News for December 2010

Yes, we leak (part 3; reports from the trenches)

“He Who Can Destroy A Thing Controls A Thing”

- Paul Atreides (Paul “Usul” Mau’dib), in Dune (First Film), directed by David Lynch written by Frank Herbert (snd)

For the past couple of days I’ve been hanging in the hidden pipes that make up the AnonOps IRC network, also known as “the trenches of the first cyber-war” or so the media dubbed it. This is basically where Anonymous operations are managed and controlled.

I’ve been monitoring that operation, or rather; I wrote a program to do so, and got my fifteen minutes of fame on Twitter.

Sadly XangadiX.net is a covert operation. All the attention – and my sloppy coding – forced us to take the site down after a few days. Still, while this “war” against the Powers raged and I appeared to be the one who ‘Officially Tracked the Targets’, I thought it was only fair that I payed a visit to Anonymous command.

Fear and loathing on AnonOps.

If IRC is  a city, AnonOps would be the shady part where the tough guys hang.  Hard language in the pubs, sinister atmosphere, activists, squatters and what not. All in all a really exciting place for kids and youngsters to hang out. Browsing through the channels you see the wannabe zit-faced suburban kids hopping from one place to another. The network is constantly splitting and coming back online which basically means that every conversation is interrupted after about 20 seconds by another massive netsplit. Advertised channels like #operationpayback are so crowded that any chance on real conversation is next to nothing. Over 2000 users yelling at each other and joining and quitting simultaneously, this may be a hive mind. But is a mind plagued with spasms and concentration disorders.

So I tried to join #wikileaks, which refused my entry and demanded that I register my nick. Now I haven’t encountered a nickserver for years, but I welcomed the trip down memory lane; please nickserver, allow me to introduce myself.

NickServ: your nick is now recognized.

So I joined the #wikileaks chatroom, and the #hackers chatroom and the #press room while I was at it. In there it was remarkably quiet. It seems that registering a nick on IRC was a task too demanding for most of the troops, which allows us, professional people, to converse in peace. Actually, with 100 or so users those channels seemed really crowded too, and the netsplits didn’t make it any better. Conversation seem to be going about better ways to hack and bring down the api of PayPal – which was the target at that time – in a more effective way then bombarding them with requests.

The discussion became actually quite interesting when we figured that although Anonymous was using botnet-technology, they now had an army volunteers. All of which gave away control of their computers with consent. Why bother with the fucking bots?! You could run SETI like stuff on there. Trying to calculate the key to the Wikileaks insurance ? What were all these mindless minions in the hive actually doing anyway?

I mean, besides watching their “Lower Orbit Ion Canons” pound their way into the paypal api. Wait… Wut? What are these LOICs anyway ?

The Guns of Anonymous

As you probably all know by now, as it was all over the news, the group that was hammering on several targets last week used a program called LOIC or “Lower Orbit Ion Cannon” (when nukes fail). This sounds more impressive then it actually is. It’s a program, with a Geekie interface, featuring a picture of an Ion cannon, some settings screens, a really big text-field for an ip-address (the ‘target’) and a counter that starts counting like crazy when you start “firing”. The program’s code is on Sourceforge, and I took a peek.

Well, I’m not sure who wrote this, but if there are trials in the future for Bad Coding Practices, the developer will probably get a chemical castration. All there is to it, is an IRC connection script that finds the AnonOps server. From there it logs into a protected #LOIC chatroom as a Bot. Here an operator sends a command to all the Bots simultaneously. Hence the term ‘hive mind’.

The Hive Mind

The Hive Mind

This starts basically a ping shell-script on the clients computer, hosting the bot. Yes. We’re anonymous, and we’re pinging your ass to gore and death. This is quite literally the equivalent of Knock, knock, Ginger. Digital mischief with a Botnet.

The effectiveness of this DDoS remains yet to be seen. I believe that the loose-tied group actually moves ‘over 9000′ members, which they famously claim (while quoting Vegeta)

“We’re anonymous, we are legion and over 9000″.

Let’s say there were 10.000 people participating in the attack. That will bring a single webserver down easy. As was the case with Sarah Palins site, the Dutch Police and other average sites. Now what is interesting is that Mastercard.com went down too. This site was build to handle 200.000 visits daily or so. This would mean, by my guess, about 10-20 webservers worldwide, probably redundant (so another 15 in backup). It took some effort, but it actually went down for a couple of hours.

Amazon however is build to handle 73 million hits per day. Such an infrastructure can actually withstand an attack like that. With ease. Also Paypal or rather it’s API, sustained a hit and only went down in Europe. Or to be honest it slowed down, terribly in some major parts of Europe. But the worldwide API was only dented. It was up all over the rest of world without a problem.

But now for the really bad part.

LOIC is not anonymous at all. Nobody went to the trouble of hiding the IP adress of the sender. Which comes down to playing Knock, Knock, Ginger without running away.

Or as the University of Twente put it here (through…) making matters even worse :

In addition, hacktivists may not be aware that international data retention laws
require that commercial Internet providers store data regarding Internet usage for
at least 6 months. This means that hacktivists can still be traced easily after the
attacks are over.

So for all intent and purposes the Police, or any authority for that matter, have well over 6 months to quietly gather information. Extracting all the addresses and all the phone numbers of the hacktivists, and are easily waiting for them to do something foolish again.

When the Hive Mind wakes up

Interestingly this was about when 2600 posted it’s open letter, in which they condemn the DDoS actions altogether. The link is from BoingBoing and the argument in the message board is worth a read too.

IMHO, the eagerness and the bravado with which this incarnation of Anonymous throws itself into the debate is great.  But. DDoSing is never a good idea.  Unless you want to test a server. It’s an even worse idea if you are exposing your community unprotected into civil disobedience.

