Mastercard is feeling the wrath of the internet this afternoon - its website and at least part of its payment systems have apparently been brought down by a denial of service attack. The credit card company is being typically cryptic - its most recent statement said only that it is "is experiencing heavy traffic on its external …
It will take time
Eventually these hackers will go to prison. It's just a matter of time.
I expect them to simply defend by saying "My PC is a zombie working for a botnet", which in fact might actually be true, as some of the attacks use LCDS, which amounts to "voluntary botnet". And most of these guys are probably using botnets anyway; if the authorities haven't been able to get the ones actually doing scams or pushing penis pills, how would they be able to get a bunch of teens doing it for the lulz?
I doubt it
they aren't hackers. they just download a tool like Low orbit ion canon. and point it at the website.
but there are in the order of 1000 people taking part in the attack. i find it hard to believe that that many people are going to pokey.
personally i think it serves mastercard right. freedom has a price. who are they to tell me to whom i can donate my money????????
The reason they "can not" stop scammers is because they do not care. No corporations lose money, only a few human resources lose some or all their money.
Millions coming your way!
You've got some way to tell the difference between a random user and a harasser? Wow, all the big companies must be lining up to talk to you!
>>"I expect them to simply defend by saying "My PC is a zombie working for a botnet", which in fact might actually be true, as some of the attacks use LCDS, which amounts to "voluntary botnet"."
That *might* work.
Unless, of course, their [seized] PC has any kind of trail leading to 4chan, or someone does a bit of pre-snooping on their net connection before calling round at their house, or there are already records of them having joined in previous attacks.
If may well be that the chances of any individual being caught are low, though I'd suspect that if even a handful of people were done for participation in an attack, that might significantly reduce everyone else's keenness to join in next time.
Especially if there may well be records hanging around from previous times.
>>"...if the authorities haven't been able to get the ones actually doing scams or pushing penis pills, how would they be able to get a bunch of teens doing it for the lulz?"
Maybe the authorities would actually care more if big businesses actually did get meaningfully inconvenienced.
And presumably with the various scams, they're generally run via proper botnets on innocent people's PCs (not generally worth tracking down), rather than involving people reckless enough to do things from their own home.
RE: It will take time
"Eventually these hackers will go to prison. It's just a matter of time."
A couple of road bumps in this theory;
1. The 20 PC's in National Police E-Crime Unit have more important things to worry about (e.g. multi-million crimes that are funding terrorism, org crime, etc.)
2. The number of CMA90 charges raised by the police in the last 20 years are next to naff all, i.e. they can't catch computer criminals
3. The number of convictions managed by CPS on computer cases is laughable, as they regularly mess up evidence collection and presentation
4. Even if somehow they get there men this time!, you still have to convince a jury to convict, and as the BAE Hawk criminal damage trial shows, Jury's can have a mind of their own regardless of any iron clad evidence.
So whilst we wish you where right in your assumption that UK Plod can catch them, I will be highly surprised if they do.
Or mommy and daddy will kick them out of the basement.
1) The ones doing scams and pushing penis pills are at least half-bright; and
2) The teens doing it for the lulz really aren't.
I don't know about this LCDS thing I haven't been able to dig up a copy of yet, but LOIC doesn't even have a clue about the existence of such things as proxies, which means anyone who wants to find its users need do no more than turn 'netstat' output into a list of subpoenas, and the US ISP which will do anything with a subpoena other than immediately comply has yet to come into existence.
And if you downloaded a copy of LOIC, figured out how to use it, and did so, then you're going to have a hell of a time making the "OMG zombie" argument -- DAs might be ignorant, okay, but they can hire professionals to be not-ignorant for them.
Except that the logs will show they downloaded the software which turned their machines into a slave. It may simply be that their connections will not work one day and that they will be black listed. Understandable. If they assist a man and organisation who are publishing stolen secrets they can expect this.
>>"So whilst we wish you where right in your assumption that UK Plod can catch them, I will be highly surprised if they do."
There are more plods in the world than just the UK ones.
I'm sure there are people in the USA happy to make an example out of a few misguided youths, or to grab an adult they can portray as a dangerous anarchist leading their poor kids astray.
"So whilst we wish you where right in your assumption that UK Plod can catch them, I will be highly surprised if they do."
Possibly, but if they go after people for dicking around with Call of Duty....
