Yes, we leak (part 3; reports from the trenches)

“He Who Can Destroy A Thing Controls A Thing”

- Paul Atreides (Paul “Usul” Mau’dib), in Dune (First Film), directed by David Lynch written by Frank Herbert (snd)

For the past couple of days I’ve been hanging in the hidden pipes that make up the AnonOps IRC network, also known as “the trenches of the first cyber-war” or so the media dubbed it. This is basically where Anonymous operations are managed and controlled.

I’ve been monitoring that operation, or rather; I wrote a program to do so, and got my fifteen minutes of fame on Twitter.

Sadly is a covert operation. All the attention – and my sloppy coding – forced us to take the site down after a few days. Still, while this “war” against the Powers raged and I appeared to be the one who ‘Officially Tracked the Targets’, I thought it was only fair that I payed a visit to Anonymous command.

Fear and loathing on AnonOps.

If IRC is  a city, AnonOps would be the shady part where the tough guys hang.  Hard language in the pubs, sinister atmosphere, activists, squatters and what not. All in all a really exciting place for kids and youngsters to hang out. Browsing through the channels you see the wannabe zit-faced suburban kids hopping from one place to another. The network is constantly splitting and coming back online which basically means that every conversation is interrupted after about 20 seconds by another massive netsplit. Advertised channels like #operationpayback are so crowded that any chance on real conversation is next to nothing. Over 2000 users yelling at each other and joining and quitting simultaneously, this may be a hive mind. But is a mind plagued with spasms and concentration disorders.

So I tried to join #wikileaks, which refused my entry and demanded that I register my nick. Now I haven’t encountered a nickserver for years, but I welcomed the trip down memory lane; please nickserver, allow me to introduce myself.

NickServ: your nick is now recognized.

So I joined the #wikileaks chatroom, and the #hackers chatroom and the #press room while I was at it. In there it was remarkably quiet. It seems that registering a nick on IRC was a task too demanding for most of the troops, which allows us, professional people, to converse in peace. Actually, with 100 or so users those channels seemed really crowded too, and the netsplits didn’t make it any better. Conversation seem to be going about better ways to hack and bring down the api of PayPal – which was the target at that time – in a more effective way then bombarding them with requests.

The discussion became actually quite interesting when we figured that although Anonymous was using botnet-technology, they now had an army volunteers. All of which gave away control of their computers with consent. Why bother with the fucking bots?! You could run SETI like stuff on there. Trying to calculate the key to the Wikileaks insurance ? What were all these mindless minions in the hive actually doing anyway?

I mean, besides watching their “Lower Orbit Ion Canons” pound their way into the paypal api. Wait… Wut? What are these LOICs anyway ?

The Guns of Anonymous

As you probably all know by now, as it was all over the news, the group that was hammering on several targets last week used a program called LOIC or “Lower Orbit Ion Cannon” (when nukes fail). This sounds more impressive then it actually is. It’s a program, with a Geekie interface, featuring a picture of an Ion cannon, some settings screens, a really big text-field for an ip-address (the ‘target’) and a counter that starts counting like crazy when you start “firing”. The program’s code is on Sourceforge, and I took a peek.

Well, I’m not sure who wrote this, but if there are trials in the future for Bad Coding Practices, the developer will probably get a chemical castration. All there is to it, is an IRC connection script that finds the AnonOps server. From there it logs into a protected #LOIC chatroom as a Bot. Here an operator sends a command to all the Bots simultaneously. Hence the term ‘hive mind’.

The Hive Mind

The Hive Mind

This starts basically a ping shell-script on the clients computer, hosting the bot. Yes. We’re anonymous, and we’re pinging your ass to gore and death. This is quite literally the equivalent of Knock, knock, Ginger. Digital mischief with a Botnet.

The effectiveness of this DDoS remains yet to be seen. I believe that the loose-tied group actually moves ‘over 9000′ members, which they famously claim (while quoting Vegeta)

“We’re anonymous, we are legion and over 9000″.

Let’s say there were 10.000 people participating in the attack. That will bring a single webserver down easy. As was the case with Sarah Palins site, the Dutch Police and other average sites. Now what is interesting is that went down too. This site was build to handle 200.000 visits daily or so. This would mean, by my guess, about 10-20 webservers worldwide, probably redundant (so another 15 in backup). It took some effort, but it actually went down for a couple of hours.

Amazon however is build to handle 73 million hits per day. Such an infrastructure can actually withstand an attack like that. With ease. Also Paypal or rather it’s API, sustained a hit and only went down in Europe. Or to be honest it slowed down, terribly in some major parts of Europe. But the worldwide API was only dented. It was up all over the rest of world without a problem.

But now for the really bad part.

LOIC is not anonymous at all. Nobody went to the trouble of hiding the IP adress of the sender. Which comes down to playing Knock, Knock, Ginger without running away.

Or as the University of Twente put it here (through…) making matters even worse :

In addition, hacktivists may not be aware that international data retention laws
require that commercial Internet providers store data regarding Internet usage for
at least 6 months. This means that hacktivists can still be traced easily after the
attacks are over.

So for all intent and purposes the Police, or any authority for that matter, have well over 6 months to quietly gather information. Extracting all the addresses and all the phone numbers of the hacktivists, and are easily waiting for them to do something foolish again.

When the Hive Mind wakes up

Interestingly this was about when 2600 posted it’s open letter, in which they condemn the DDoS actions altogether. The link is from BoingBoing and the argument in the message board is worth a read too.

IMHO, the eagerness and the bravado with which this incarnation of Anonymous throws itself into the debate is great.  But. DDoSing is never a good idea.  Unless you want to test a server. It’s an even worse idea if you are exposing your community unprotected into civil disobedience.

All this is of course leading away from the real story here. No, not Julian Assange, he is just a very smart man willing to take the blame whil protecting others. He’s a front for authorities being viciously pushed around. And he should be free! As should Bradley Manning. But they are not the story. The story is not even an internet activist group reinventing themselves and stretching their muscles.

The real stories are cables themselves! And what’s in there. That stuff needs to be read, analyzed, summarized and spread again. Handed out to journalists, NGO’s and Lawyers worldwide.  Basically what I’ve been shouting on this blog; “Read, Interpread, Publish” (or RIP, for short) .



This seems to have dawned on the smarter people in the Not-So-Anonymous crowd too. Enter Operation Leakspin. [ insert angels singing here... okay a youtube video will do ].

YouTube Preview Image

But wait. Hold it right there!

How exactly are they going to make over 9000 hyperactive 15-year olds read the cables? Let alone understand them.

Sitting down with a cup of tea, reading through some 4-page cables might sound like an interesting way to spend an afternoon, but for these kids it’s what they ‘do at school’ – Yes I asked – It’s uncool, boring and much harder then downloading program with a cool name, configure it and see it firing.

Still, what might happen if they actually do it ?
So. What are you still doing here. Go read the cables!
I’m pondering some tools, not unlike the mine to analyze then, and even cross-reference.

In the meanwhile, here is a search engine for them.

Posted: December 14th, 2010
Categories: general
Comments: 1 Comment.

* 5 = thirty five