Join in the Wikileaks DDoS war from your iPhone or iPad

Low Orbit Ion Cannon comes to the slab – or any browser

Lewis Page

The Register: December 1, 2010


The online “infowar” precipitated by the media circus surrounding Wikileaks and Julian Assange continues, with DDoS attacks occurring against a bewildering variety of websites assessed as having either aided or failed to aid the leak-publisher – or often merely for commenting on the brouhaha.

Meanwhile, interest has focused on the methods used to mount the DDoS attacks. It appears that in general most of the muscle is coming from botnets of the usual sort: ones made up of zombie machines infected with malware using the same methods as ordinary online criminals and spammers (and just as illegal).

However, some of the battling communities – for instance the loosely organised hacktivist collective Anonymous, aligned in support of Assange and Wikileaks – also use collaborative tools where supporters can voluntarily attach their machines to a botnet in order to assist with a DDoS attack. The preferred tools are usually some version of the Low Orbit Ion Cannon (LOIC) software. Machines running LOIC can then be controlled via IRC or some other channel (again the campaigners are aping criminals by using Twitter of late).

Downloading and installing LOIC (the code is freely available at such places as Sourceforge) is simple enough, but evidently off-putting enough that not many people are doing it. The LOIC hivemind net run by Anonymous has generally had only a few hundred machines in it, far too few to mount a serious DDoS, and most of the grunt has been delivered by larger malware-based botnets controlled by individual Anonymous members (just one reportedly containing more than 30 times as many machines as the hivemind).

But in the last day or two, a new wrinkle has begun to gain prominence. It is now possible to visit a webpage which will convert your browser into a pocket LOIC instance, delivering DDoS packets from whatever device you are using to browse – not necessarily even a computer.

As Panda Labs analyst Sean-Paul Correll notes:

Only a browser is needed, so you can even launch the attack from your fone, I just tested it with my iPhone … Of course I tested that it was real and worked, but I didn’t send any attack out.

Such a webpage will typically give you the option of adjusting how many requests per second to send to the target website (handy in the case of a phone or perhaps a fondle-slablet device with a limited data package and/or bandwidth) and allow you to attach an insulting message of your own devising.

This would appear to be rather less sophisticated than a proper IRC or Twitter-controlled LOIC install, but has the merit of being simpler. Whether this tremendously simple way of joining in botnets will finally mobilise large numbers of pro- or anti-Wikileaks vigilantes remains to be seen. For now, it appears that the effective DDoS attacks – and other more sophisticated meddling going on – are emanating from relatively small numbers of people.

It would seem that in general most people are aware how relatively unimportant and easily replaceable a part Julian Assange and Wikileaks have played in the release of the classified US files, which continue to mildly interest the outside world.


1) Reader be warned: Participating willingly in a DDoS attack is a crime in many countries. Even if this doesn’t bother you, you download software and visit webpages of this sort at your own significant risk: campaigners on both sides have shown little in the way of scruples, and ordinary criminal scammers are now exploiting the situation too.


ANON OPS: A Press Release

Anonymous: December 10, 2010

Who is Anonymous


In their most recent public statement, WikiLeaks is the only group of people to identify Anonymous correctly.


Anonymous is not a group, but rather an Internet gathering.


Both Anonymous and the media that is covering it are aware of the percieved dissent between individuals in the gathering. This does not, however, mean that the command structure of Anonymous is failing for a simple reason: Anonymous has a very loose and decentralized command structure that operates on ideas rather than directives.


We do not believe that a similar movement exists in the world today and as such we have to learn by trial and error. We are now in the process of better communicating some core values to the individual atoms that comprise Anonymous – we also want to take this opportunity to communicate a message to the media, so that the average Internet Citizen can get to know who we are and what we represent.


Anonymous is not a group of hackers. We are average Internent Citizens ourselves and our motivation is a collective sense of being fed up with all the minor and major injustices we witness every day.


We do not want to steal your personal information or credit card numbers. We also do not seek to attack critical infrastructure of companies such as Mastercard, Visa, PayPal or Amazon. Our current goal is to raise awareness about WikiLeaks and the underhanded methods employed by the above companies to impair WikiLeaks’ ability to function.


What is Operation: Payback


As stated above, the point of Operation: Payback was never to target critical infrastructure of any of the companies or organizations affected. Rather than doing that, we focused on their corporate websites, which is to say, their online “public face”. It is a symbolic action – as blogger and academic Evgeny Morozov put it, a legitimate expression of dissent.


The background to the attacks on PayPal and the calls to attack


Amazon, which was until recently WikiLeaks’ DNS provider, was one of the first companies to drop support for WikiLeaks. On December 9th, reported that were hosting the recently leaked diplomatic cables in e-book form. ( has since ceased selling the bundle of the diplomatic cables.)


