Find out who signed the petition ......
... then go and ring their doorbell repeatedly and continuously. They'll understand and respect your position.
The loosely organized hackers of Anonymous don't just launch distributed denial-of-service attacks for the lulz. They do it to send a message, which is why they've petitioned the Obama administration to recognize DDoS as a legal form of protest. The petition, which was filed on the White House's We the People website, argues …
A protest, done decently, is based on a two way communication; the protest group makes their opinion heard (which obviously opposes another opinion) but normally (should) always allows the opposition to make their voice heard as well. When done right a protest may end in a debate which might eventually help to bring both parties together.
DDoS on the other hand does not allow for such situations considering how it totally renders the website of the opposition useless. In my opinion its hardly a form of protest but instead takes more the form of total oppression: "We don't like what your website has to say so we're taking it out completely".
It doesn't matter on which "side" you are; fact remains that one party totally takes away the voice (or online capabilities) of the other.
And although I agree that it may fall within the definition of a protest ("A statement or action expressing disapproval of or objection to something.") one should have at least a some bit of common sense to realize that you can't use that to justify every take of action; there are limits.
Pretty much what I would have put about this one. The other difference between a protest, assuming it was immediately outside the disputed organisation, is that it doesn't stop the on-going business of that organisation. Where protestors do attempt to stop BAU they are arrested and prosecuted... pretty well what seems to happen to anonymous.
In summary they aren't asking for Freedom of speech, more Freedom of Censorship.
What Anonymous wants, in essence, is the right to take down my websites, destroy my business and my livelihood resulting in me having to lay off my staff, whose own livelihoods are then ruined, with absolutely no recourse for myself to prosecute those responsible.
And all on the say-so of some shitbrained little internet vigilante who might mistake my business for some other arsehole's scam, with no trial, no evidence, just hearsay on some Twitter feed?
You can fuck that idea off right bloody now.
I think this sort of thing means freedom can never be complete, because sometimes the exercise of that freedom will impinge on another's freedom. You might be left with something resembling the Wiccan Rede "An it harm none, do what thou wilt"... except that if a protest really does harm none, it is easily ignored.
Actually you can make a better argument that SPAM is a form of free speech than that DDOS is.
SPAM at least meets the criteria that it is communicating. Where it falls down is that it forces the recipient to pay for the speech, which is not permissible under classical property rights concepts. And if you throw out the private property rights it still falls under the problem of the free commons.
Being that most of the owners (the people that actually bought the hardware, not the l337 h4x0rs that hijacked them) of the machines that at "sitting in" are unaware that they're doing it.
This is less like and organised group of people occupying a location, and more like the the evil wizard sending his army of minions to attack.
Yeah pretty much my first thought:
argues that DDoS "is not a form of hacking in any way" and that it's really not much different than repeatedly hitting the refresh button in your web browser, albeit on a much larger scale
Not hackng in any way - true - but definitely different to hitting the refresh button in your browser, especially if some of the participants are part of a botnet, or are compromised servers.
What they're saying could - almost - be a fair point, if every participant was sat at their own machine, using their own machines resources. That's not what happens though, and it also fails to address the points others have made, like the inability to have a two-way conversation with the protestors.
But you're going to jail if you drive your truck through the store's front door as a means of keeping the shoppers out. And in fact, many members of Anonymous have gone to jail recently for doing exactly that with their ion cannons. Guess it all sort of works itself out in the end.
Continuously pressing F5 while visiting a website I mean. Heck, even tee up a time with your friends after school and have an F5 party
Using an automated tool to send malformed packets in short time is not free speech. It is simply the denial of someone else's, even if they are sick bastards protesting at childrens' funerals.
Yeah I always feel particularly aggrieved when I have to deal with a DDoS, it's just so damn sophisticated. It's like wanting to play chess but finding the opponent only has the capacity to flick tiddliwinks.
It's as depressing as finding a web-based backdoor has been installed on a system, a sophisticated attacker could have (potentially) used it to compromise the system, but the thick-as-two-planks attacker clearly didn't know how and has simply defaced a page instead.
Don't get me wrong, I don't want our customer's servers to get hacked, but a complete lack of sophistication does say bad things about the technical understanding of today's spotty oiks.
"Anonymous we are legion" - actually it appears not, a (Roman) Legion was about 6000 men, but it appears to be only 830 of Anonymous according to this petition.
Its probably a fairly accurate figure too - I mean a group that can get thousands of idiots to become a willing botnet must also be using the same jedi mind control techniques to get votes for this petition.
As myth busters say.... busted!
Anon because as others have pointed out, just for the lolz
... ends roughly when someone anonymously smack them personally in the gob.
Tearing down infrastructure not owned personally, by you, is not freedom of speech. It is vandalism. And the 99% are getting really, really sick of you 1 percenters vandalizing our IntraWebTubes space.
Were in not for the rest of the damage it would do to society, it might be interesting to pass their petition.
