Last month, Netcraft saw WikiLeaks.org being ousted from the United States. A loose-knit group named Anonymous then began launching distributed denial of service (DDoS) attacks against organisations that had been unhelpful towards WikiLeaks.
These attacks successfully took down prominent websites such as MasterCard.com, Visa.com and PayPal.com. Some people clearly didn't like this, and the Internet Relay Chat (IRC) network used by Anonymous was then subjected to retaliatory attacks, as were several website domains used by the "Anonymous Operations" organisers.
Despite being attacked at least twice this week, AnonNews.org is one of the survivors and has since evolved to become one of the most important resources for those involved in the ongoing Anonymous campaigns. The latest round of DDoS attacks have been directed towards Tunisian government websites.
On 7th January 2011, I interviewed the Dutch owner of AnonNews.org, Sven Slootweg. Sven is a freelance web developer with an active interest in freedom of speech (and would like to make it clear that his views do not represent the whole of Anonymous). It's a long, yet informative interview; enjoy:-
How long have you been involved with Anonymous?
I've been following Anonymous since Project Chanology (the protests against the Church of Scientology), but became involved myself since Operation Payback changed its targets to sites involving Wikileaks... on the other hand, seeing as I've always felt the same way about things like freedom of speech as a large part of Anonymous, you could say I've been involved with it for a much longer time, just not under the banner of Anonymous.
What is your role in the ongoing DDoS attacks being carried out by Anonymous?
In the DDoS attacks themselves... I'm not involved at all. However, seeing as the callouts/manifestos/press releases for these attacks are also posted on AnonNews, I do contribute to making people aware of what is happening. I'm also a channel operator in the Operation Tunisia IRC channel, but basically only there to keep the room clean (kick out people screaming false targets and trying to spread confuision), I'm not involved with the coordination of attacks themselves.
Do you believe the DDoS attacks against MasterCard, Visa, PayPal and so on have achieved anything?
Absolutely... not only have they sent a sort of "warning message" to these companies and other companies who would try to shut Wikileaks, they have also caused a lot of attention from media outlets over the world. Everyone knows Anonymous exists, and that there are people fighting for freedom. It has contributed a lot to the awareness of the general public. I do think, however, that more DDoS attacks on "old" targets like Mastercard would not have any positive effect, and even harm the current image of Anonymous. The media attention and awareness is there, and there's not a lot to gain in that field for Anonymous in general.
Do you think any companies have been reluctant to terminate relationships with WikiLeaks after witnessing the effect of these attacks?
I think it will certainly have helped. Although companies may still terminate relationships with WikiLeaks if they are seriously pressured / blackmailed by the US government, I very much doubt any company would do it voluntarily now, because they know there is a risk of being targeted. Especially companies whose business relies greatly on the internet, will most likely be more reluctant.
Which sites are currently being attacked by Anonymous, and why?
As far as I am aware, the nameservers that are used by many Tunisian government websites are being attacked right now, leading to these websites being unavailable, because of the increasing censorship and restriction of freedoms in Tunisia. More sites may be under attack, but if that's the case, I'm not aware of them... the best way to find out would be to join the IRC and ask around in the channels :) There is another operation running regarding Tunisia: the setting up of TOR bridging servers. Seeing as the known TOR servers are blocked by the Tunisian government, people are now working on providing "hidden" TOR bridging servers. Although this is not related to DDoS, it can be considered an attack on the censorship in the country.
How are the attacks being carried out?
The DDoS attacks basically consist of many people running LOIC, PyLOIC, HOIC, or any other effective DoS tool simultaneously. In some cases a "hive" is used; an IRC C&C server that people can connect to with their DoS tools (at least, those that are hivemind-enabled). The DoS tool will monitor the channel for commands, and attack when instructed to do so. This basically creates a very accurate voluntary botnet, that also operates in a similar way. If no hive is available people are instructed to manually enter targets into their tools.
Who decides which website to target?
Basically targets are decided by everybody. The unwritten rule, however, is to not attack media outlets as it would limit their freedom of speech, even if it is state-owned or state-controlled. When a list of potential targets has been made, these targets are put into a poll on the web, after which everyone can vote for the target he thinks is most important. The channel operators may decide to not include targets, for example, when they are not related to the cause, or if there would be too much collateral damage. Generally the target that gets the most votes is attacked first, and if it has been attacked successfully either a new poll is started, or the target in second place is attacked. This is the general method, other operations may use other methods if they feel it is more appropriate... seeing as there is no central governance in the whole of anonymous, any operation or project may have its own "authoritarian structure" (or the absence thereof) and its own way of deciding what to do.