After this piece of news circulated, parts of Anonymous on Twitter asked for to be targetted. The attack never occurred.


While it is indeed possible that Anonymous may not have been able to take down in a DDoS attack, this is not the only reason the attack never occurred. After the attack was so advertised in the media, we felt that it would affect people such as consumers in a negative way and make them feel threatened by Anonymous. Simply put, attacking a major online retailer when people are buying presents for their loved ones, would be in bad taste.


The continuing attacks on PayPal are already tested and preferable: while not damaging their ability to process payments, they are successful in slowing their network down just enough for people to notice and thus, we achieve our goal of raising awareness.


Dutch Arrest Teen for Pro-WikiLeaks Attack on Visa and MasterCard Websites

Ryan Singel

Wired: December 9, 2010


Anonymous members have adopted the Guy Fawkes masks made famous in the movie V for Vendetta as their own. [Stian Eikeland]

Dutch police announced Thursday they have arrested a 16-year-old boy for allegedly participating in the online attacks against Visa and MasterCard as part of a vigilante campaign to support WikiLeaks.

The secret-spilling site has raised the ire of the U.S. government and others around the world for its ongoing release of secret diplomatic cables allegedly provided to the site by Army Pfc. Bradley Manning. Though only a small portion of the 250,000 cables WikiLeaks possesses have been released so far, the cables include revelations about how countries in the Middle East urged attacks on Iran, what the U.S. diplomatic corps thinks of world leaders such as Russian President Vladmir Putin, and the details of behind-the-scenes negotiations on repatriating Gitmo prisoners, among other topics.

The U.S. State Department calls the publication “illegal,” and the Justice Department is investigating ways to indict the organization’s outspoken leader, Julian Assange. However, no news organization has ever been successfully prosecuted for publishing classified information, and no charges have yet been filed against Assange for the leaks.

According to a press release issued by the National Office, the boy confessed to participating in attacks on the U.S.-based payments processing firms that angered WikiLeaks supporters by cutting off the ability to donate to the group using their cards. In response, a loosely organized group that goes by the name Anonymous organized a denial of service attack on a Swiss bank that cut off funds to the group’s founder Julian Assange, along with attacks on, and

The attacks were the online equivalents of sit-ins, and while they successfully kept people from visiting the sites at certain times yesterday, they did not affect the payment-processing networks of the company. However, the attacks did impede certain transactions with credit cards that require users to use an additional online password form, known as Verified by Visa and Secure MasterCard.

The investigation from the Dutch High Tech Crime Team was commissioned by the National Prosecutor in the Netherlands. The announcement did not mention what crime the youth was being charged with, nor did it indicate whether the police thought the boy was deeply involved with organizing the group or was just one of thousands who volunteered their computers to attack the websites.

Online speech and corporate attempts to control it have sparked firefights before, but the naked control of commercial service providers over WikiLeaks’ cash flow and internet presence has sparked an unprecedented reaction that may not be easily brought to heel.

Anonymous, which started out with a digital-age teenage-prankster ethic, is not a traditional organization, but more of a banner under which individuals can call on others to join a cause or attack, which usually begins on the notorious /b/ message board, the “anything goes” section of the popular 4Chan message boards.

Anonymous has a history of such attacks, including a recent campaign against the record industry for attacking file sharing sites, mass-infiltrating an online game for kids to protest its stupidity, and an earlier long-running campaign against the Church of Scientology.

The Scientology attacks were investigated by the FBI, and two Anonymous member were prosecuted for clogging Scientology’s websites.

Few who are part of Anonymous are actual “hackers,” and instead join in the attacks by running specialized software provided by more technically adept members. Instruction for which sites to target and when are passed around dedicated online chat channels and websites, creating a sort of online insurgency.

Anonymous’ DDoS tool has an unusual twist, according to denial of service protection expert Barrett Lyon, incorporating features that allow members to connect to the botnet voluntarily, rather than mobilizing hijacked zombie machines. It is called LOIC, which stands for “Low Orbit Ion Cannon,” and evolved from an open source website load-testing utility.

A new feature called Hivemind was added, which connects LOIC to the anonops server for instructions, and allows members to add their machines to an attack at will.

However the software does not mask a user’s IP address, and has generated complaints from its users that it sucks up all their available bandwidth when it’s in attack mode.

Despite the high level of organization, Lyon said the attacks themselves are not particularly sophisticated. “It is mediocre, at best,” he said. “There is a lot they are doing wrong, and yet they are still succeeding.”


Palin the latest target as ‘all-out cyber war’ breaks out over WikiLeaks; Twitter shuts down Operation Payback

Stephen C. Webster

Raw Story: December 8, 2010


UPDATE V: Twitter has blocked the account of Operation Payback, the hacktivist group that has been cyber-attacking groups and individuals working against WikiLeaks, according to sources citing NBC.

