'Hactivists' plan DDoS Web attack

From rdom@thing.net
Date Tue, 14 Mar 2000 08:08:27 -0500


[: hacktivism :]


the electrohippies collective's news network -
http://www.gn.apc.org/pmhp/ehippies/index.htm

'Hactivists' plan DDoS Web attack

Electrohippies' software could be as effective as distributed denial of
service tools used in last month's Web attacks

By Bob Sullivan, MSNBC

March 9 - Borrowing a page from the headline-grabbing Web attacks last
month, a group of Internet activists is set to release its own software
tool designed to cripple Web sites. The distributed denial of service
attack tool to be released by the "Electrohippies" group will allow
thousands of protesters to aim their computers at a single Web site,
effectively jamming a company's Internet presence. But the attacks will
be
fundamentally different from last month's crippling of Yahoo, eBay and
other major sites. The victims will be warned before the attacks,
according to the tool's authors.



 IT'S A VIRTUAL SIT-IN, online protesters gathering via modems, working
together to disrupt a company with policies they want to protest. That
concept isn't new - but a new distributed denial of service tool gives
the
Ehippies a much more formidable attack plan.

"This should not be characterized as a kid attack. It could easily be as

disruptive as the previous tools," said Sammy Migues, chief scientist at

Infrastructure Defense Inc.

The massive denial of service attacks that brought down some the biggest

Web sites last month shined a spotlight on those previous tools -
Trinoo,
Tribal Flood and Stacheldraht, which can turn any computer connected to
the Internet into a "zombie." Then, armies of zombies can be remotely
controlled from a single location and instructed to flood a particular
computer with so many requests that the site is rendered useless.

The vandals who attacked last month never identified their motive and
seemed to pick their victims arbitrarily. The Electrohippies attack will

be very different, said spokesman Paul Mobbs. The group has yet to
decide
on its exact victim, but the protest will be focused on genetic
modification of food crops. The victim will be warned, Mobbs said.

"If they don't want the hassle they can turn their server off or they
can
gamble that we won't get the support necessary, which would be an
entirely
realistic gamble on their part," Mobbs said.

The fact that the so-called DDoS attack might not work also makes the
Electrohippies tool fundamentally different from other hacker denial of
service programs.

The Electrohippies tool is actually a simple Web page that can be
e-mailed
to potential protestors. No "zombie" computers are used or compromised.
All attacks will come directly from the protester's computer.

"We are into open and accountable action," Mobbs said. The tool itself
simply repeatedly requests 12 to 15 elements on a Web page, not unlike a

user manually hitting refresh over and over to download a page. In fact,

last November, the Electrohippies staged a protest of the World Trade
Organization using that technique. A single Web page was designed to
open
up multiple browsers on any user's computer, with all the browsers
requesting WTO.org. That effort slowed the trade oorganization's Web
site
but also slowed the Electrohippies site, which hosted the "attack" page.

This new tool refines that method considerably. Since it can be
e-mailed,
there will be no choke point at the Electrohippies Web site. Attacks
will
come directly from protester computers. The tool will not request entire

Web pages, but rather specific images or functions that particularly
drain
the victim computer. And the requests will be made from each attacking
computer in random order, which foils some of a Web server's caching
abilities.

Still, the software is designed to be limited in its application, Mobbs
said, and the attack will be completely ineffective unless "tens of
thousands of people take part."

"If people don't vote with their modems, it won't work," he said. Not
quite true, Migues said. He thinks just a few hundred people would be
able
to use the tool, which will be distributed widely, to slow down service
at
a small Web site.

"Against a medium-sized site, it would be noticeable .... One thousand
people could send 60,000 requests per second; that's pretty big," Migues

said. And getting several thousand Net users to click on a Web page sent

in e-mail wouldn't be all that hard, he said.

"I could get enough people to climb on board to make an attack
worthwhile
in 20 minutes," he said. "I can go to popular IRC chat rooms and let
people download the tool." The "DoS Action Stand-Alone Control Program
version 2.0" will probably not be effective against the Internet's
larger
sites, Migues said, since they have multiple Web servers which are used
to
balance massive traffic loads.

That's one reason the Ehippies are taking their time, carefully
researching their victim, according to Mobbs. "We're still researching
which pages and which sites," he said. The group also intends to make
sure
its victim doesn't share a Web server with an innocent bystander.
"Hopefully, we shouldn't disrupt anybody unintentionally."

The attack will come sometime in mid-April, according to Mobbs;
according
to a discussion paper on the coming attacks, the intended victim must
have
at least two days' warning.




[: hacktivism :]
[: for unsubscribe instructions or list info consult the list FAQ :]
[: http://hacktivism.tao.ca/ :]