The KKK had more than 1000 people taking part in attacks
when they were at their peak. Government started targeting them and taking them down. Same thing should happen this time. And on the same grounds: conspiracy to commit a misdemeanor is a felony.
sorry but to be honest just attacking the website is worthless. if one thought it through the company should had been attacked where it gets its money from. namely point of sale or application proccess which are worth few mill a day and then some. after that constant attacks on record keeping both physical as well as electronic. but hey its too much to do and away from the keyboard which will require *gasp* doing some physical excercise. but hey it is common sense and goals are too hard so we can all just have a good laugh over useless gestures.
Its is attacking the payment systems
This is going to cost Mastercard hard cash.
It may well cost Visa and Master card a lot more. They have exploited their duopoly for US political interests, demonstrating that they are under the control of the US government. Wikileaks, for all its dubious nature, is not illegal and its processing company has already complained about this. Never mind a independent GPS system, Europe needs a credit card payment system outside the control of the US government (China, I notice , already does - UnionPay).
It is not, either
Merchant processors and merchants worldwide are reporting inability to access MasterCard's web gateways for accounts management, dispute/arbitration submission, et cetera -- a lot of administrative processes which will be held up a day or two, until the /b/tards get bored and wander away to dribble all over something else for a while.
This is not at all the same thing as MasterCards not working when they're swiped through POS terminals. If that were what was going on, the whole damn world would be screaming its head off, and half the /b/tards would already have been v& because they're mostly too stupid to know what proxies are for.
Have no fear...
...whatever the costs incurred by Visa and Mastercard, they won't pay cash. They'll just put it on their American Express! Circle of life....
Mine's the one with the platinum-lined pockets.
The only bit you got right is that it is going to cost hard cash.
Which is why this, unlike previous attacks launched by 4chan will be pursued by competent investigators.
3D Secure is off-line?
Good. That service really sucks balls. I have actually abandoned purchases because sites force me to use that pile of vomit.
Well I for one am well fucked off. Had to abandon a long and utterly tedious purchase of xmas pressies from an overseas company when my transaction couldn't be processed.
As it's always the last step this was especially irritating. Bunch of scrotes.
Anon to prevent being added to the list of targets, natch.
Ordering from abroad.
You're ordering Christmas presents from abroad with 12 working days left and you expect them to arrive on time?
Unless you send an email direct to Santa you have no chance.
keys, filing cabinet
Anonymous DDOS's entire internet, unable to login to switch it off
Re: keys, filing cabinet
Let's see if we can beat Obama to it:
Annoying little tweets....
Quick, someone from Twitter announce they are disconnecting JA.....
They're already on them
It seems that Anon already has Twitter on its sights...
ddos old tech?
They will take out Senator Lieberman's personal site as soon as they can figure out how to DDOS the printing press.
Mastercard is owned by banks and so is Visa. There are a few shares of each but most are still held by banks that are worried about the next release.
It's in the news, which means that the story that MC blocked wiki is also in the news which means people are talking about whether the US government leans on international companies for it's own political reasons.
Which is worthwhile - but don't worry there will be another royal wedding or popidol winner along in a moment to restore the news cycle.
"whether the US government leans on international companies for it's own political reasons"
Oh, only about as often as the sun comes up in the morning, or there's a spell of damp weather at the bottom of the Marianas Trench.
they should not have bowed to political pressure
They would have been wiser to have kept their noses out.
Wikileaks has not been proven to have broken any laws in the U.S. yet..
They are also going to be sued by the Icelandic payment company Datacell for freezing these transactions:
They deserve all they get for bowing down to fascist political pressure.
anonymous of course, because it is the theme of the day..
US government secrets are being released by Wikileaks. It makes sense for any organisation or group of individuals so attacked to self defend. Anyone expecting or exhorting otherwise is either not thinking very efficiently or engaging in duplicity and bad rhetoric. If you pinch a rat's tail it will bite.
stable door, horse?
No. US government secrets are being made public by Wikileaks. They have been indiscriminately released to over 3 million people by the US. What are the odds that foreign governments haven't had much of this information for months or years? Should one small cog be able to grab so much without someone asking why until after it is made public? If you *can* pinch a rat's tail then more fool it for letting you.
This must be some new definition of the word 'theft' that is not in the sophisticated dictionary. No, the data were stolen, are the property of various governments, and those who stole them will suffer the consequences, ditto those self appointed exhibitionists currently parading them. It's inevitable, no matter what sophistry you attempt to employ, and it is going to hit some pretty silly people hard, in the face. The amusing thing is that there is practically no government they have not annoyed. Thus most governments in the world have cause to smack them hard.
