounts of traffic quickly makes the attacks much harder to defend against.

Sean-Paul Correll, a threat researcher with Panda Security, said at the height of the attacks on Wednesday, there were more there 3,000 machines participating in LOIC-based attacks against MasterCard, Visa, PayPal and other sites that cut off services used to fund WikiLeaks. He also observed independent botnets with as many as 30,000 compromised computers also participating in the attacks.

The attacks have wreaked a fair amount of damage. By Correll’s estimate, MasterCard has suffered more than 32 hours of downtime since Tuesday, with 23 of those hours being almost continuous. Parts of Visa’s site saw more than 21 hours of downtime. The most crippling attack on Visa started a little before 1pm California time on Wednesday, when organizers transmitted a command over IRC to flood the site with more traffic than it could handle.

“It was down instantly,” he told The Register. “As soon as they started pointing the servers over to it, it was toast.”

Visa and MasterCard representatives have said no customer data has been accessed as a result of the attacks, and transactions have been able to go normally. Still, it was widely reported that MasterCard’s Securecode service for secure online transactions was offline for much of Wednesday.

Nazario said as the attacks have progressed many have begun attacking targets’ backend servers, where damage is often more severe despite it being less obvious to outside observers.

“If you can’t load the Visa homepage, so what,” he explained. “But if the backend for some of these sites is down, where it integrates with other vendors or other sites, then they have a problem. That’s what [the attackers] seem to be trying to do now as a way of shutting down their ability to take and make payments.”

WikiLeaks sympathizers aren’t the only ones getting into the denial-of-service game. Anonops.net, a site used to by organizers of the attacks, was itself taken down on Wednesday night, Correll said. At time of writing, it was inaccessible. ®

Hacker Attack WikiLeaks foes

LONDON — In a campaign that had some declaring the start of a “cyberwar,” hundreds of Internet activists mounted retaliatory attacks on Wednesday on the Web sites of multinational companies and other organizations they deemed hostile to the WikiLeaks antisecrecy organization and its jailed founder, Julian Assange.

Within 12 hours of a British judge’s decision to deny Mr. Assange bail in a Swedish extradition case, attacks on the Web sites of WikiLeaks’s “enemies,” as defined by the organization’s impassioned supporters around the world, caused several corporate Web sites to become inaccessible or slow down markedly.

Targets of the attacks, in which activists overwhelmed the sites with traffic, included the Web site of MasterCard, which had stopped processing donations for WikiLeaks; Amazon.com, which revoked the use of its computer servers; and PayPal, which stopped accepting donations for Mr. Assange’s group. Visa.com was also affected by the attacks, as were the Web sites of the Swedish prosecutor’s office and the lawyer representing the two women whose allegations of sexual misconduct are the basis of Sweden’s extradition bid.

On Thursday, Gregg Housh, an activist with the loosely affiliated group of so-called hacktivists, said the group was redoubling its efforts to bring down PayPal, which is better protected than some other sites. The assertion was backed up by an independent security analyst who closely monitors the Internet and saw evidence of the onslaught.

No other major Web sites appeared to be suffering disruptions in service early Thursday, however, suggesting that the economic impact of the attacks was limited.

The Internet assaults underlined the growing reach of self-described “cyberanarchists,” antigovernment and anticorporate activists who have made an icon of Mr. Assange, a 39-year-old Australian.

The speed and range of the attacks Wednesday appeared to show the resilience of the backing among computer activists for Mr. Assange, who has appeared increasingly isolated in recent months amid the furor stoked by WikiLeaks’s posting of hundreds of thousands of secret Pentagon documents on the wars in Afghanistan and Iraq.

Mr. Assange has come under renewed attack in the past two weeks for posting the first tranche of a trove of 250,000 secret State Department cables that have exposed American diplomats’ frank assessments of relations with many countries, forcing Secretary of State Hillary Rodham Clinton to express regret to world leaders and raising fears that they and other sources would become more reticent.

The New York Times and four other news organizations last week began publishing articles based on the archive of cables made available to them.

