Thursday, December 9, 2010

Hacktivists abandon Amazon attack

<!-- Embedding the video player --> <!-- This is the embedded player component -->
<!-- embedding script -->
<!-- companion banner --> <!-- END - companion banner --><!-- caption -->

'Coldblood', a member of the group Anonymous, tells Jane Wakefield why he views its attacks on Visa and Mastercard as defence of Wikileaks.

<!-- END - caption -->
<!-- end of the embedded player component --> <!-- Player embedded -->

Pro-Wikileak activists have abandoned plans to bring down the website of online retailer Amazon, and switched back to targeting PayPal.

The group Anonymous had pledged to attack the site at 1600 GMT, but have since changed their plans, saying they did not have the "forces".

The site was targeted because it withdrew services from whistle-blowing website Wikileaks.

In the Netherlands a teenager has been arrested in connection to the attacks.

The 16-year-old was arrested by a high-tech crime unit in The Hague after allegedly admitting to involvement in the targeting of the websites of two credit card companies, MasterCard and Visa.

A tool enabling computers to join the co-ordinated attacks against websites perceived to be "anti-Wikileaks" is now reported to have been downloaded more than 31,000 times.

However, security experts warned people to avoid joining the voluntary botnet.

A Twitter message issued by the group said Amazon was too big to attack successfully for now.

"We cannot attack Amazon, currently. The previous schedule was to do so, but we don't have enough forces," read one message on Twitter.

The activists instead instructed followers to attack PayPal, which has suspended the WikiLeaks account, which the organisation had used to collect donations.

A PayPal spokesman told Reuters news agency the company had detected an attack on the site.

'Operation Payback'

Activists are targetting using the Anonymous attack tool, known as LOIC. When a person installs the tool on their PC it enrols the machine into a voluntary botnet which then bombards target sites with data.

These distributed denial-of-service (DDoS) attacks are illegal in many countries, including the UK.

Social network Facebook confirmed that it had removed Operation Payback - as the campaign is known - from the site because it was promoting its attack tool.

Anonymous member Coldblood told the BBC that he did not understand how firms such as Visa and Mastercard have decided that Wikileaks is illegal.

"We feel that they have bowed to government pressure. They say Wikileaks broke their terms and conditions but they accept payments from groups such as the Ku Klux Klan," he told the BBC.

He said that he has not personally taken part in the recent distributed denial-of-service (DDoS) attacks but explained the motives of those who have.

"Start Quote

These Anonymous attacks are like riding a bull, they can change wildly and at a moment's notice"

End Quote Paul Sop Prolexic

"Everyone is aware that they are illegal but they feel that it is a worthy cause and the possible outcome outweighs the risk," he said.

He said such attacks were only one tactic in its fight to keep the information being distributed by Wikileaks available.

In a twist to the story it has emerged that Amazon, which last week refused to host Wikileaks, is selling a Kindle version of the documents Wikileaks has leaked.

Earlier attacks against Visa and Mastercard knocked the official websites of the two offline for a while and resulted in problems for some credit card holders.

The attacks have been relatively small so far mustering less then 10 gigabits per second of traffic, said Paul Sop, chief technology officer at Prolexic which helps firms to defend themselves against the type of attack being employed by Anonymous.

"What's really wreaking havoc with these enterprises is how often the attackers can rotate the attack vectors," he said. "We see the attack complexity being more devastating as the mitigation technologies enterprises use can't filter out all these permutations."

Defending against an attack typically involves analysis to work out which ones are being employed. A tactic that may not work well in this case, he said.

"These Anonymous attacks are like riding a bull, they can change wildly and at a moment's notice," said Mr Sop.

Carole Thierault, a security researcher at Sophos, warned against getting involved with the Anonymous campaign.

"No-one, no matter how much you want to take part, should do this," she said. "It is very risky, and most probably illegal."

Ms Thierault said downloading and installing the LOIC attack tool was very risky.

"No-one should download unknown code on to their system," she said. "You're giving access to your computer to a complete stranger."

Coinciding ideals

As well as releasing the attack tool, the Anonymous group has also been active in helping to create mirror sites. To date there are over one thousand sites offering exact copies of the content on Wikileaks.

It is also ensuring the information is available on dark nets, heavily encrypted layers of the internet via which information can be extracted while remaining untraceable.

The new-found attention on Anonymous has led the group to publish its manifesto.