As I said before, I have ordered the popcorn. For the next few weeks and months it is going to be a matter of 'with a magazine of x rounds watch and shoot, watch and shoot'. The longer it goes on, the more damage they do, the more severe the retaliation. A frigging child could work that out, though evidently you have not.
The data are
...the property of the populace who pay for it, surely?
Certainly not the property of Assange et al., plus there are certain things that a state keeps secret in the cause of defence and security. There a lot of citizens bright enough to understand the concept of security. For example, at this precise moment the UK is being targeted by large numbers of Russian spies. This is being countered, that is to say the property of the nation, its classified information, is being kept out of their hands.
In related news...
...you can still use Mastercard to donate to the Ku Klux Klan and the British National Party. (But please don't).
But of course there was no such thing as terrorism in the UK before 7/7 was there?
Another please don't
You can also donate - 100% tax free within the US, of course - to fund Suzerain Lieberman's primary home in the Israeli settlements.
Terrorism in the UK?
I suspect this is why the UK public were less inclined to swallow some of Blair's more ridiculous spewings after 9/11. We already had a number of professional and experienced terrorist groups working in the UK, the IRA for a start, who were funded at least in part from US Irish immigrants, and people were less inclined to surrender any more liberties because a bunch of badly trained ad-hoc groups of not terribly deep thinkers.
The 7/7 bomb was a tradegy, with 52 deaths (I'm not counting the 4 suicide bombers like the Wikipedia article does, cos thats stupid), however, the IRA was regularly killing hundreds of people a year in the 70's and early 80's.
I remember then 7/7 happened, certain idiots in the US were saying "Well now they know what its like".
Amusing, because 9/11 happened, I remember people where i used to live in warrington were saying something not entirely dissimilar.
Downed by Anon or Everyone Checking to See.
I do often wonder if it's really anon that took the site down or if it's all the news articles about the attack prompting people to go and check if it's still up.
i've been to the site a dozen times today and i've never been there before. i can't be the only one.
either way funny.
I have also been trying all afternoon to get on to their site - just to see if the reports of it "Mastercard is experiencing heavy traffic on its external corporate website - Mastercard.com - but this remains accessible."
I've been trying from at least 10 offices all day - hitting refresh constantly just to see if the site really is available.... so far no luck :-(
They deserve every bit of this -- why should Mastercard be deciding who we donate money to?
Anyway their 3-D secure system is utter rubbish..i have to reset my password for it every time I use it and often just abandon any online purchases once faced with it.
Illicit logical operation
Mastercard are not deciding to whom you pay your money, merely whether or not they are prepared to be accessories. Go and donate it by hand why don't you?
Behold the power of Teh Reg
First there's an article about Anon not hitting Paypal where it hurts...
Next an article about how you can rent a botnet for $50 a day...
Now Mastercard is down? hmm....
Paying for it
At least you can use paypal/visa/mc to rent your botnet nowadays.
In other news:
The U.S. Anounces worldl press freedom day. LOL
So who thought 3D Secure worked Anyway?
Nice, A DDoS attack that is probably improving bank security by taking 3D Secure offline.
If confused, have a read of the paper by Ross Anderson, et al below;
Veri ed by Visa and MasterCard SecureCode: or, How Not to Design Authentication
Contracts, evasion and violation
Would be interesting to know if Visa are complying with all the relevant banking and credit card rules, in addition to their contract terms, when they unilaterlly decide not to take payments from customers and forward the money to the desiginated accounts?
with friends like these...
These guys are really going to garner public support for wikileaks by pissing off people trying to do Christmas shopping.
Even if MC/Paypap/whoever -deserve- to be hit, it's short-sighted and counterproductive to attack them. It just gives more ammo to people who want to cast wikileaks as a criminal (or at least complicit) organization. Well done, Anonymous - you've handed you enemies a victory on a silver platter!
Freedom of speech is priceless
For everything else, there's Mastercard
- Boffins attempt to prove the UNIVERSE IS JUST A HOLOGRAM
- Review Raspberry Pi B+: PHWOAR, get a load of those pins
- Review Reg man looks through a Glass, darkly: Google's toy ploy or killer tech specs?
- MEN WANTED to satisfy town full of yearning BRAZILIAN HOTNESS
- +Comment 'Stop dissing Google or quit': OK, I quit, says Code Club co-founder