In recent months, some of Mr. Assange’s closest associates in WikiLeaks abandoned him, calling him autocratic and capricious and accusing him of reneging on WikiLeaks’s original pledge of impartiality to launch a concerted attack on the United States. He has been simultaneously fighting a remote battle with the Swedish prosecutors, who have sought his extradition for questioning on accusations of “rape, sexual molestation and forceful coercion” made by the Swedish women. Mr. Assange has denied any wrongdoing in the cases.

American officials have repeatedly said that they are reviewing possible criminal charges against Mr. Assange, a step that could lead to a bid to extradite him to the United States and confront him with having to fight for his freedom on two fronts.

The cyberattacks in Mr. Assange’s defense appear to have been coordinated by Anonymous, a loosely affiliated group of activist computer hackers who have singled out other groups before, including the Church of Scientology. Last weekend, members of Anonymous vowed in two online manifestos to take revenge on any organization that lined up against WikiLeaks.

Anonymous claimed responsibility for the MasterCard attack in Web messages and, according to Mr. Housh, the activist associated with the group, conducted waves of attacks on other companies during the day. The group said the actions were part of an effort called Operation Payback, which began as a way of punishing companies that tried to stop Internet file-sharing and movie downloads.

Mr. Housh, who disavows a personal role in any illegal online activity, said that 1,500 supporters had been in online forums and chat rooms organizing the mass “denial of service” attacks. His account was confirmed by Jose Nazario, a senior security researcher at Arbor Networks, a Chelmsford, Mass., firm that tracks malicious activity on computer networks.

Most of the corporations whose sites were targeted did not explain why they severed ties with WikiLeaks. But PayPal issued statements saying its decision was based on “a violation” of its policy on promoting illegal activities.

Paul Mutton, a security analyst at netcraft, a British Internet monitoring firm, confirmed Mr. Housh’s account of the renewed attack on PayPal Thursday and said it had caused sporadic outages through the day. A spokesman for PayPal was not immediately reachable to confirm or deny the accounts.

The sense of an Internet war was reinforced Wednesday when netcraft reported that the Web site being used by the hackers to distribute denial-of-service software had been suspended by a Dutch hosting firm, Leaseweb.

A sense of the belligerent mood among activists was given when one contributor to a forum the group uses, WhyWeProtest.net, wrote of the attacks: “The war is on. And everyone ought to spend some time thinking about it, discussing it with others, preparing yourselves so you know how to act if something compels you to make a decision. Be very careful not to err on the side of inaction.”

Mr. Housh acknowledged that there had been online talk among the hackers of a possible Internet campaign against the two women who have been Mr. Assange’s accusers in the Swedish case, but he said that “a lot of people don’t want to be involved.”

A Web search showed new blog posts in recent days in which the two women, identified by the Swedish prosecutors only as Ms. A. and Ms. W., were named, but it was not clear whether there was any link to Anonymous. The women have said that consensual sexual encounters with Mr. Assange became nonconsensual when he stopped using condoms.

The cyberattacks on corporations Wednesday were seen by many supporters as a counterstrike against the United States. Mr. Assange’s online supporters have widely condemned the Obama administration as the unseen hand coordinating efforts to choke off WikiLeaks by denying it financing and suppressing its network of computer servers.

Mr. Housh described Mr. Assange in an interview as “a political prisoner,” a common view among WikiLeaks supporters who have joined Mr. Assange in condemning the sexual abuse accusations as part of an American-inspired “smear campaign.”

Another activist used the analogy of the civil rights struggle for the cyberattacks.

“Are they disrupting business?” a contributor using the name Moryath wrote in a comment on the slashdot.org technology Web site. “Perhaps, but no worse than the lunch counter sit-ins did.”

John Markoff and Ashlee Vance contributed reporting from San Francisco, and Alan Cowell from Paris.

Mastercard downed by Anon-Assange-fans

Mastercard is feeling the wrath of the internet this afternoon – its website and at least part of its payment systems have apparently been brought down by a denial of service attack.

