back to article Anonymous unsheathes new, potent attack weapon

Members of Anonymous are developing a new attack tool as an alternative to the LOIC (Low Orbit Ion Cannon) DDoS utility. The move follows a spate of arrests thought to be connected to use of the LOIC, which by default does nothing to hide a user's identity. The new tool, dubbed RefRef, due to be released in September, uses a …

COMMENTS

This topic is closed for new posts.

Page:

The question is...

If you are on TOR and your NODE is used as the hopping off point for some DDOS'ing are the plod likely to try and finger you for it given the woefully tech ignorant state of the justice system or average juror with something akin to Oh you HAD to know TOR would be used for illegal purposes you are guilty!!!! (LIke anyone who ever uses a Torrent is a Pirate or plays a computer game is a mass murderer etc etc)

6
2
Silver badge
Facepalm

RE: The question is...

Tor in itself is not totally secure and hasn't been for years. Tor was originally developed with the help of the US Navy, which means the NSA have probably been plugged into it for years. Their is suspicions that some governments like the Chinese have set up their own Tor entry nodes and hijacked others so they can monitor their dissidents, which begs the question of how do you know which Tor nodes are good or bad? The biggest hole was shown by the Fwench with the "bad apple attack", but a much simpler way for governments to defeat Tor is simply to look for the routers, then pick out the entry and exit nodes. It's trivial for the authorities to sit on your ISP's connection server and look for anyone going to a Tor entry point, then just monitor your traffic before it gets onto the Tor network. Most Tor users are too ignorant to realise Tor does not provide end-to-end encryption, so the connection between your Internet access point and the Tor entry node is packed full of juicy evidence for any criminal investigation. Think you can be smart and go use an Internet cafe or public access point? Better mask your MAC address then. Oh, and your OS UID if you're using anything other than hand-rolled Linux or BSD, and make sure your browser isn't telling the World a host of identifying details. Which the average LOIC cannonfodder will not know how to stop.

6
7
Bronze badge

The other question...

Is if someone SHOULD be liable for what goes over their network.

I suspect that the number of people using Tor for breaking the law massively outweighs the number using it for legitimate reasons, however that's difficult to prove as logs aren't kept.

Why not? Seriously. If someone is abusing the network, then they should be kicked off and reported to the appropriate authorities. Failing to do so will ultimately end up with the end node owner being held responsible for the activities of the script kiddies using it to hide their attacks. When a fair number of people end up in court for their Tor nodes, they aren't likely to continue hosting their node the tor network will collapse. I'm sure it'll happen eventually.

I think it's difficult to argue that someone should be able to host an anon proxy server with no logs, take no responsibility for stopping people abusing it and yet not end up in trouble with the authorities.

1
8
Silver badge
Boffin

RE: The other question...

I know someone that used to have an Onion router running in his DMZ (it was his private company's server). He started it with the altruistic hope that he was helping oppressed people get safe access to the Web so they could protest and get help from the West. He was pretty p*ssed when he got a visit at home from the coppers, who said his node had been used to transfer kiddie porn and he was suspected of being a member of a paedophile ring. When he asked other node owners he knew if he could somehow restrict the node to just "good" users he was told it was an "all-or-nothing" approach - he had to accept the purist vision that he should allow all traffic regardless to ensure the "freedom of the Internet". So he took his node down.

4
5
Bronze badge
Thumb Down

RE: The other question...

Exactly. My personal guess would be that the majority of the traffic over those sort of nodes is criminal in nature with another significant percentage being trolls and advertisers/spammers getting around IP bans.

The purist lawless ideal of the internet is going to cause significant involvement from law enforcement dictating terms when they get the laws changed to force projects like that to close, which will then lead to people setting up other things, which will lead to those getting banned as well and so on until it's locked down so tightly that people can't use it to break the law.

That outcome is of course far more desirable than logging the traffic through the networks, and voluntarily taking the details of criminals to the Police, so avoiding the need for compulsion and regulation.

Oh wait.

Have these people never done anything in the real world?!

0
0
Terminator

anon

Knowing the law would be useful before spouting off. Just because packets come from your IP address is not enough to subject you to arrest, let alone going to court or prison.

The use of DDoS is destructive, and is affecting millions of internet users across the globe that are legitimate. Anonymous have no consideration for the average user of the internet. Hope they all get stabbed in the eye while they are in prison.

1
1
Devil

incorrect

Matt Bryant : Thats incorrect. You can setup your ToR node to be restricted usage for just people you've made aware of the node. This allows you to avoid all the illegal activities that go on around the onion and you know that if the police visit you for such a situation then its one of your friends.