Operation Payback raised the stakes in the battle over WikiLeaks’ Julian Assange when it began attacking credit card providers Visa and MasterCard over their freezing of WikiLeaks accounts,, causing parts of the companies’ online operations to go dark.

But the disappearance of the group from Twitter is expected to be short-lived, as setting up a new account is relatively easy.

One such account, Anon Operationn, already appears to be operational.

For its part, WikiLeaks appeared to be in a charitable mood today, perhaps in an attempt to dampen anger in some corners over the leaked State Department cables and cyber-attacks on anti-WikiLeaks groups.


“We are replacing operation #payback with operation #payitforward,” WikiLeaks announced on Twitter. “Hackers, please perform random acts of kindness.”

UPDATE IV: Sarah Palin is the latest target of “Operation Payback,” the group of hacktivists who have been launching cyber-attacks against organizations and people working against WikiLeaks.

Palin drew attention last week when she said WikiLeaks founder Julian Assange should be “pursued with the same urgency we pursue al Qaeda and Taliban leaders.”

ABC News reports:

The website and personal credit card information of former Gov. Sarah Palin were cyber-attacked today by Wikileaks supporters, the 2008 GOP vice presidential candidate tells ABC News in an email.

Hackers in London apparently affiliated with “Operation Payback” – a group of supporters of Julian Assange and Wikileaks – have tried to shut down SarahPac and have disrupted Sarah and Todd Palin’s personal credit card accounts.

According to ABC’s Jake Tapper, the website associated with Operation Payback — — had listed Palin’s website as a potential target.

“This is what happens when you exercise the First Amendment and speak against his sick, un-American espionage efforts,” Palin said in an email.


The company that processes payments to WikiLeaks says it will sue Visa over the credit card company’s decision to shut out WikiLeaks.

“DataCell, who facilitates those payments towards WikiLeaks, has decided to take up immediate legal action to make donations possible again,” the company said in a statement flagged by TalkingPointsMemo.

“Visa is hurting WikiLeaks and DataCell in high figures. … Visa users have explicitly expressed their will to send their donations to Wikileaks and Visa is not fulfilling this wish.”

Third update: ‘Operation Payback’ targets, site goes down in minutes

‘Anonymous’ hackers flexed their muscle again Wednesday, orchestrating a successful denial of service attack against Visa, the largest credit card provider in the world.

A Twitter account connected to the hackers declared the start of the attacks and the site was unavailable less than 16 minutes later.

The attack was allegedly orchestrated as an act of vengeance over Visa’s decision to cut off electronic donations to secrets outlet WikiLeaks.

WikiLeaks said Wednesday that its payments processor, Iceland-based DataCell, planned to sue Visa and MasterCard for terminating payments to the site.

UPDATE: MasterCard confirms service interruption for cardholders

MasterCard Worldwide confirmed on Wednesday morning that the “MasterCard Directory Server” had gone down and that cardholders were experiencing service interruptions. The revelation was made as a massive denial of service attack was staged against MasterCard, ostensibly for refusing further payments to secrets outlet WikiLeaks.

“Please be advised that MasterCard SecureCode Support has detected a service disruption to the MasterCard Directory Server,” MasterCard said. “The Directory Server service has been failed over to a secondary site however customers may still be experiencing intermittent connectivity issues. More information on the estimated time of recovery will be shared in due course.”

MasterCard transactions appeared to be proceeding as normal later in the day.

Sites for Visa, PayPal, Sen. Lieberman also targeted

Yesterday, MasterCard Worldwide became the latest financial institution to face the wrath of online hackers acting to avenge secrets outlet WikiLeaks over the credit card provider’s declaration that the site was engaged in “illegal” activities.

Not 36 hours after MasterCard froze payments to WikiLeaks, their website was down as hackers with the group “Anonymous” launched a new wave of cyberattacks. The company said its customers could still use their credit cards for purchases, but the PayPoint retail network told a BBC reporter that MasterCard’s “SecureCode” service had been taken down, interrupting service all over.

The hackers also claimed responsibility for taking down the website for Swiss bank PostFinance, after it froze an account with over €31,000 set aside for site founder Julian Assange’s legal defense.

Assange was arrested in London yesterday on an Interpol warrant out of Sweden, where he’s wanted for questioning in an investigation of sexual assault.

“Anonymous” has dubbed their cyber warfare campaign “Operation Payback,” threatening to “fire” on any entity that attempts to censor WikiLeaks.

Service to was unavailable at time of this writing. The website for the Swedish prosecutor’s office was also offline, as was a site for the lawyer representing Assange’s accusers.

