WikiLeaks 'Hactivists' Target Fax Machines
Anonymous collective turns to old-school spam as antivirus vendors and Internet providers block access to the the LOIC botnet application.
Operation Payback, the "hacktivist" movement aiming to publicize organizations that have canceled business with WikiLeaks, is now encouraging participants to use free online fax services to inundate targeted fax machines with old-school spam.
"The Anonymous collective are being encouraged to send faxes of random WikiLeaks cables, letters from Anonymous, Guy Fawkes, and the WikiLeaks logo to the target fax numbers all day long," according to Paul Mutton, Internet services director at research firm Netcraft. "It is not clear how many people are taking part in the attacks, but an IRC channel set up to provide information about the campaign contained 73 users just a few hours after the fax-attacks started."
More Security Insights
- The Untapped Potential of Mobile Apps for Commercial Customers
- Get Actionable Insight with Security Intelligence for Mainframe Environments
- Finding a Strategic Voice: Insights from the 2012 IBM Chief Information Security Officer Assessment
- Preventing Security Risks in Real Time
A related target list released by the collective listed fax numbers for Amazon, MasterCard, MoneyBookers, PayPal, Tableau Software, and Visa. The call to arms, however, also urges some restraint: "No porn. No gore. Be respectful."
Meanwhile, Operation Payback is itself under attack. Beginning on Monday, unknown attackers began targeting the IRC servers used by the group, forcing them -- and chat participants -- offline.
Many antivirus firms are also blocking the Operation Payback application -- known as Low Orbit Ion Cannon (LOIC) -- used to generate distributed denial of service (DDoS) attacks against targeted sites. According to security firm Imperva, "due to the disruptive nature of LOIC, the vast majority -- at least 72% -- of AV vendors have decided to block the program."
Some Internet service providers are also blocking the IP addresses used by LOIC. For example, according to a blog, Verizon has been blocking FiOS (fiber optic service) and DSL subscribers from numerous Web sites and IP addresses associated with Operation Payback.
"Thursday evening Verizon pulled a dirty trick by silently blocking most all know IP addresses used by IRC, Web, and other server operated for Operation Payback," said a blog posted on Saturday. "This move was made without notice to Verizon's customers and without the ability to opt out of the blocking."
Six IP addresses were apparently being blocked, as confirmed to the blog writer by other Verizon subscribers. Later on Saturday, however, Verizon apparently unblocked one of the IP addresses.
But not everything related to WikiLeaks or Operation Payback is being blocked. Indeed, the WikiLeaks Web site is once again being hosted in the United States. Since Friday night, the site has been hosted by Silicon Valley Web Hosting, "but does not appear to be serving any of the leaked cables or other content that it used to hold," said Netcraft's Mutton. "Instead, the site immediately redirects visitors to a WikiLeaks mirror hosted in Russia."
In this Dark Reading Tech Center report, we explain how your security and network teams can cooperate and use common tools to detect threats before your systems are compromised. Get it now (registration required).