0
1
Silver badge
Big Brother

RE: incorrect

"....You can setup your ToR node to be restricted usage for just people you've made aware of the node..." If your node is set to allow any user then you have a reasonable case for denying knowledge of what is going through your node, but restricting access automatically implies you are aware of what is happening. For example, if the coppers come and tell you user X is sending kiddie porn from IP address Y, and you continue accepting it, you are probably up sh*t creek if they come back a second time and you haven't stopped user X's access. With my mate, he was told that the police already KNEW which users were sending what traffic. They searched my firend's home and his workplace and took all his computers and servers off for forensics, which screwed up his business too, and left him the added fun of explaining to his family, staff and customers that he wasn't actually a kiddie-fiddler. Whilst the police probably had the sole intent of catching the padeo ring, it was a very effective way of removing a Tor node from the Net, and who's to say they might simply use the paedo card to target Tor node owners. If you are running a Tor node and restrict access then you had better know EVERYTHING about what your users get up to, otherwise your trust could land you in prison.

2
2

And so the death of internet freedom

Comes another step closer...

8
2

Re: And so the death of internet freedom

Another notch in the ratchet, for sure.

http://www.bbc.co.uk/news/technology-12007616

0
0
Silver badge
Facepalm

RE: And so the death of internet freedom

<Yawn> So that would be another SQL injection tool, then? What's the betting that when it is analysed it turns out to be just a rehash of an existing tool they downloaded.

All the Anonyputzs and Lultwits are doing is creating their own nightmare - a fully-licensed Internet. Before long the govertnments of the World will tire of the unregulated Internet and start demanding control of all access. The ISP will let you on only if you prove who you are and have a valid "web license". Not yet eighteen? Then you'll be stuck in the "kiddies corner" with virtually zero access to the real 'Net. Commit a cybercrime and as part of the punishment the license is revoked, leaving you in the Dark Ages. The Anons are just too stupid to realise they are happilly shooting themselves in the feet.

19
5

I Doubt It

That kind of system will almost certainly be imposed if things carry on as they are but as soon as that happens people will just put their efforts into making better darknets and it'll be back to square one.

6
0

Whoas there

Taking things a little too far? I think we're a long way from that, a bunch a people annoying the odd company and exposing poor security won't cause 'the man' to slap the cuffs on us all.

I think you've watched V for Vendetta to many times.

1
8
Black Helicopters

The alternative plan?

Perhaps this is actually the 'plan'

Let some tameable skiddies loose to stir up public opinion in support of regulation (e.g. French Pres. Sarkhozy's recent speach) - so there is something else to focus on (apart from gov having no money, no gold, no clue).

Once they get too damaging, reel them in and put them on show, then roll out controlling legislation.

(Mind you, our western record of controlling guerilla forces that we set up is not exactly spotless, so there may be a problem here)

3
0
Silver badge
Boffin

RE: Whoas there

Unfortunately, there have been many cases of politicians on both sides of the Atlantic looking for just such a solution for years. Long before the (appallingly poor) "V for Vendetta" film came out.

2
4

> better darknets...

Darknets connected to what... You may find you'll be back to modems and private BBS... (those were the days!)

4
0
Childcatcher

Re: And so the death of internet freedom

The scarcer freedom becomes, the more it is sought.

There is no scarcity in the want for freedom, I assure you.

0
0
Silver badge
Facepalm

RE: Re: And so the death of internet freedom

There is no scarcity of smart-arse quotes that do nothing but avoid the situation. You can crave freedom all you like, but if the governments take your toys away and puts you in a sandpit then all you get to play with is sand. Just ask the poeple of North Korea how that works. Or the Chinese dissidents, who would probably really not like to lose even the chance of safe Internet access because a bunch of skiddies were playing for "lulz". Who will complain about what the Chinese goverment gets up to if our own governments implement exactly the same controls in order to stop the likes of the Anonyputzs? Be thankful "Knee-jerk" Blair isn't still in power, or we'd already be there by now.

2
5

This post has been deleted by a moderator

Bronze badge
WTF?

What have you been expecting?

I did think that LOIC at least issued http requests? Otherwise all you anon skiddies could just use ping. I probably shouldn't even mention ping.... oh well.

1
2

This post has been deleted by a moderator

Bronze badge
WTF?

@AC Friday 5th August 2011 09:24 GMT

Apologies if I have offended your sense of your own technical skillz. I can however point to the parts of your original post that suggested that you were involved in Anonymous as a skiddie, and didn’t seem to know how LOIC worked.

> About time, I've been expecting this for a while.

This was the paragraph that suggested to me that you are involved with anonymous. When I read this suggests you have been awaiting with anticipation the arrival of this ‘fine’ DDOS’ tool. To my mind a hard worked developer defending the world wide web sites from DDOS would be more likely to say ‘About time, I was afraid they would develop their tools in this manner’.