All this is of course leading away from the real story here. No, not Julian Assange, he is just a very smart man willing to take the blame whil protecting others. He’s a front for authorities being viciously pushed around. And he should be free! As should Bradley Manning. But they are not the story. The story is not even an internet activist group reinventing themselves and stretching their muscles.

The real stories are cables themselves! And what’s in there. That stuff needs to be read, analyzed, summarized and spread again. Handed out to journalists, NGO’s and Lawyers worldwide.  Basically what I’ve been shouting on this blog; “Read, Interpread, Publish” (or RIP, for short) .

problem ? - F-F-F-F-F-F-F-F-FFUUUUUUUUUUUUU

problem ? - F-F-F-F-F-F-F-F-FFUUUUUUUUUUUUU

This seems to have dawned on the smarter people in the Not-So-Anonymous crowd too. Enter Operation Leakspin. [ insert angels singing here... okay a youtube video will do ].

YouTube Preview Image

But wait. Hold it right there!

How exactly are they going to make over 9000 hyperactive 15-year olds read the cables? Let alone understand them.

Sitting down with a cup of tea, reading through some 4-page cables might sound like an interesting way to spend an afternoon, but for these kids it’s what they ‘do at school’ – Yes I asked – It’s uncool, boring and much harder then downloading program with a cool name, configure it and see it firing.

Still, what might happen if they actually do it ?
So. What are you still doing here. Go read the cables!
I’m pondering some tools, not unlike the mine to analyze then, and even cross-reference.

In the meanwhile, here is a search engine for them.

Posted: December 14th, 2010
Categories: general
Tags:
Comments: 1 Comment.

Yes, we leak (part 2)

The only verdict is vengeance; a vendetta,
held as a votive,  not in vain,
for the value and veracity of such shall one day vindicate the vigilant and the virtuous.

- V in V for Vendetta

And so it came about that the internetz went to War with the rest of the world, and governments and corperation got a serious hadeache while teens and script-kiddies bombarded their servers and molested their homepages.

And then this may be a bit childish, but it is out there nonetheless.

YouTube Preview Image

What to do then? — well, you can go down to Sourceforge and download something called an “Low Orbit Ion Cannon” (when Nukes fail). Or go down on IRC and see the kids play; irc.annonops.net, #wikileaks and #operationpayback. Spread the word, read the cables, pubish.

Also, you might want to give my new tooly a spin; easy web based hammering of services, and monitoring if the current targets are still up. Wait? Wut?

Operation Avenge Assange Monitor

Operation Avenge Assange Monitor

Now this isn’t fully functional yet, and especially the web based version needs to use a terribly slow proxy of my own design; but when downloading the .exe, and using it stand alone works just fine. And no, I didn’t pack it with a nasty virus or a terrible trojan to f*ck your system. … yet.

So get out of here and try the Operation Payback Monitor

#UPDATE 12/14/2010 through overwhelming succes, and the fact that I actually DDoSsed myself by accident, the page has been taken offline. Operation Payback is over for now. Gentlemen, silence your weapons.

Yes, we Leak.

Free Bradley Manning
Free Julien Assange
Assange was arrested today and I got no key for my 1.4 gig insurance file. I am however hosting a ip-link to the cables ( http://213.251.145.96/cablegate ) and I’m almost ashamed to admit that, that is all I can do from here. For now.

I was going to write a short on the companies I’ll never do business with again, namely those that refused or refuted the wikipages to be associated with them, but the Guardian beat me to the punch.

Still, here they are:

  • ableau Software
  • Amazon
  • everyDNS.com
  • OVH, france (how can you be afraid of a little man like Sarkozy, for all intend and purposes he is a midget, I hate the French)
  • Visa
  • Mastercard
  • Postfinance
  • Paypal
  • Twitter (omitting trending topics, terrible bastards)

On the upside, these organisation are actively supporting the Leaks, so praise and joy be upon them (Google them if you want the links, you lazy fuck) :

  • Switch (Swiss)
  • The Pirate Party
  • The Guardian (yey!)

and in Holland:

  • E-dot, Byte and XS4ALL
  • Powned (mirror)
  • VPRO (mirror)
  • Geenstijl (mirror)

More important links here and of course here

Some random cables, I do have a day job, but these titles got my attention: “XXXXXXXXXXXXX”  catchy non? Referring to an article stating that the american government is acting on behalf on Google in China: 09BEIJING1336 . Google, which, I might add, has not censored any Wikileak pages from it’s index (or have they?)
Also this cable 08FREETOWN389; “COCAINE BUST: MINISTER OF TRANSPORTATION SACKED”, because Cocaine always gets my attention.

Ow , and here is a tip for journalists: use the fucking tag for a cable, so we know what you are talking about.

Another pro-tip: search cables here through the nifty cable search engine (beta)

(more…)

Posted: December 8th, 2010
Categories: media, nerd, technology, web, work
Tags: , , , , , , , , , , , , , ,
Comments: 1 Comment.

Then the world changed…

I didn’t do anything, as we were to busy smelling each others farts.
-You, probably me, talking to your kid in thirty years time. Explaining why it is such a mess then.

This is one of those posts, that should start with something about how long I haven’t posted  on this blog. Although that would be true, and it would make an okay opening I guess, I am starting with something else. Something you’ve all heard about by now, even those suckers who are trapped on this page by a Google on ‘ duct tape’ .  I mean you, accidental visitor who searched for duct tape. And who choose ‘images’ on Google to search. And couldn’t help yourself when you saw this picture on page 2. And thank you 14000 visitors a month.

Yes, now you are here on a completely different subject. It is not what you are looking for, but read on anyway; All of you who read this, just click ‘more’, and read on for a bit. It is needed and it is important.

(more…)