Secure Computing Magazine called what’s happening “an all-out cyber war,” noting that massive botnets were attacking each other by mid-Wednesday morning as even the ‘Anonymous’ group had come under fire from another group of hackers that sought to defend US interests. That group, which was successful in taking WikiLeaks offline in late November, was also thought to be behind attacks on the ‘Anonymous’ website,, which was still online at time of this writing.

A “botnet” is Internet slang for a massive shadow network of computers that have been unknowingly hijacked by malicious software. They are typically used for nefarious purposes, such as distributed denial of service attacks.

Credit card processor Visa also suspended payments to WikiLeaks on Tuesday morning, but its website was functional at time of this story’s publication. It too was expected to come under denial of service attacks.

“Operation Payback” also promised to attack PayPal, the online payment service that last week cut off WikiLeaks and froze over $60,000 in electronic donations, but their site was still online Wednesday morning. Topics trending on Twitter suggested an attack may also target the micro-blogging site.

Others to suffer downtime this week include PayPal’s blog, EveryDNS — the domain name service provider that pulled WikiLeaks off it’s .org address — and Sen. Joe Lieberman’s (I-CT) .gov website. Lieberman’s staff was responsible for prompting to take WikiLeaks off its US-based cloud servers.

Researchers with Panda Security have been tracking the wave of attacks, blow-for-blow.

In recent days, the online to-do over WikiLeaks has been called the world’s “first serious infowar” and a “war for control of the Internet.”

“What is this all about? And what does it have to do with censorship and Operation Payback?” ‘Anonymous’ asks on their website.

“While we don’t have much of an affiliation with WikiLeaks, we fight for the same reasons. We want transparency and we counter censorship. The attempts to silence WikiLeaks are long strides closer to a world where we can not say what we think and are unable to express our opinions and ideas.

“We can not let this happen. This is why our intention is to find out who is responsible for this failed attempt at censorship. This is why we intend to utilize our resources to raise awareness, attack those against and support those who are helping lead our world to freedom and democracy.”

Raw Story will continue following the latest developments.


WikiLeaks And The Failure Of Cyberattacks As Censorship

Andy Greenberg

Forbes: November 28, 2010


Another month, another massive WikiLeaks document dump–and another cyberattack on a site that has practically painted a red bullseye on its servers.

On Sunday afternoon, as media from the New York Times to the Guardian began to detail the contents of hundreds of thousands of secret communications between the U.S. and its embassies around the world uncovered by a WikiLeaks source, the whistleblower site announced on Twitter that it was facing a “mass distributed denial of service attack” that, at least temporarily, had taken the site offline.

Within the hour, a self-described “hacktivist” who goes by Th3J35t3r (or TheJester) had taken credit for the attack on his or her own Twitter account. “ – TANGO DOWN – INDEFINITLEY,” TheJester wrote, “for attempting to endanger the lives of our troops and ‘other assets’ #wikileaks #fail”

On his or her blog and in an interview last June with the German newspaper Die Welt, TheJester self-describes as an “ex-military operative” whose work “aims to cause disruption to the online efforts of Jihadists on the internet.”

In this case, that disruption was short-lived. TheJester’s tweets soon sounded less self-satisfied. A post he or she later deleted said that the hacker was struggling “to finish what I started” and that the attempt to take WikiLeaks down had become “a duel.” By 6pm, WikiLeaks had its site, including a new page devoted to its “Cablegate” exposé, back online. At last check, you could see it here.

Update: At last check, WikiLeaks’ newly-released diplomatic cables were still visible on the site. But the main page, previously devoted to the Iraq War Logs, reads simply “It works! This is the default web page for this server. The web server software is running but no content has been added, yet.”

Update again: Now the Iraq War Logs are back.

In the end, TheJester accomplished little other than to demonstrate to angry governments and corporations around the world how futile a cyberattack on the site would be. Forget the fact that WikiLeaks servers are distributed in data centers across Europe, including in “bulletproof” hosts’ data centers run by Swedish providers PRQ and Bahnhof. Even if a larger, more sophisticated attack had successfully knocked WikiLeaks offline, its data would still have been published by its media partners–outlets that no doubt attract many more eyeballs than’s unvarnished data dumps.

Digital social scientists like those at the Open Net Initiative have labeled well-timed cyberattacks, like the one attempted by TheJester, as “just-in-time” censorship. In December of 2007, for instance, the campaign site for Russian dissident leader Gary Kasparov, for instance, was taken offline for two weeks before the Russian presidential election. But such tactics work only in a nation where the press and the Internet are already controlled by the state. In the U.S. and other nations with the equivalent of the first amendment, the Internet “interprets censorship as damage and routes around it,” as the free speech mantra goes, finding plenty of other venues for scandalous information.