The credit card company is being typically cryptic – its most recent statement said only that it is “is experiencing heavy traffic on its external corporate website”, which is a nicely understated way to describe an overwhelming DDoS assault.

The statement added: “We are working to restore normal speed of service. There is no impact whatsoever on our cardholders’ ability to use their cards for secure transactions.”

However the Reg has been contacted by merchants down under who are currently unable to access the payment portal on Mastercard’s private network – a far more serious breach of security than just downing a website.

This blog also suggests that Mastercard’s 3D Secure system is not working either.

The hack attack is being claimed by Operation Payback, as revenge for Mastercard’s decision to shut down payments to Wikileaks in the wake of its publishing US diplomatic cables.

Operation Payback has itself come under DDoS attack from ‘patriot’ hackers. Presumably pro-Assange hackers have taken out Senator Lieberman’s personal site.

PayPal was targeted for similar reasons, but was functioning at the time of writing.

Mastercard’s PRs were unable to confirm any attack on payments systems but have promised us a more up-to-date statement. We’ll update this story should we receive one.

Pro-Wikileaks hacktivistas in DDoS dustup with patriot contras

Online hacktivist collective Anonymous, operating under the banners Operation:Payback and “Operation Avenge Assange” have launched a series of DDoS attacks against organisations and people seen as being opposed to Wikileaks and its spokesman Julian Assange.

Meanwhile, Operation:Payback itself has been subjected to counter-DDoS attacks thought to originate with US “patriotic” contra-hacktivistas.

Sites attacked by the Anonymous group have included PostFinance.ch, belonging to the Swiss bank which recently froze an account controlled by Assange, and also ThePayPalblog.com – the main blog operated by PayPal, targeted for refusing to process Wikileaks contributions. DNS outfit EveryDNS has also come into the Operation:Payback gunsights for cutting off Wikileaks’ DNS service, saying that online attacks targeted at the leak site were crippling its other customers.

Over the last couple of days, other sites have been DDoS’d for various reasons by the Anonymous group, including the Swedish lawyers representing the women Assange is alleged to have committed sexual offences against. Charges made by Swedish prosecutors have since resulted in the issue of a European arrest warrant and Assange was yesterday cuffed in London: British judges have elected to refuse bail and the colourful Wikileaks impresario is now in jail pending an extradition hearing.

This process has angered the members of Operation:Payback sufficiently that they have also elected to mount strikes against the website of the Swedish prosecutors’ office and briefly, according to anonymous* claims received by the Reg, against Interpol. (Interpol did issue a “Red Notice” calling for Assange’s arrest at the behest of Swedish authorities, but in fact this has no relevance for British police dealing with a request from another EU nation: in such cases a European warrant is required for the UK cops to act.)

Yesterday, the Anonymous hacktivists decided to attack the site of US Senator Joe Lieberman as well, presumably as a result of remarks he has made describing Wikileaks operations as crimes violating the US Espionage Act – and hinting that Wikileaks’ mainstream-media partners, collaborating on trawling and redacting files prior to public release, have violated the law also.

Some Operation:Payback members also elected to attack the site of former Alaska governor and vice-presidential candidate Sarah Palin for suggesting that Assange should be hunted down like a terrorist.

The Anonymous attacks have been run on through a chatroom, with users attaching their computers to a voluntary botnet for use in the DDoS strikes. Panda Security reported that as the Lieberman attacks began there were almost 1,000 users in the chatroom and nearly 600 machines in the botnet.

Naturally enough Operation:Payback itself has been subject to counter-DDoS efforts of varying strength almost since it began, but following the decision to attack Lieberman’s official US government site the Anonymous operation began to be hit much harder and suffered dozens of outages itself, one lasting almost two hours. Panda Security analysts assessed that the intensified counter-DDoS attacks were coming from self-described American “patriot” hackers – playing contra to the Anonymous hacktivistas, perhaps.

