Government // Cybersecurity
News
12/14/2010
12:29 PM
Connect Directly
RSS
E-Mail
50%
50%

WikiLeaks 'Hactivists' Target Fax Machines

Anonymous collective turns to old-school spam as antivirus vendors and Internet providers block access to the the LOIC botnet application.

Operation Payback, the "hacktivist" movement aiming to publicize organizations that have canceled business with WikiLeaks, is now encouraging participants to use free online fax services to inundate targeted fax machines with old-school spam.

"The Anonymous collective are being encouraged to send faxes of random WikiLeaks cables, letters from Anonymous, Guy Fawkes, and the WikiLeaks logo to the target fax numbers all day long," according to Paul Mutton, Internet services director at research firm Netcraft. "It is not clear how many people are taking part in the attacks, but an IRC channel set up to provide information about the campaign contained 73 users just a few hours after the fax-attacks started."

A related target list released by the collective listed fax numbers for Amazon, MasterCard, MoneyBookers, PayPal, Tableau Software, and Visa. The call to arms, however, also urges some restraint: "No porn. No gore. Be respectful."

Meanwhile, Operation Payback is itself under attack. Beginning on Monday, unknown attackers began targeting the IRC servers used by the group, forcing them -- and chat participants -- offline.

Many antivirus firms are also blocking the Operation Payback application -- known as Low Orbit Ion Cannon (LOIC) -- used to generate distributed denial of service (DDoS) attacks against targeted sites. According to security firm Imperva, "due to the disruptive nature of LOIC, the vast majority -- at least 72% -- of AV vendors have decided to block the program."

Some Internet service providers are also blocking the IP addresses used by LOIC. For example, according to a blog, Verizon has been blocking FiOS (fiber optic service) and DSL subscribers from numerous Web sites and IP addresses associated with Operation Payback.

"Thursday evening Verizon pulled a dirty trick by silently blocking most all know IP addresses used by IRC, Web, and other server operated for Operation Payback," said a blog posted on Saturday. "This move was made without notice to Verizon's customers and without the ability to opt out of the blocking."

Six IP addresses were apparently being blocked, as confirmed to the blog writer by other Verizon subscribers. Later on Saturday, however, Verizon apparently unblocked one of the IP addresses.

But not everything related to WikiLeaks or Operation Payback is being blocked. Indeed, the WikiLeaks Web site is once again being hosted in the United States. Since Friday night, the site has been hosted by Silicon Valley Web Hosting, "but does not appear to be serving any of the leaked cables or other content that it used to hold," said Netcraft's Mutton. "Instead, the site immediately redirects visitors to a WikiLeaks mirror hosted in Russia."

Comment  | 
Print  | 
More Insights
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek - September 2, 2014
Avoiding audits and vendor fines isn't enough. Take control of licensing to exact deeper software discounts and match purchasing to actual employee needs.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
In in-depth look at InformationWeek's top stories for the preceding week.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.