This latest cyberattack on WikiLeaks is hardly the first. In the days before it released the Iraq War Logs last month, a WikiLeaks source told me that the site had been compromised by “very skilled” attackers who may have gained access to encryption keys that put its encrypted chat channel at risk, though the problem was quickly fixed, according to the WikiLeaks source. That sort of surveillance-focused attack may have successfully scared off some would-be anonymous sources who fear that their identities could be revealed by a breach in WikiLeaks’ security.

TheJester seems to have confused Sunday’s blunter denial of service attack with that more sophisticated cyberespionage. In another tweet, he or she writes that “If I was a wikileaks ’source’ right now I’d be getting a little twitchy, if they cant protect their own site, how can they protect a src?”

On the contrary, WikiLeaks seems to have taken the attack in stride, with no sign that any of its data was ever compromised. And that may have only bolstered the site’s sense of invincibility.


Troubled Wikileaks Moves To Pirate Party Domain


TorrentFreak: December 3, 2010


After being cut off by its nameserver provider EveryDNS, Wikileaks has moved to a domain registered by Pirate Party Switzerland. EveryDNS was forced to stop its services to Wikileaks after continued DDoS attacks, creating yet another setback for the whistleblower site that has dominated the news this week.

The release of thousands of US embassy cables and the many more that are expected to come has propelled the whistleblower site Wikileaks to the front page of every respectable news outlet this week. But for the site itself it hasn’t been a smooth ride thus far.

After it suffered a continued DDoS attack on its servers earlier this week the site relocated to Amazon’s cloud hosting service, but just a day or two later it was pulled following complaints from the US government. Today, the hosting troubles continued and Wikileaks was forced to abandon its .org domain.

Due to prolonged DDoS attacks on the Wikileaks domain, nameserver provider EveryDNS decided to pull the plug on the site this morning. “These attacks have, and future attacks would, threaten the stability of the infrastructure, which enables access to almost 500,000 other websites,” EveryDNS said.

According to a statement from the company, Wikileaks was properly notified about this issue a day in advance.

“Last night, at approximately 10PM EST, December 1, 2010 a 24 hour termination notification email was sent to the email address associated with the account. In addition to this email, notices were sent to Wikileaks via Twitter and the chat function available through the website. Any downtime of the website has resulted from its failure to use another hosted DNS service provider,” a statement on the EveryDNS website explains.

After being cut off, Wikileaks decided to move from the .org to a .ch domain, which was registered by the Pirate Party Switzerland in June this year. An interesting move, but certainly not the most ideal solution.

Wikileaks’ tweet

The Swiss Pirate Party confirmed that they are now indeed the registrants of the new ‘official’ Wikileaks domain, which had been forwarding to the Wikileaks servers for a few months already. What is problematic, however, is that after being cut off by EveryDNS, Wikileaks has moved its operation to a .ch domain that uses the nameservers of the very same company.

This is not the first time a Pirate Party has helped out Wikileaks. Earlier this year the Swedish Pirates announced a hosting deal with the whistleblower site, to protect the freedom of the press.

“We welcome the help provided by the Pirate Party,” Wikileaks spokesman Julian Assange said at the time. “Our organisations share many values and I am looking forward to future ways we can help each other improve the world.”

For now is up and running but it’s unclear how long it will stay up. The domain has not been seized so it is expected that the site will return there once it finds a new nameserver provider.

Pirate Party registered Wikileaks domain taken down: DNS host cites ‘mass attacks’ as site vanishes from Web

Stephen C. Webster

Raw Story: December 3, 2010


Update: The site has relocated to Switzerland, and is now available at Read more about the move at the New York Times here. Service on the domain was spotty by mid-Friday.

Second update: Since being kicked off Amazon’s cloud, WikiLeaks had been hosted in-part by French firm OVH. French Industry Minister Eric Besson said Friday in a letter seen by Reuters that the government was investigating a way to ban French servers from hosting WikiLeaks.

Third update: DNS service to has been cut off, according to published reports. The site is now only accessible via an IP address: Mirrors pointing to the address have popped up at, WikiLeaks.fl,

Fourth update: US Library of Congress blocks staff, visitors from accessing WikiLeaks, citing ‘potential malicious content’.

Final update: Electronic Frontiers Foundation co-founder says ‘The first serious infowar is now engaged. The field of battle is WikiLeaks. You are the troops.’

Amid international pressure and a series of crushing denial of service attacks, the site has finally slipped underneath the waves. Its DNS host,, killed the domain late Thursday night, according to an update posted to WikiLeaks’ Twitter account.

The host cited “mass attacks,” the whistleblower organization said.

The take-down is another in a long line of setbacks for WikiLeaks, which has in past months completely upturned historical precedent in the successful release of more secret US government information than anyone else ever before.

It’s not the first technical snag WikiLeaks has encountered in recent days. The site was down entirely most of Wednesday after its host,, abandoned WikiLeaks as well, forcing them to move back to a mirror in Sweden. Service on the domain has been sporadic since then.