Meanwhile US Army private soldier Bradley Manning, believed to have supplied not only the vast stash of diplomatic cables now being drip-fed by Wikileaks but most of its previous significant material as well (the Baghdad gunship videos, Iraq and Afghanistan “war logs” etc) remains in military prison charged with an array of security violations. His name is seldom mentioned any more in the ongoing saga of Wikileaks, Assange and the online scufflers aligned with and against them.

Operation:Payback uses a banner quote from John Perry Barlow, a founder of the Electronic Frontier Foundation:

“The first serious infowar is now engaged. The field of battle is WikiLeaks. You are the troops.”

Some context for the online teacup “war” might be provided by the tiny size of the Anonymous volunteer botnet compared to today’s heavyweight criminal bot networks. There wasn’t even an attempt to actually attack PayPal, just its corporate blog. ®

Bootnote

*These emails were purportedly from Anonymous, but naturally we can’t vouch for their authenticity. As the faceless informant put it (this is verbatim):

Anyone using a name and claiming to represent Anonymous is a charloten, a fraud, a 13 year old basement dweller surrounded by crusty socks and empty Dew bottles, seeking glory among his friends on Tumblr.

PayPal banned WikiLeaks after US gov intervention

Updated A PayPal executive said his company’s decision to suspend payments to Wikileaks came after the US State Department said the whistle-blower site was engaged in illegal activity. The comment came shortly before PayPal agreed to release the remaining funds in the WikiLeaks fund-raising account.

Press accounts from The Guardian and TechCrunch differ, but both claim that PayPal’s move was influenced by statements from the State Department.

“State Dept told us these were illegal activities,” PayPal VP of platform Osama Bedier told the LeWeb conference in Paris, according to this report from The Guardian. “It was straightforward. We … comply with regulations around the world, making sure that we protect our brand.”

TechCrunch reported much the same thing but later updated its post to say: “After talking to Bedier backstage, he clarified that the State Department did not directly talk to PayPal.” He went on to say that the online payment service was influenced by a November 27 letter State Department officials sent Wikileaks founder Julian Assange and his attorney.

“As you know, if any of the materials you intend to publish were provided by any government officials, or any intermediary without proper authorization, they were provided in violation of US law and without regard for the the grave consequences of this action,” the letter, signed by State Department legal adviser Hongju Koh, stated. “As long as WikiLeaks holds such material, the violation of the law is ongoing.”

The letter didn’t cite any specific US statutes WikiLeaks was violating.

WikiLeaks went on to release a trove of State Department memos that aired confidential diplomatic communications.

PayPal representatives didn’t respond to emails seeking clarification about the influence of the State Department.

But late on Wednesday, PayPal General Counsel John Muller said: “While the account will remain restricted, PayPal will release all remaining funds in the account to the foundation that was raising funds for WikiLeaks. According to The Washington Post, there was about $80,000 in the account.

Muller went on to defend the permanent closure of the account by saying the online payment site is “required to comply with laws around the world.”

“Ultimately, our difficult decision was based on a belief that the WikiLeaks website was encouraging sources to release classified material, which is likely a violation of law by the source,” he continued.

Muller’s argument made no mention of organizations such as the International Tibet Network, which continues to solicit donations through PayPal even though some of their activities almost surely violate Chinese laws.

Over the past few days, other financial services, including Visa, MasterCard, and the Swiss bank Post Finance, have also suspended services to Wikileaks and Assange. The move has prompted criticism on Twitter and elsewhere by users who point out that Visa and MasterCard still permit payments to Ku Klux Klan groups but not to a group that so far has been charged with no crime.

Distributed denial of service attacks by people sympathetic to Wikileaks soon took out MasterCard and were also reported against EveryDNS.net, which suspended one of WikiLeaks domain names. US Senator Joe Lieberman and Sarah Palin – both outspoken WikiLeaks critics – and Swedish prosecutors, who are investigating Assange for alleged sexual offenses, have also been targeted, according to reports. A PayPal blog was also disrupted by attacks.

The Register has asked Visa and MasterCard to comment. This post will be updated if either responds. ®