Operation Payback has announced its next attack, which will target www.amazon.com. It will be interesting to see whether Amazon can withstand the type of DDoS attacks that successfully brought down Visa.com and MasterCard.com over the past 24 hours.
PayPal was the most recent target – first paypal.com, and then api.paypal.com – in an apparent attempt to prevent retailers accepting payments via PayPal. Many websites and consumers are still reporting difficulties making payments with credit cards and PayPal funds.
The Anonymous group claims that Amazon is selling the leaked cables. Amazon.co.uk is currently selling a Kindle e-book of the first 5000 cables (ironically encrypted and with DRM), although it is not apparent whether this is genuine:
Operation Payback has acknowledged that the attack against Amazon may be more difficult than any other recent attack. However, the voluntary botnet used in the attacks has continued to grow in size, making it easier to take down larger sites.
Operation Payback has suffered a few setbacks during the attacks. Its website was suspended yesterday, and its previous Twitter account was suspended overnight. The group is currently announcing targets via IRC and its new Twitter account, @AnonOpsNet.
The group is still without a website, and so has become increasingly dependent on its Internet Relay Chat network, both as a point of contact, and as a way of controlling the botnet. The group's IRC servers were refusing connections due to too many users being connected, but this problem was later resolved and the IRC network is currently spread across 10 IP addresses.
Real-time performance graphs for www.amazon.com and several other sites involved in the WikiLeaks attacks can be monitored at http://uptime.netcraft.com/perf/reports/performance/wikileaks
The attack is due to begin at approximately 16:00 GMT today (Thursday).
Despite its economic woes, Ireland is the country with the largest growth* this year in number of public-facing web servers in Netcraft's hosting provider server count. However, this is mostly due to large growth at Amazon's Elastic Compute Cloud (EC2) service.
Amazon started offering its EC2 service in the EU in December 2008, via a datacenter in Dublin. Since then it has been the fastest-growing hosting company in Ireland. Amazon's cloud hosting now makes up more than a third of all internet-facing web servers in Ireland, with three times more web servers hosted than the next largest hosting location.
Visa.com has been taken down by a distributed denial of service attack carried out by WikiLeaks supporters. Despite having its own website suspended, Operation Payback successfully managed to take down Visa.com by reconfiguring its existing LOIC botnet to attack the new target.
Operation Payback successfully took out MasterCard.com earlier today, using only 400 LOIC clients when the site first went down. Even though Visa.com generally receives fewer visitors than MasterCard.com, it is hosted on the Akamai content distribution network. It was therefore regarded as a more difficult target, so the hacktivist group waited until they had more than 2000 active LOIC clients before commencing the latest attack against Visa.
The attack appears to have succeeded – Visa.com was taken down almost immediately and remains inaccessible for many of its visitors.
Real-time performance graphs for www.visa.com can be viewed here. Several other sites involved in the WikiLeaks attacks can also be monitored at http://uptime.netcraft.com/perf/reports/performance/wikileaks
The Operation Payback website behind today's voluntary botnet attack against MasterCard has been suspended.
www.anonops.net had previously offered download links for denial of service software. This software is installed by willing volunteers and waits to receive instructions from a central Internet Relay Chat server. More than 1,600 of these software clients were involved in today's retaliatory attack against MasterCard, although there were apparently only 400 running when the MasterCard site was first taken down.
The suspended site is hosted by LeaseWeb in the Netherlands (see Netcraft's site report). Target sites are still being announced via IRC and the @Anon_Operation Twitter stream.
DataCell Switzerland – the company which handles credit card transfers for WikiLeaks donations – is to take immediate legal action after Visa Europe issued a notice to suspend payments.
Both Visa and MasterCard payments have been being rejected on their donation system since around 22:30 CET yesterday. Visa expressed concerns about protecting its brand, but DataCell points out that Visa is nevertheless happy to transfer money for gambling sites and pornography services.
DataCell ehf CEO Andreas Fink said, "It is obvious that Visa is under political pressure to close us down".
Earlier today, PayPal admitted that its decision to suspend WikiLeaks' PayPal account was made after the US government claimed that the activities of the website were illegal in the US.
Netcraft is now monitoring the performance and uptime of websites which are involved in the ongoing WikiLeaks cyberbattle. Real-time graphs for all of these sites can be viewed here:
Please contact us if you know of any new sites which have come under attack: email@example.com
WikiLeaks has been subjected to several denial of service attacks, and has also had to deal with its name servers, hosting accounts and payment services being suspended. In retaliation, WikiLeaks supporters have targetted some of the companies who have decided to terminate relationships with the whistle-blowing site.
MasterCard is the latest target, and there have also been successful attacks against
the Swedish prosecutor's website, and the official PayPal blog.
Despite a French minister declaring war on WikiLeaks, French hosting company OVH allowed the site to continue using its servers, stating that it was neither for nor against WikiLeaks. OVH sought an emergency decision from a judge over whether or not it was illegal to host the WikiLeaks website. The judge subsequently declined to force OVH to shut down the site.
Meanwhile, SWITCH (the registry for .ch domains) has clarified the circumstances under which the wikileaks.ch domain would be deleted, and is keen to point out that it is not responsible for the contents of the Wikileaks site.