WikiLeaks later criticized the site — which cited a violation of their Terms of Service agreement for the takedown — saying that if Amazon were “so uncomfortable with the first amendment, they should get out of the business of selling books.”

Assange told British newspaper The Guardian that he’d chosen the Amazon cloud server as a host in part to test their commitment to freedom of speech. However, even his Q&A with the paper was interrupted by high server traffic. It wasn’t clear if The Guardian was under a denial of service attack, the Associated Press noted.

Word of the take-down came days after the site said it was feeling the effects of a series of massive denial of service attacks, which is what forced the switch-over to American servers. One sustained attack exceeded 10 Gigabits per second, according to WikiLeaks.

“According to a study by Internet security company Arbor Networks, the average denial of service attack over the past year was 349 megabits per second, 28 times slower than the stream Wikileaks reported,” CBS New York noted.

In the US, officials are investigating both the source of a trove of leaked State Department diplomatic cables, and whether US law would allow for the prosecution of WikiLeaks founder Julian Assange. It’s unlikely, however, as a relevant Supreme Court ruling gave rather explicit protections to the media when dealing with disclosures that are highly embarrassing to the government.

Recent reporting on the State Dept. cables showed that the US covered up its culpability for a bombing in Yemen that killed 21 children, along with the first official confirmation that the Bush torture program was a principle motivating factor in at least 250 Saudi men’s attempt to join extremists in Afghanistan.

Documents also revealed that US diplomats to the United Nations engaged in behavior critics are calling “spying,” collecting foreign dignitaries’ call logs, contact lists, Internet accounts and passwords, and even DNA. While US officials maintain that none of their diplomats are intelligence assets, a Thursday evening report citing newly released cables revealed that diplomats had taken marching orders from the US Central Intelligence Agency itself.

In lieu of the domain take-down, WikiLeaks encouraged support via a site hosted on A whois domain lookup showed the site was hosted out of Basel, Switzerland, registered to one Andreas Fink.


Behind The Scenes at Anonymous’ Operation Payback


TorrentFreak: November 15, 2010


Operation Payback has been without a doubt the longest and most widespread attack on anti-piracy groups, lawyers and lobbyists. Despite the massive media coverage, little is known about the key players who coordinate the operation and DDoS attacks. A relatively small group of people, they are seemingly fuelled by anger, frustration and a strong desire to have their voices heard.

In the last two months, dozens of anti-piracy groups, copyright lawyers and pro-copyright outfits have been targeted by a group of Anonymous Internet ‘vigilantes’ under the flag of Operation Payback.

Initially DDoS assaults were started against the MPAA, RIAA and anti-piracy company AiPlex Software because these outfits had targeted The Pirate Bay. Those DDoS attacks were later replicated against many other targets that have spoken out against piracy or for copyright, resulting in widespread media coverage.

Even law enforcement agencies showed interest in the operation recently. Last week CNET reported that an FBI probe is underway, and TorrentFreak personally knows of at least one court case against a person that was associated with the operation.

Besides covering the results of the DDoS attacks and website hacks, very little is known about the people who are part of the operation. Who are they? What do they want, and what are their future plans? In this article we hope to solve a few pieces of the puzzle.

After numerous talks with people who are actively involved in Operation Payback, we learned that there are huge differences between the personal beliefs of members.

We can safely conclude that this Anonymous group doesn’t have a broad shared set of ideals. Instead, it is bound together by anger, frustration and the desire to be heard. Their actions are a direct response to the anti-piracy efforts of pro-copyright groups.

Aside from shared frustration, the people affiliated with the operation have something else in common. They are nearly all self-described geeks, avid file-sharers and many also have programming skills.

When Operation Payback started most players were not looking to participate in the copyright debate in a constructive way, they simply wanted to pay back the outfits that dared to target something they loved: file-sharing.

Many of the first participants who set the DDoS actions in motion either came from or were recruited on the message board 4Chan. But as the operation developed the 4Chan connection slowly disappeared. What’s left today are around a dozen members who are actively involved in planning the operation’s future, and several dozen more who help to execute the DDoS attacks.

An Anonymous spokesperson, from whose hand most of the manifestos originated, described the structure of the different groups to us.

“The core group is the #command channel on IRC. This core group does nothing more than being some sort of intermediary between the people in that IRC channel and the actual attack. Another group of people on IRC (the main channel called #operationpayback) are just there to fire on targets.”

Occasionally new people are invited to join the command to coordinate a specific attack, but a small group of people remains. The command group is also the place where new targets are picked, where future plans are discussed, and where manifestos are drafted. This self-appointed group makes most of the decisions, but often acts upon suggestions from bypassers in the main IRC channel.

