Re: Giant Mall Under Siege

From Jeremy G Byrne <jeremy@iz.org>
Date Thu, 10 Feb 2000 13:50:02 +0800


[: hacktivism :]

At 13:59 09/02/00 -0500, Chuck0 wrote:
>Giant Mall Under Siege
>Hackers briefly shut down Yahoo, eBay,
>[...]
>I think this headline writer is more perceptive than they realize. 

You wish. Maybe if these sad little packet monkeys had a clue about the
real potential of DDOS--an attack to which the single node vs network
architecture of the web is ultimately vulnerable.

Imagine if, instead of downloading tfn2k and following the README, they'd
custom-written their tools to target specific features of major ecommerce
sites (hit the high CPU-and-disk use active pages, for example), written
them in some standard CGI script like Perl or PHP and installed them,
rather than on RPC-compromised Sun boxes, on tens of thousands of user
accounts on publicly available web hosting sites (applied for using a few
simple scripts). They could be unleashed in remotely (and entirely
anonymously) coordinated waves of a few hundred at a time to defeat tracing
& blocking (perhaps even in association with email flooding of relevant
addresses), holding a target site down for days, maybe weeks--holding it
down until the company collapses financially.

(I recall the positioning of DDOS as "virtual sit-in technology" on this
list. Anyone able to paraphrase the legal difference? I've read that the
offenders face 10 years and $250K fines under US Law. Would this kind of
penalty apply to a group who blocked the doors at the local Borders? It
seems a little excessive...)

>Why not have a permanent DOS war against the Giant Mall? It would
>be the virtual equivalent of Mojo Nixon's song "Burn Down the Malls."

Well, I doubt you could keep them all down forever without a veritable army
of volunteers (although it's an amusing thought; I can see the campaign
slogan: "HELP DEcomMISSION THE WEB!" :), but you could certainly force them
to play by the rules. I don't expect we'd see crap like etoys vs etoy
happening again!

CYa,
JEREMY


[: hacktivism :]
[: for unsubscribe instructions or list info consult the list FAQ :]
[: http://hacktivism.tao.ca/ :]