> Simple TCP/UDP flooding is pointless when you can issue web requests that consume much more processor power. Find a relatively processor intensive request, and hammer that and it'll be far more damaging. Bonus points if you do it over HTTPS which adds in the extra strain of encryption to it all.

Again there is a degree of relish in your phrasing above, note particularly your phrase ‘bonus points’ for using HTTPS. You also mention TCP/UDP flooding, which whilst it can indeed be caused by masses of HTTP GET requests, can be more easily achieved with a number of other standard network tools. You then go on to say that ‘you can issue web requests’ implying that LOIC doesn’t issue web requests, not even an HTTP GET.

> I don't see that anonymity networks being slow would be a bottleneck either tbh, find the right web request and it will often be heavy enough on CPU time disproportionately to the amount of data sent. Effectively it changes the battle from one of bandwidth, to one of CPU power

And yet more relish in the emotive tone of your original paragraph. You may want to think through the points about ‘emotive tone’ above if you comment again?

0
3

Easily prevented... and the prevention is easily subverted

Toss in a quick check: has this IP address sent spurious or excessive requests? If so, ignore the request.

I wonder, though- why hasn't the previous tool been modified to send packets with someone else's IP address? The only reason IP address spoofing can't be used is that nothing gets back to the sender (Same problem with using a fake address for mail fraud). In a DoS attack, that seems irrelevant...

Is the guy they caught the guy that did it, or his enemy/rival?

0
0
Pint

Reaches for the popcorn

Sits back.

0
2

This post has been deleted by a moderator

Bronze badge
WTF?

@AC Posted Monday 8th August 2011 08:40 GMT

No I remain unconvinced by your arguments. As evidence I would this time point to the somewhat spurious use of the argument that I have a suspicious nature, and your heavy use of invective language.

Moving the goal posts on the discussion suggests to me that you don’t really understand the technology on which you are commenting. The use of invective shows low self-esteem problems.

0
0
WTF?

DDoS is the last of your worries ...

"So far, what they have is something that is platform neutral, leveraging JavaScript and vulnerabilities within SQL to create a devastating impact on the targeted website."

If your website is open to simple XSS or SQL-injection attacks then DDoS should be the least of your worries.

4
0
Boffin

Skiddies still?

Not bad for a bunch of script kiddies.

3
2
Ru
Facepalm

Durr

This is the 's' in 'skiddy', the purpose of which is to facilitate use of mildly sophisticated attacks by complete idiots. The sort of people who will be using it will be significantly less capable that the sort of person who wrote it.

3
0
Silver badge
FAIL

RE: Skiddies still?

Yes, they still are. Your fanboi-like level of blind devotion seems to have allowed you to ignore the facts that:

1. It's likely just another SQL injection tool, so nothing new or even vaguely inventive. In all likelyhood, when the project falters due to their lack of skillz, it will be just a minor rehash of one of the toolz they downloaded for their previous crimes.

2. They haven't produced anything yet.

So, yes, they're still just attention-seeking wannabes.

3
6
Go

Unorganized ...

... and undisciplined script kiddies to boot.

1
1
FAIL

Questions...

Are people really stupid enough to use all their internet bandwidth to attack Sony because Microsoft told them to do so for removing OtherOS that nobody cared about?

Are people stupid enough to think the internet is anonymous?

Are people stupid enough to download malicious stuff like this and risk going to jail and/or getting really big fines?

1
6
Silver badge

Hmmmm

"Are people really stupid enough to use all their internet bandwidth to attack Sony because Microsoft told them to do so for removing OtherOS that nobody cared about?"

Microsoft did what now?

I won't get into that argument now, but some people did want the ability to both use OtherOs and play games on their PS3s, and were, quite rightly in my opinion, pissed off with Sony when they took it away.

And no, poeple weren't stupid enough to do this, because it isn't what happened. Sony got cracked, not DDoSed IIRC.

"Are people stupid enough to think the internet is anonymous?"

Yes, some are. I think naïve is probably a better word though. The people who assume that they are anonymous on the internet by default are probably the same people who believe without question the things they read in the papers or hear on Sky News. There are plenty of these people, unfortunately.

"Are people stupid enough to download malicious stuff like this and risk going to jail and/or getting really big fines?"

There have already been arrests, so I think you may have answered your own question.

I think the sheer fact that LOIC has been used for DDoS attacks, without proxy anonymisation, and that quite a lot of people have joined in to do so, demonstrates that there are number of people who are both stupid enough and either pissed off enough, or are trying to fit in with a 'cool' crowd, to do so.

1
0
Silver badge
Boffin

RE: Questions...