And then watch with the popcorn bowl as all the major corporations began coordinated DDOS attacks on Anon resources across the globe. Because revenge is a dish best served with a buttered popcorn.
Every machine contributing to the DDOS actively chose to via its owner clicking 'Join in the DDOS' which is what LOIC does IIRC...
A zombie botnet used for DDOS does not have the explicit consent of its owner to contribute to the attack, therefore it's akin to someone stealing their voting slip and voting on their behalf in a way they would not choose to.
Therefore not free speech, a rigged vote. Which is illegal.
Yeah it has SOME merit, sometimes, but overall, aside from attacking relevant causes, and knocking spammers offline etc., it generally is little more than an a brief annoyance.
"Oh Oh Oh we jammed a christmas cake up the FBI's arse! Golly Gosh!"
I hear the ways to bypass a DDOS attack are pretty easy though.
Easy...yes.
Cheap...no. If it's done right.
You need to pay for the upstream filtering at the ISP, configure the rule scenarios and then there's the DNS re-direction and hosting to consider. The things you can do locally (rule-based request filtering, window resizing, run site in no graphics/maintenance mode, etc) only take you so far. They won't protect you from 50gbits of layer 2/3 traffic - 100,000 SYN-ACK/ACK's (or RST's) per second still adds up, and chances are the CLOSE_WAITS alone will kill your server.
I support the right to protest: to go somewhere, be noisy and make your point of view as one of a group. If you believe something - stand up, be seen, be heard and be counted.
DDOS: let me see...
Do we know who is behind the protest ? No: the DDOSers have typically hijacked others' machines.
Do I (as a visitor to the web site) know what it is about ? No: all that I know is that the site is slow.
Can we count the protestors ? No: they aren't using their machines, we do not know who they are.
Having an analogue of a street protest is difficult in cyberspace, most people who visit the site just won't know. So what can we do:
* Insist that all web sites have a link to whoever wants to say something about them ? Not practical; Apple knows how to avoid this (until the court finally kicked them hard enough).
* Permit sites with domains like XxxSucks.org that will show up in google. Yes - that is as close as I can think, these must be protected from being taken down by Xxx.
I agree that their argument is flawed, but not for the reasons you give. Having to physically be somewhere to exercise your right to free speech, which is what your point concerning protest actually goes to, would restrict the exercise of free speech more than it already is (or should be). The argument should not be whether or not a DDoS is a valid form of protest. Rather, it should be if it constitutes an exercise of free speech. Should anonymous (small A) speech be protected? The answer, I feel, is not an absolute Yes or No, but more depends on the situation.
At first blush, while I do not like the idea of a DDoS, I can see that it might be viewed as an exercise in free speech with the caveat that it cannot be implemented with hijacked machines. Proving this is not the case... I am glad I am not writing the legislation on this.
Finally, the potential for abuse by a competitor is problematic. Even if a DDoS is deemed a valid exercise of free speech, this possibility seems an obvious outcome of legalizing the practice as a form of protest.
DDOS is legal, so long as youre only using people at a keyboard hitting refresh. Want to take down a company? Use an army of people so youre showing a significant number of dedicated protesters.
Using software dedicated to doing this is more akin to building a wall around a building- it'll stay up forever and the people can wander off so arent actively taking part of the protest- which would be illegal.
Assuming each IP == 1 person intentionally taking part than I am totally for this type of thing. Even if its automated.
To me automating it is the same as bringing a chair to a sit in. Even while protesting there is no reason you can't be comfortable. I also think that in most cases it is okay to totally disrupt a place of business. When you go on strike do you allow anyone to enter your factory?(although I'm sure many of you will disagree)
Using a botnet however would be very wrong, and is in itself illegal even if the botnet isn't used for ddos.(breaking into computers and all that)
Just as with normal strikes I imagine that if this ware to ever become law there would of course be some constraints. For instance: blocking a hospital(or its online equivalent of ddosing emergency services) is generally frowned upon.
Its probably also worth mentioning that pre 2000 this was totally legal (or at the very least never went to court, floodnet comes to mind. The old documentary "hackers in wonderland" makes some nice references to it.)
Full disclosure: My datacenter gets hit with a 20Gbit ddos pretty much every day all day. About once a month it peaks to 60Gbit for a short while and I'll have some connectivity problems but that never lasts very long. But this is from one or two individuals with a botnet, not a protest. So despite feeling the effects of this sort of thing on a daily basis I still approve of ddos as a form of protest.
... whereas DDOS attacks are normally done through compromised machines against the will of the owner of that machine - at the will of a handful of eejits these "protesters" are being included in a protest they know nothing about.
Basically... doing Occupy their way would involve 3 or 4 people deciding they needed to protest against something - then in masks going out and rounding up grannys, kids and dumb people from around the world - transporting them to the company at no cost to them, while the victims (grannys, kids etc) thrashed about confused as to what was going on.