Now let’s rewind a little and go back to the first attacks that started off the operation in September.

The operation’s command was ‘pleasantly’ surprised by the overwhelming media coverage and attention, but wondered where to go from there. They became the center of attention but really had no plan going forward. Eventually they decided to continue down the road that brought them there in the first place – more DDoS attacks.

What started as a retaliation against groups that wanted to take out The Pirate Bay slowly transformed into an attack against anyone involved in anti-piracy efforts. From trade groups, to lawyers, to dissenting artists. Since not all members were actively following the copyright debate, command often acted on suggestions from the public in the main IRC channel.

What followed was an avalanche of DDoS attacks that were picked up by several media outlets. This motivated the group to continue their strategy. Anonymous’ spokesperson admitted to TorrentFreak that the media attention was indeed part of what fuelled the operation to go forward. But not without some strategic mistakes.

As the operation continued more trivial targets were introduced and the group started to lose sympathy from parts of the public. While targeting the company that admittedly DDoSed The Pirate Bay could be seen as payback by some, trying to take out Government bodies such as the United States Copyright Office and UK’s Intellectual Property Office made less sense. In part, these targets were chosen by anarchistic influences in the operation.

“I fight with anonops because I believe that the current political system failed, and that a system based on anarchy is the only viable system,” one member told TorrentFreak. “I encouraged them to go after political targets just because I like Anarchy.”

The Anonymous spokesperson admitted to TorrentFreak that mistakes were made, and command also realized that something had to change. The targets were running out and the attacks weren’t gaining as much attention as they did in the beginning. It was a great way to gather attention, but not sustainable. In fact, even from within the operation not everyone was convinced that DDoS attacks were the best ‘solution’.

“I personally don’t like the concept of violence and attacking, but violence itself does raise attention,” Anonymous’ spokesperson told TorrentFreak.

“Attacking sites is one side of the story, but this operation would finally have to serve a purpose, otherwise it wouldn’t exist. We all agree that the way things [abuse of copyright] are currently done, is not the right way.”

Last week command decided to slow the DDoS attacks down and choose another strategy, mainly to regain the focus of attention. It was decided that they would make a list of demands for governments worldwide. In a move opposed to the desires of the anarchic influences, command decided to get involved in the political discussion.

Copyright/patent laws have to change, they argued, and from the bat they were willing to negotiate. They called for scrapping censorship, anti-piracy lawsuits and limiting copyright and patent terms, but not getting rid of copyright entirely. Interestingly, there is also no word in the demands about legalizing file-sharing.

To some this new and more gentle position taken by Anonymous came as a complete surprise. We asked the spokesman of the group about this confusing message and he said that there are actually several political parties that already adopt a similar position, like the Pirate parties and the Greens in Europe.

However, according to the spokesman (who wrote the latest manifesto with other members in Piratepad) they consciously chose this set of demands. “Some of us have the vision of actually getting rid of copyright/patents entirely, but we are at least trying to stay slightly realistic.”

“What we are now trying to do, is to straighten out ideals, and trying to make them both heard and accepted. Nobody would listen to us if we said piracy should be legal, but when we ask for copyright lifespan to be reduced to ‘fair’ lengths, that would sound a lot more reasonable,” the spokesman told TorrentFreak.

The demands have been published on the Operation Payback site for nearly a week, but thus far the media coverage hasn’t been as great as when they launched their first DDoS. Some have wondered whether this is the right path to continue in the first place, as it may get in the way of groups and political parties that have fought for similar ‘ideals’ for years already.

The spokesman disagreed and said that Operation Payback has “momentum” now.

So here we are nearly two months after Anonymous started Operation Payback. The initial anger and frustration seems to have been replaced by a more friendly form of activism for the time being. The group wanted to have their voice heard and they succeeded in that. However, being listened to by politicians and entertainment industry bosses might take more than that.


Buy Nothing Day 2010-MSN

December 5, 2010

Buy Nothing Day: Another Approach to Black Friday

    There are some pretty good deals on Black Friday. That’s partly why—and partly because—it’s the biggest shopping day of the year. Americans writ large head to major retail outlets, stand in line for hours, and take home more stuff and more debt. Retailers go from “in the red” to “in the black” for the year, and we all get some shiny new gifts for the holidays. The American way, right?

    But corporations are thriving while real income for Americans lags stagnant. Buy Nothing Day is also the Friday after Thanksgiving and it’s here to offer another option for all of us who shudder at the prospect of shopping mall mayhem.

    “Consumerism is based on the idea in society that we never have enough and that getting more things will make us happier. It is preying on people’s basic feelings of contentment in order to make a profit for the few,” says Cindy Rosin, a spokesperson for the New York City-based Freegans and a supporter of Buy Nothing Day.

