Those poor little idiots really thought that because they were using TOR nodes and tunnels they are anonymous.
Given enough power, money, resources NOBODY is anonymous on the internet.
The arrest of 16 Anonymous and LulzSec suspects in the US on Tuesday was accompanied by the arrest of a teenager in the UK and the cuffing of four further suspects in the Netherlands. FBI agents arrested 14 people across the US suspected of attacking PayPal's website as part of an Anonymous-related operation in support of …
So that explains why the authorities find it so easy to close down all those botnets controlled by the russian mafia et al.
It seem to me that if Anonymous/LulzSec really want to be truly anonomous what they should have done is to steal some credit card numbers and sell them to the botnet herders in return for a DoS attack on specific sites. That way only some proles are the victims and the authorities can blame the DoS on “criminal elements”
Also see h4rm0ny's post "Nothing is more dangerous than an embarrased authority figure"
If governments or law enforcement feel that they have been publically humilliated (i.e. a bunch of "teenage" hackers getting good press), then you can be certain there will be arrests. Who they arrest, how useful those arrests will be, Heaven only knows, but you can be sure that they feel the need to arrest someone. After all, the government is a small number of people, the police are outnumbered by the hundred and the courts can't handle more than a dribble of civil discontent. What authority depends on is fear and respect. You can get away with all sorts of crimes, but if you are publically getting away with disrespecting authority, expect the hammer to fall.
On someone, anyway.
I'll bet they just installed LOIC and though they were awesome and invincible.
Given how many people need to be involved in a DDOS attack worthy of the name, and given how many people have been arrested, I'd say the bulk of those responsible had a pretty good idea of how to cover their tracks.
If PayPal had high street outlets then UK and US protesters would have the right to picket outside of the premises or march in their thousands past the front door.
In the digital world there are similar rights, but protesters and protest organisers just need to organise in such a way as to stay within the law...
Just as it would be illegal for protesters to start smashing windows or harassing customers of a business, so it's quite right that it should be illegal to hack / damage web sites or use tools specifically designed to overload web servers, however, if a million people all visit PayPal and just keep clicking refresh on their browser, surely this is exactly the same as protesting outside a physical premises - one person, one voice - nobody is doing deliberate damage or connecting to the site is any way different to that provided to them as an individual consumer.
Of course this kind of protest would be a lot more difficult to organise and many more people would need to be involved to make a difference, but IMO the effort would sometimes be worth it, and the resulting disruption would be far more difficult for the sys admins to counter as they wouldn't be able to just block a few IP ranges or predictable behaviours.
Seems most of those arrested in the US were just a bunch of people jumping on the bandwagon and using LOIC without understanding the consequences.
...while all the important members still continue to tweet in full public view, lol.
"If PayPal had high street outlets then UK and US protesters would have the right to picket outside of the premises or march in their thousands past the front door."
Actually if you blockaded their shop the police would funnel the protesters and force you to move on if you were creating an obstruction, just the same as people who chain themselves up to the doors of properties get themselves hauled away when the chains are cut with bolt cutters.
Causing an obstruction or doing a blockade is a different thing to just standing there and getting your message across by waving a few signs and chanting some slogans.
You've kinda missed the point here - I'm not talking about a few people "waving a few signs and chanting some slogans."
Take for example the anti-iraq war march which took place in London; 3 million+ people marching around the city might not have targeted shops but I guarantee their business was disrupted.
There is certainly a point to be made about the erosion of civil liberties and the tactics used by police in the UK, however, the principle of a right to protest still stands (well, so long as you don't want to protest in Parliament Square)
However, in terms of online businesses, it is perfectly possible (and legal) to organise a delibarate denial of service by co-ordinating enough people to engage in standard activity on a site via a single browser session. (E.g. continual page refreshing to hit the web server or continually creating user accounts to hit DB servers.)
Weather it would be legal to automate the activity to any degree (such as using simple click / record software) is an interesting question but certainly manual activity does not fall foul of the law and if a cause is popular enough then it would just being a matter of getting enough people on board.
Staging the protest at a specific time (e.g. when the site has it's highest traffic) repeatedly for several days / weeks or even months would allow the protest to gather support and weight over time and hit the target where it hurts.
Why anyone would downvote this idea is a mystery to me, unless those people just think they know better or are the kind of facists who oppose any form of direct action...
Clearly, the kids are more competent than the so-called pros, but then we can't have kids showing up the security industry's utter incompetence now can we?
Of course, catching such hackers--the amateurs and little fish--is mainstream establishment think, it always has been.
Closing security loopholes against professional state-sponsored cyber attacks is seemingly less important, but then mitigating circumstances do apply as the establishment's demonstrated it's incapable of doing that.
To keep their jobs, 'tis better to catch kids and amateurs than no one at all.
Meanwhile, huge cyber holes go unchecked.
Its been fairly obvious that the majority of those taking part in Anon DDOS attacks were little more than kiddies with access to LOIC. Gawd help them as they are just the cannon fodder for the Anon elite. (733t?).
Lulzsec are a whole different case - obviously smart cookies, and activities much more in line with the likes of the HB Gary hack than the DDOSes.
If they are smart they will call it a day and merge back into the rest of anon.
Anyone with half a brain will realise that this is just a token roundup of a bunch of spotty teenagers who jumped on the LOIC bandwagon.
What it won't do is make a damned bit of difference to those people who are actually performing hacks of websites such as the Sun who are adept at covering their tracks, but what it will do is probably reduce the effectiveness of any future DDOS attacks, since a great many people who would have taken part before this sting will now think twice.
1. Arrest some kids who use LOIC and IRC.
2. Claim to have caught LulzSec. Protecting people from teh terr'ism, etc.
These guys couldn't find their asses with both hands and a map. Next there will be calls for new (privacy destroying) laws to help them catch the cyber-terr'ists. People will eat that crap up.
"Next there will be calls for new (privacy destroying) laws to help them catch the cyber-terr'ists."
And THAT is the real crime that LulzSec & Anonymous are committing - expanding the climate wherein *everyone's* privacy is further erroded and diminished. If I didn't think Gov't to be too bloody clueless to manage, I'd suspect them of being agents provocateurs. In reality, I think they're just self-absorbed idjiits with no eye to the long-term consequences.
" "Next there will be calls for new (privacy destroying) laws to help them catch the cyber-terr'ists."
And THAT is the real crime that LulzSec & Anonymous are committing - expanding the climate wherein *everyone's* privacy is further erroded and diminished. If I didn't think Gov't to be too bloody clueless to manage, I'd suspect them of being agents provocateurs. In reality, I think they're just self-absorbed idjiits with no eye to the long-term consequences. "
Yes. As surely as night follows day:
I fear that idjiits like Assange, Anonymous, and LulzSec are in fact prodding Gov't to be more conspiratorial, more intrusive, and more *effective* at those activities. The lesson of Yamamoto applies here: Do not awake the sleeping giant.
Poking sleeping bears with sharp pointy objects is a BAD idea and no intelligent person with a sense of self preservation would do that. Therefore I conclude that the various idjiits are indeed idjiits, or that they're willfully self-destructive and willing to take the rest of us down with them.
Biting the hand that feeds IT © 1998–2019