Once at the building, they use multiple trebuchets to launch these people at the front door until nobody else can get past them or security opens another entrance or two.
I would be willing to pay a small amount of money to see a flash animation depicting exactly this.
It is worth pointing out that some of the highest profile anonymous attacks ware mostly individuals and not botnets. Those that got arrested and convicted for their participation in a ddos attack ware the ones that did it from their home network where 1 IP was 1 individual.
There was very little chance of catching those that used a botnet, so if this becomes a law or not it will never stop botnets.
But it will in my opinion give a voice to those that are generally upset about something without going to jail instead of only giving a voice to those that are willing to get arrested or those smart enough to cheat.
I'm for downgrading it to a petty crime - one that gets a warning, then a fine or community order. Currently the upper level of punishment is higher than someone caught driving without a license, drink driving, drug possession, common assault, public indecency, petty theft, shoplifting, disorderly conduct etc...
All those lesser crimes actually affect real people and can cause significant injury, loss and pain. A DDOS in contrast may affect a business (if it's primary income is web-based), but no more than a common IT glitch would - well run businesses, particularly corporations, design for fault-tolerance and make fail-over plans for that.
The problem is that law-makers still think computers are magical things from the 80's that enable teenagers to hack into government defence systems and launch nukes all over a simple modem. Those in the fear industry know that can strap "cyber-" onto the front of any threat to elevate it to a much worse situation than it actually is.
This is why people are so confused when it comes to DDOS attacks, and sadly I see a few commentards here, under the impression that it involves hacking into a website and causing damage - when actually it's sending the equivelant of many multiples of 'visits' to the website - no intrusion needed.
The actual real-life equivalent is not blocking an entrance to a business. It's sending 1000's of people to browse a store with no intention of buying, preventing genuine shoppers from physically getting in for a few hours.
The real-life equivalent is a semi-malevolent flash-mob.
As a DDOSer you are not making a point, you are not conveying an idea, you are not trying to say anything. What you are doing is making sure they I cannot say what I have to say. THIS IS NOT SPEECH, it's sole purpose it to deny the victim speech.
A flash mob may raise awareness. Normally someone will be explaining what it is all about, or have signs or some-such. A DDOS does not, because the users only see the site is slow. They do not understand your point BECAUSE YOU ARE NOT MAKING ONE.
We are not saying you have "mad haxzoring skillz" we are saying you are being destructive and disruptive to other's speech rather then taking the proper approach and legitimately speaking out, arguing what is wrong with your victim.
I have mitigated these types of attacks. The last one I did was not Anon, but the attack was much the same. It can be done, but it is expensive to do. Us in the real world are incurring costs because... well... I haven't figured out why. It's certainly not so you can speak your mind, because you aren't. If you wanted to you could put up a youtube video, or even your own web-site if you wanted.
Your goal is not the message, it is to cause harm. To be honest, I think the punishment isn't severe enough. I take speech vary seriously, even for those who have things to say I don't like. I would never harm their ability to speak their mind. It's a shame the fascists in anonymous fail to understand that.
ASSnonymous needs to pull their heads outta their arses and get in touch with reality.
Why not make all crimes "legal" so that those who can't live within the laws of society and who attack others and cost them monetary losses, are free to abuse all? Frigging idiots best describes ASSnonymous.
...demand equal rights to the Internet! In all seriousness, after reading the article I can't say I disagree with Anonymous' White House petition to decriminalize DDOS attacks, as they make a few good points. The problem is in the context of the situation. Obviously, we can't program a massive amount of computers to go protest in Wall Street now can we? Well in the world of the Internet you can "protest", as Anonymous describes it, an organization's web services by overloading their gateway servers from a variety of source addresses. The biggest difference is one person can orchestrate a DDOS attack that could shut down an entire business indefinitely, where in most cases it would take hundreds of people protesting outside the business' physical location to accomplish similar results. I believe that is the primary reason you can't say we have a "right" to perform DDOS attacks to intentionally harm an entity, one person could be infringing on many others' rights while performing this attack. Not to mention, the word attack is in the name; hence, Distributed Denial of Service attack. That being said, how does an organization prevent these kinds of attacks? Frankly, government organizations have been struggling with this issue for one simple reason; they need their dedicated services. The dilemma is who to offer these services to, because if the government says, "so and so's IP and MAC address cannot have access to this web service," then they could be the ones infringing on citizen's rights. Any public network is going to be susceptible to DDOS attacks, it must be accepted. I do believe we could call our Internet rights a civil liberty, ascertaining to what we do on the Internet (within legal bounds), so I think organizing an "old fashion" DDOS attack, where a group of friends all go to a website and hit the refresh button, is comparable, in modern times, to protesting in the streets outside of an organization, and thus acceptable by law. However, the massive automation and malicious technology that goes into the orchestration a DDOS attack comparable to something Anonymous has done in the past, in my mind, is not going to receive any "love" from our legislature.