The first outings for LOIC showed the limits both to the number of people willing to use such a tool and the naivety of the Anons in thinking they would get general support. The take-up of LOIC was so poor that the supposedly non-existant leaders of the Anons had to resort to using zombienets. You know, the type of zombienets that do REAL criminal stuff like steal your gaming accounts and creditcard details - gee, I wonder how the Anons knew how to get those?

1
2

@ Questions

Q1) QOS is rather trivial to implement. People are discontent and willing to attack anyone if they are tricked into believing that doing so will ultimately bring them more good than harm.

Q2) People are smart enough to realize that the odds of any one particular person being prosecuted are very low if the level of engagement is merely running a DDOS tool every now and then. Certainly some (younger kids) won't realize how easily things can be traced back to them, remember that teenagers think they are invincible to the point of even driving recklessly which is clearly a greater risk to them than running a DDOS tool on the internet.

Q3) People are People

1
0
FAIL

Stupid enough to download

You do realise that the mere act of downloading such tools does not have the risk of jail or fines associated with it?

0
0

So what exactly have Pastebin ever done?

The twats are now attacking Pastebin as a test of their latest script kiddie tool? How can anyone support these idiots who are willing to bring down innocent sites just because they feel like it?

They're no better than 419ers or malware authors.

10
2
Ru
FAIL

Really?

How much money do you suppose the various colours and flavours of Anon have defrauded from the public?

2
1

Title

It is a bit puzzling, I mean they even *use* pastebin to post their various ill-gotten files. Seems a bit like shitting on one's own front door.

2
0
Anonymous Coward

Why attack pastebin...

They have to field-test the weapon somewhere, and running it against a live site provides the most real-world result. I figure that since Anon uses pastebin so much themselves that they consider it a kind of home base on which to test their attack methods, without arousing too much public or police ire, before they're ready for the next real attack.

0
0

dont these tools realise?

that what they are doing is in fact jeopardising our internet freedom? it will only be a matter of time before the govs lock all this down even more than normal.

if shoplifters can get jail time then these little digital terrorists should expect a lengthy spell

5
1
Thumb Up

Couldn't agree more

Yeah, civil disobedience is a terrible thing that has never achieved anything.

Let's lock them all up, because that will stop the establishment from trying to shaft the rest of us. Really it will!

History teaches us nothing.

6
3

You really don't get it, do you?

None of it is about locking up the brats.

Even if the sentence was only just a light spanking from their mothers, the 'civil disobedience' in question will only spur the government(s), led by a massively ignorant population(s), to require, as a fellow poster put it, a Licensed Internet.

Good luck being civilly disobedient on that framework.

1
1
Childcatcher

Uh

If the government is already locking down your internet, like "normal", aren't you the one already in a prison?

0
0
Facepalm

@Random_Walk: I really don't get what you're on.

I was responding to the calls to lock them up.

The internet is already under attack. Do you honestly care what excuse our governments use to attempt to justify this? They are going to try it anyway, and it is the 'brats' that will carry on fighting to stop them.

You're arguing that we must cower in obedience in order to maintain the framework that enables us to rebel. Do I really need to point out the stupid there?

2
1
Silver badge
FAIL

re: @Random_Walk: I really don't get what you're on.

".......You're arguing that we must cower in obedience in order to maintain the framework that enables us to rebel...." What you fail to grasp is that the vast majority of the public, whom are all Internet users nowadays, do not see a problem with "licensing" the Internet, in fact the actions of the Anonyputzs is doing nothing more than driving the conviction that locking down the 'net is neccessary to stop people like the Anons. What you fail to grasp is the average Joe doesn't think like you do, sees your "rebellion" as just childish vandalism, does not want anarchy on the 'net, and cedrtainly does not support the actions of the Anonyputzs. Even my old Mum, not exactly living on the cutting edge of technology, came up with; "Well, we all have to have a driving license, insurance and registration plates before we go driving on the roads, so why should it be different on the information highway?"

"...... Do I really need to point out the stupid there?" No, you have pointed out exactly how stupid you are.

0
4
Anonymous Coward

Err...

What happened to all of their posturing about running LOIC on your own machine and not running it over botnets etc in order that "the man" knows you are protesting? That seems to have taken a bit of a back seat, another nail in the coffin of anonymous having any credibillity.

In short: Protesting against Scientology: Good

DDoSing everything that moves and putting up people's personal information for all to see: bad.

7
1
Big Brother

Looking at it objectively

Even scientology starts smelling of roses in comparison

– then, saying that, everyone's own interpretation of it would possibly be a function of their reaction to the notion of the means justifying the ends

1
1
FAIL

If I were a script-kiddie tool

I'd be anonymous too

The embarrassment!

2
1

Annoymisation

"Whether or not RefRef does a better job at anonymisation, by default, remains unclear"

With the group called Anonymous you'd hope so!

0
1

Page:

This topic is closed for new posts.

Forums