    This alternative approach to Black Friday started in 1992 by Canadian artist Ted Dave to bring awareness to the social, economic, environmental and psychological effects of over-consumption. It is currently promoted by Adbusters magazine with worldwide Buy Nothing Day Meetup groups.

    Billy Talen, the Reverend of the performance group The Church of Life After Shopping and former New York City mayoral candidate for the Green Party, is an outspoken critic of the culture of consumption. “You’re distracted in the society of the spectacle because you have so little to do with making it,” Talen tells me by phone. “It’s the corporation’s creation. So you’re left with a processed sensation.”

    This consumer rebellion is as much for the individual non-shopper as it is a statement of protest against a corporate state by his view. “When you leave a product on the shelf, your body and soul start reclaiming itself,” says Talen. “Consumerism is never surprising. It is predicable.” His alternative call to arms? “Be imaginative.”

    Last year we found five groups who particularly excel at not buying things. Consider teaming up with one of them if you’re worried about being lonely in your celebration of Buy Nothing Day.

    Or head to an event:

    The Freegans are hosting a Whirlmart, where individuals will silently push empty shopping carts through the aisles of a large store. PETA has organized a nationwide Fur-Free Friday, and Reverend Billy and the Church of Life After Shopping are hosting the 8th  Buy Nothing Day Parade in New York City at 3p.m.

    Image: (cc) by Flickr user SqueakyMarmot.


    Operation Payback

    ACS Law torrent:

    Homepage of Operation Payback:


    To whom it concerns,


    Over the past years we have seen an technological revolution. One where you are free, in the most extreme anarchistic sense, to share ideas. Some of these ideas are shared behind proxies, darknets, or similar “closed doors”, but the ideas are out there. This kind of revolution is of the mind, and its effects on respective societies is all but surprising. While the people embrace this revolution, this new “anarchy” of freedom to share, leaders have crushed and seek to crush it before it even begins in earnest.


    These “anarchists”, who are only anarchists in the minds of leaders seeking to destroy this freedom, have succeeded en-mass in distributing content to the poor, the underpriveleged, the restricted. The most popular pirates are the chinese, whose content filters restrict a vast amount of content from them. The second most popular, the poor, who cannot afford things like college books or entertainment. Indeed, while mostly ignored, a vast amount of educational literature is available to the everyday pirate. Enough that saw me through college, even, when I otherwise could not have afforded it.


    It is no different, though, than when these powers that be tried to silence the record player, the cassette, the CD. The same claims were made then, and they were ignored, so why now are they listened to? This flawed application of extremist capitalism upon what is considered sacred by any culture – knowledge – is treason upon every human. All should have the right to listen to that beat, experience that twist in a plot, or learn from the mass volumes of literature now made available.


    You already know this, however. You know it when you freely give your unused software, illegally I might add (remember: You don’t own the software you buy [1]), to a friend or acquaintence. You know it when you give that old college book to a persin in need. You know it when little girls are basically raped in the name of “justice” [2]. You know it when thousands of bullshit legal letters are sent to SCARE money out of people [3]. You know it when such organizations lie through their teeth, produce false documents, and spread misinformation about its opponents [4]. You know that this is not right when your leaders inexplicably support massive capitalist enterprises over the majority opinion of their own people [5]. You know they are wrong when they use illegal means to get what they want, while simultaneously bashing us for doing the same [6].


    If you were to assume the propaganda of various community-reputable organisations such as…


    The Motion Picture Association of America [MPAA]

    The Recording Industry Association of America [RIAA]

    The British Phonographic Industry [BPI]

    The Australian Federation Against Copyright Theft [AFACT]

    Stichting Bescherming Rechten Entertainment Industrie Nederland [BREIN]


    …you would have heard many a story that if you say, ‘pirate’ a film or an album, you are depriving a simple artist, actor or crewmember from their rightful wage. They won’t be able to break even for their next lot of groceries – and YOU robbed them of THEIR money. Money that they only see a small percentage of, they carefully omit. Do they ever tell you how small of a percentage most script writers, novelists, etc, actually make? No, and there is a reason why. Do they tell you how much THEY, the anti-piracy organizations, make? No, and there is a reason why.


    In the end, our DDoS efforts have been compared to waiting for a train [7]. What do we have to do to be heard? To be taken seriously? Do we have to take to the streets, throwing molitovs, raiding offices of those we oppose? Realize, you are forcing our hand by ignoring us. You forced us to DDoS when you ignored the people, ATTACKED the people, LIED TO THE PEOPLE! You are forcing us to take more drastic action as you ignore us, THE PEOPLE, now.


    We will not stop.


    We will not forget.


    We will prevail.


    We are anonymous.






    [4] We DID NOT attack the pirate party, we ARE NOT affiliated with anti-scientology activism, and The Pirate Bay has not organized this.





    %d bloggers like this: