Operation Payback has announced its next attack, which will target www.amazon.com. It will be interesting to see whether Amazon can withstand the type of DDoS attacks that successfully brought down Visa.com and MasterCard.com over the past 24 hours.
PayPal was the most recent target – first paypal.com, and then api.paypal.com – in an apparent attempt to prevent retailers accepting payments via PayPal. Many websites and consumers are still reporting difficulties making payments with credit cards and PayPal funds.
The Anonymous group claims that Amazon is selling the leaked cables. Amazon.co.uk is currently selling a Kindle e-book of the first 5000 cables (ironically encrypted and with DRM), although it is not apparent whether this is genuine:
Operation Payback has acknowledged that the attack against Amazon may be more difficult than any other recent attack. However, the voluntary botnet used in the attacks has continued to grow in size, making it easier to take down larger sites.
Operation Payback has suffered a few setbacks during the attacks. Its website was suspended yesterday, and its previous Twitter account was suspended overnight. The group is currently announcing targets via IRC and its new Twitter account, @AnonOpsNet.
The group is still without a website, and so has become increasingly dependent on its Internet Relay Chat network, both as a point of contact, and as a way of controlling the botnet. The group's IRC servers were refusing connections due to too many users being connected, but this problem was later resolved and the IRC network is currently spread across 10 IP addresses.
Real-time performance graphs for www.amazon.com and several other sites involved in the WikiLeaks attacks can be monitored at http://uptime.netcraft.com/perf/reports/performance/wikileaks
The attack is due to begin at approximately 16:00 GMT today (Thursday).
Visa.com has been taken down by a distributed denial of service attack carried out by WikiLeaks supporters. Despite having its own website suspended, Operation Payback successfully managed to take down Visa.com by reconfiguring its existing LOIC botnet to attack the new target.
Operation Payback successfully took out MasterCard.com earlier today, using only 400 LOIC clients when the site first went down. Even though Visa.com generally receives fewer visitors than MasterCard.com, it is hosted on the Akamai content distribution network. It was therefore regarded as a more difficult target, so the hacktivist group waited until they had more than 2000 active LOIC clients before commencing the latest attack against Visa.
The attack appears to have succeeded – Visa.com was taken down almost immediately and remains inaccessible for many of its visitors.
Real-time performance graphs for www.visa.com can be viewed here. Several other sites involved in the WikiLeaks attacks can also be monitored at http://uptime.netcraft.com/perf/reports/performance/wikileaks
The Operation Payback website behind today's voluntary botnet attack against MasterCard has been suspended.
www.anonops.net had previously offered download links for denial of service software. This software is installed by willing volunteers and waits to receive instructions from a central Internet Relay Chat server. More than 1,600 of these software clients were involved in today's retaliatory attack against MasterCard, although there were apparently only 400 running when the MasterCard site was first taken down.
Both Visa and MasterCard payments have been being rejected on their donation system since around 22:30 CET yesterday. Visa expressed concerns about protecting its brand, but DataCell points out that Visa is nevertheless happy to transfer money for gambling sites and pornography services.
DataCell ehf CEO Andreas Fink said, "It is obvious that Visa is under political pressure to close us down".
Earlier today, PayPal admitted that its decision to suspend WikiLeaks' PayPal account was made after the US government claimed that the activities of the website were illegal in the US.
mastercard.com is currently under a distributed denial of service (DDoS) attack, making the site unavailable from some locations.
The attack is being orchestrated by Operation Payback and forms part of an ongoing campaign by Anonymous. They announced the attack's success a short while ago on their Twitter stream:
Operation Payback is announcing targets via its website, Twitter stream and Internet Relay Chat (IRC) channels. To muster the necessary volume of traffic to take sites offline, they are inviting people to take part in a 'voluntary' botnet by installing a tool called LOIC (Low Orbit Ion Cannon – a fictional weapon of mass destruction popularised by computer games such as Command & Conquer).
The LOIC tool connects to an IRC server and joins an invite-only 'hive' channel, where it can be updated with the current attack target. This allows Operation Payback to automatically reconfigure the entire botnet to switch to a different target at any time.
Yesterday, Operation Payback successfully brought down the PostFinance.ch website after the Swiss bank decided to close Julian Assange's bank account.
Later in the day, they also launched an attack against the Swedish prosecutor's website, www.aklagare.se. The attack was successful for several hours, but now appears to have stopped. The Director of Prosecution, Ms. Marianne Ny, stated yesterday that Swedish prosecutors are completely independent in their decision making, and that there had been no political pressure. The same group also successfully took down the official PayPal blog last week, after WikiLeaks' PayPal account was suspended.
As more companies distance themselves from WikiLeaks, we would not be surprised to see additional attacks taking place over the coming days. Concurrent attacks against the online payment services of MasterCard, Visa and PayPal would have a significant impact on online retailers, particularly in the run up to Christmas.
Although denial of service attacks are illegal in most countries, Operation Payback clearly has a sufficient supply of volunteers who are willing to take an active role in the attacks we have seen so far. They are a force to be reckoned with.
A real-time performance graph for www.mastercard.com can be viewed here.
The Swiss bank which froze the accounts of WikiLeaks founder Julian Assange is under electronic attack by WikiLeaks supporters. The PostFinance.ch website is being subjected to a distributed denial of service attack, rendering the site unusable by its customers and other visitors.
PostFinance yesterday announced that it had ended its business relationship with Julian Assange, claiming that he had falsely entered Geneva as his domicile. "Assange cannot provide proof of residence in Switzerland and thus does not meet the criteria for a customer relationship with PostFinance. For this reason, PostFinance is entitled to close his account."
PostFinance appears to have made the decision independently, pointing out that it has the option of "terminating business relationships which run contrary to public and moral opinion."
PayPal's official blog was also attacked after its decision to restrict the PayPal account used for collecting WikiLeaks donations. Twitter user AnonyWatcher posted a TANGO DOWN message announcing a DDoS attack against the blog. On Friday, PayPal's blog posted the following statement: "PayPal has permanently restricted the account used by WikiLeaks due to a violation of the PayPal Acceptable Use Policy, which states that our payment service cannot be used for any activities that encourage, promote, facilitate or instruct others to engage in illegal activity."
In another financial setback, MasterCard has also said that it will be taking action to ensure that WikiLeaks can no longer accept MasterCard-branded products.
Real-time performance graphs for www.postfinance.ch can be viewed here.