There seemed to be more than 2,000 computers involved in the attacks against MasterCard and Visa. How many computers are involved in the current attacks against Tunisian sites?
I can't be sure as I don't think everyone who is attacking is present in the IRC channel... but the IRC channel holds about 200 people at this moment. It's pretty much impossible to make a real estimate of the "firepower".
Do you perceive the Tunisian websites as being "easier" targets, which could be successfully attacked with fewer computers?
Seeing as I'm not directly involved with the attacks, I can't really say anything for sure, but I can imagine that government websites generally have less capacity than for example Mastercard and PayPal, who rely on their online presence for a serious chunk of their business. This doesn't only go for Tunisian government sites, but for "western" government sites as well.
A few of the Tunisian websites are back online again now. Do you think Anonymous will continue to carry out attacks against other websites? If so, what other sites may come under attack?
I think websites may continue to be attacked for a while, but I also think the strongest point of the attack has been reached. People are focusing on other projects regarding Tunisia now, such as scripts to remove the phishing scripts inserted into various social networking sites by the Tunisian government, and setting up TOR bridges under the name "Project Tornesia". Some people have also started spreading awareness (and had success) by e-mailing news stories regarding Tunisia to media outlets. Quite a few media outlets actually started to publish news regarding Tunisia after being pushed by Anonymous. Regarding other sites: I have no idea what is going to happen in the future, but I do not expect many more DDoS attacks as the impact is limited. Most likely Anonymous will keep fighting against the Tunisian censorship in different ways, for example through the aforementioned projects and by calling out to Tunisians to also protest in real life.
A few arrests have been made against people taking part in the DDoS attacks. Do you think this has reduced the size of the botnet by deterring volunteers from taking part, or are they merely losing interest in the campaign?
I think it has certainly made a difference, but I don't think it's the main reason for the decrease of volunteers. The IRC has experienced a lot of problems a few weeks ago (being attacked itself), and this may have lead to many people not joining the network anymore. Combining this with the fact it has been relatively quiet (less high-profile attacks) for a while, this is most likely the main reason for the decrease of volunteers. The fact that there isn't as much hype around the attacks on for example Tunisia, as opposed to the attacks on Mastercard etc., most likely contributed in the fact less people came back.
Who runs the IRC network?
It's run by several people... I don't know most of them, there is one person who I knew (through the internet) from a few years back. As far as I know, the network staff (thus server owners) change now and then as well.
The website you run - AnonNews.org - appears to have become one of the main sources of information for members of Anonymous. Are you concerned that your website may also come under attack?
It has been DDoSed twice by now... in fact I'm quite surprised at the absence of attacks, especially personal ones. I haven't yet received any prank calls or similar things. The DDoS attacks are not a big problem anymore, as I have recently moved to a host that has good DDoS protection and also does manual blocking. Since the server is now also running several automated blocking scripts it should be able to cope with pretty much any DDoS attack. I haven't yet had any problems with exploits, except for someone figuring out a way to cast multiple votes (this has been corrected and fixed). I expected more attacks than this, so from the start I wrote the site to be as secure as possible, and I don't expect anything to go horribly wrong. Of course there have been several vulnerability scans on the site, but I'm not worried.
I noticed your involvement with Anonymous is far from anonymous – for instance, your name is recorded in the WHOIS details for the anonnews.org domain. Have you taken any precautions to avoid personal attacks?
Not really... I stand for my opinion, and if that leads to personal attacks, so be it. It's fairly impossible to trace me back to where I live, so I am not expecting any physical attacks, and I don't really mind things like prank calls; in fact, it's rather interesting to see what people come up with. Since I don't do anything illegal, it's not necessary for me to stay anonymous, and I'd rather do things on my own name if that means it's easier to achieve a goal.
Do you know who was responsible for the DDoS attacks against AnonNews.org, or how the attacks were carried out?
In both cases I don't know who was behind it, only in the second case it had been announced in a comment on both AnonNews and a Flickr page by a user that I could not find more information about. Both attacks consisted of synfloods, and in the second case it appears there was also a minor http flood added to it. The first attack was most likely running from several servers, while I suspect the second attack to have been carried out from a larger botnet of consumer machines.
The WikiLeaks.org website was ousted from the United States shortly after Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman encouraged companies to avoid assisting WikiLeaks in its efforts to disseminate the stolen cables. As an active supporter of WikiLeaks, are you concerned that AnonNews.org may suffer a similar fate by virtue of being hosted in the US?