In it, it denies that it is a group of hackers.

"Anonymous is not an organisation... it most certainly is not a group of hackers," it said.

"Anonymous is an online living consciousness, comprised of different individuals with, at times, coinciding ideals and goals."

It also keen to distance itself from Coldblood, who it said is not a spokesperson for the group.



Powered by WizardRSS | Best Membership Site Software

Phones used to redraw UK regions

Social networks could provide the key to redrawing the regional map of Britain, producing areas with strong social cohesion.

That's the idea of an international team, who have created a social map of Great Britain.

They used more than 12 billion landline calls to create a map of Britons' connections.

This social apporach to delineating regions sees parts of Wales merged with the West Midlands.

Regional boundaries are useful for governments, said Carlo Ratti, of the Massachusetts Institute of Technology, who led the work. "But they don't say anything about how people in those regions interact."

His team used records of more than 12 bilion anonymised landline telephone calls, to model who Britons frequently spoke to.

These records allowed the team identify the the local telephone exchanges used in the calls.

Where people spoke frequently and for extended periods, they were treated as having a stronger connection, Mr Ratti told BBC News.

A map created using those connections showed that people tended to communicate most with people that we geographically close to them, he added.

That enabled the team to identify dense clusters of connection as distinct regional groups.

They used a computer program to identify where they could draw regional borders which cut through the fewest number of connections possible.

Joined-up government

The resultant map of the Britain showed some instantly-recognisable regions, such as London (see image below).

But they also produced surprise results, including the creation of a region that encompassed parts of Wales and the West Midlands.

Ultimately, analysing social networks could help governments understand the likely impact of events such as a full secession of Scotland, the researchers said.

"Although you'd need to analyse further data sets, such as emails, instant messages to build a fuller picture of how people communicate," said Mr Ratti.

The data set used by the team was originally created for the BBC's Britain from Above series.



Powered by WizardRSS | Best Membership Site Software

Privacy project dices up details

A project that could radically reduce the amount of personal information we share in our dealings has been revealed by IBM researchers.

The ABC4Trust project is developing an "electronic wallet", with encrypted versions of all a person's details.

A query by a device like a "chip and PIN" reader will involve only the information that is strictly necessary.

The idea could also be applied to online transactions, and aims to give people more control over personal data.

IBM researchers, speaking at a press event at the firm's research laboratory in Zurich, say this exchange of encrypted data in a piecemeal fashion is far preferable to the case in which, for example, a consumer hands over a passport or driver's license for identification.

IBM is involved in developing some of the protocols and technology to accomplish the goals of the 13.6m euro (�11.4m) European-funded Attribute-Based Credentials for Trust project.

"There's two basic principles that we try to apply in order to protect online privacy," Jan Camenisch, an IBM researcher who is part of the ABC4Trust project, told BBC News.

"One of them is that with every piece of information that you're releasing you should specify what this information is used for - what's the purpose and why it's needed.

"The second is that whenever you release something, you should only release the information that is minimally necessary for this purpose."

For instance, renting a car might require no more information than confirming that a customer has had a valid licence for a given number of years.

Joining a chatroom for teenagers, by contrast, needs only a confirmation that a potential user is within a certain age group.

Token effort

In Dr Camenisch's vision, the future "electronic wallet" can be deployed to confirm these facts through encrypted transactions that give up no further information.

The project, which began in November and will run for four years, aims to define first of all the technology that is needed to accomplish its goal.

In principle, every single personal detail could be crunched into one long encrypted number that could even be stored in a mobile phone.

Dr Camenisch said a retailer or service provider such as a car rental agency would have a device that could send requests for specific pieces of information to a phone, and he described what the phone would display.

"It would open the 'wallet application', and tell you that the rental agency wants to know from you that you have a licence and you took the test more than four years ago," he explained.

The phone would list what information is being requested and then create an encrypted "token" that contains the answers.

"Your phone would do the rest - it would compute the new tokens from that and send that information off to the car rental agency."

Dr Camenisch said that the principle works the same for online transactions.

He explained that much of the project's work lies ahead in the development of the encryption protocols and the reader devices.

But the project is ensuring that the standards can be reviewed and improved as the technology is developed.

"In the end, these kinds of technologies will be open standards," Dr Camenisch said. "Some of our work is already available as open-source code so everybody can inspect that and see that it does what it promises to do."



Powered by WizardRSS | Best Membership Site Software