I don't expect any trouble with that, seeing as not only is my host supportive, but AnonNews also doesn't do anything that could be considered illegal. It's simply an open "activist" platform, much like Indymedia and similar sites. Would there eventually be trouble with this, I will look into moving the site to a different country, but I don't really expect anything to happen in this field. Many controversial sites have always been hosted in the US, and I believe the entire affair with Wikileaks was an exception.
I notice that AnonNews.org accepts donations via PayPal. What are these donations used for?
Right now I'm using them wherever AnonNews costs money (which is not a lot) but a part of it also flows to YuNicc, another nonprofit project that runs entirely on donations.... and a part of it goes to "myself" to live from, seeing as AnonNews costs quite a lot of time. Not a lot comes in, but it covers the costs, and it enables me to spend time on AnonNews without going completely broke.
What do you think of the media's perception of Anonymous? Is it accurate?
I think it's certainly going in the right direction, but many media outlets are still failing to grasp the concept of Anonymous. They are still looking for the "leaders" of Anonymous, and still treat it as a group with one collective opinion, goal, and agenda. They fail to see that Anonymous is not really a group, but rather an anarchistic movement, according to the original definition of anarchism. If someone has an idea, he will try to set it up. If enough people agree, the idea will gain popularity and "followers", and it will thus make impact. If an idea is not liked by many, it will be ignored and eventually fade away. It's pretty much self-regulatory, and no operation has the same group of people supporting it. Being part of Anonymous does not mean you have to have a certain opinion. Anyone wanting to sail under the flag of Anonymous, will be Anonymous. It's a "fluid organism", so to say, and it has no official representatives. And well, most media don't get that. The other problem with most of the media is that they only focus on the more violent attacks like DDoS attacks, and completely ignore initiatives like Operation Paperstorm and Operation Tornesia. This way they, consciously or unconsciously, portray Anonymous as a group of hackers (or rather, using the correct term, crackers), and not "activists", even though the latter is more correct. Many people within Anonymous do not have technical knowledge. Another problem is that media often portrays Anonymous as being "people from 4chan". While the roots are indeed on 4chan, this relationship is not really there anymore. Many people on the AnonOps IRC server, for example, barely visit 4chan. I have even spoken to some who don't even know what 4chan is.
Around the same time as the DDoS attacks against MasterCard in December, Anonymous launched a separate campaign named Operation Leakspin. This was supposed to raise awareness of the least-exposed leaks by posting comments to social networking sites and forums. Did this have much impact?
I don't think Operation Leakspin (which is now renamed to Crowdleak) has had very much impact on the general public so far, mainly because all the media attention was aimed towards the DDoS attacks. However, pretty much every Anon is aware of the existence of the project, so it certainly has potential to grow more. I think it will just need time to grow, and that it also requires more attention from media outlets.
So is the successfulness of a campaign based on how much media attention it gets?
Seeing as the main strong point of Anonymous is that many people, a crowd, are working together, I think that for now media attention plays a very important role in the successfulness of a project or operation. This may (and probably will) change over time though, as the Anonymous "movement" gets more "followers" who actively keep track of what's going on and what Anonymous is doing. Right now it's important to make people aware that Anonymous exists, and that it's active. As soon as people start checking on Anonymous themselves, it will not require as much media attention as is currently the case.
With regard to its support of WikiLeaks, what are the long term goals of Anonymous?
I can't say anything about that for sure, it really depends on what the individual people involved in Anonymous are going to do. I know there are also a lot of people involved with setting up new Wikileaks mirrors and keeping them alive, but I'm not involved with that specific project.
What are the most interesting or unexpected events you have witnessed since Operation Payback began?
For the operations... pretty much everything. It's really interesting and sort of surreal to see what Anonymous as a collective can achieve and has achieved. A massive collection of unidentified regular people reached media outlets all over the globe, and people are really being helped. Personally the two most unexpected events were first of all the responses of the people in Tunisia... when reading the comments on AnonNews you could see they were really happy that someone outside their country stood up for them, and it really boosted their morale and hope. The second thing I didn't expect was the massive publicity of AnonNews. It has apparently appeared on the national French television (TF1), and both BBC and Al Jazeera reported on my downtime, which is somewhat odd and surreal if you're the person behind the site. I have had days where I got 12,500 unique visitors in a day... that is a lot for a site that has existed for only 3 weeks.