Network Security, Network Security

Pro-WikiLeaks hackers target MasterCard, PayPal

Story updated on Wednesday, Dec. 8 at 2:12 p.m. EST

A united band of WikiLeaks supporters have knocked offline a number of high-profile websites that have taken a stand against the whistleblower organization and its founder.

The "hacktivist" group Anonymous, best known for DDoS attacks against the Church of Scientology and anti-piracy sites, shifted its focus over the weekend to target anti-WikiLeaks' websites, such as MasterCard and PayPal, with punishing distributed denial-of-service attacks.

"They have more supporters than they have ever had," Panda Labs' threat researcher Sean-Paul Correll, who has been monitoring communication in chat rooms, told SCMagazineUS.com on Wednesday. "Anyone who did anything anti-WikiLeaks, they'll probably go after."

The website for MasterCard, which announced Monday that it would not process transactions related to WikiLeaks, has now been crippled for at least eight hours, as the card brand has been unable to fend off a flood of unwanted server requests courtesy of hundreds of voluntarily compromised computers being used in the attacks.

The vigilante effort, dubbed "Operation:Payback," has turned into a widespread call to arms in defense of WikiLeaks, which has been subjected to condemnation by U.S. officials after its release of hundreds of secret diplomatic cables, which were redacted to reduce harm and protect the innocent.

Other victims have included The PayPal Blog – PayPal closed WikiLeaks' account after it determined that the group violated its terms of service – as well as EveryDNS.com, WikiLeaks' former DNS provider, and PostFinance, the Swiss bank that froze the account of WikiLeaks' founder Julian Assante.

Downtimes have ranged from eight to 11 hours, Correll said.

Hackers also have disrupted services at the website belonging to the lawyer representing two Swedish women who have accused Assante of sex crimes, and the Sweden prosecutor's office, which is pursuing the charges.

"They have a specific DDoS tool they developed which allows virtually anyone with no [technical] knowledge to involve themselves in the DDoS attacks," Correll said.

Participants just need to download software, enter the command-and-control information into the program and connect, he said.

Volunteers don't seem to be worried about being tracked down by authorities, Correll added.

"Most of them feel there is too much traffic to track and they can use the 'My computer was infected defense,'" he said. "Nobody seems to be asking about that in the chat rooms. No one is visibly voicing any concern about any type of legal action."

In addition to the DDoS attacks, Anonymous members also are delivering prank faxes to officials such as Sen. Joseph Lieberman, I-Conn., an outspoken WikiLeaks critic who encouraged web hosting provider Amazon to remove the whistleblower site from its servers.

"While we don't have much of an affiliation with WikiLeaks, we fight for the same reasons," said a statement on the website for Anonymous, according to a blog post from Correll. "We want transparency and we counter censorship. The attempts to silence WikiLeaks are long strides closer to a world where we can not say what we think and are unable to express our opinions and ideas."

At press time, MasterCard has yet to recover.

"The amount of participants in the attacker's chat room have soared to over 2,200 people, and there are currently over 1,700 computers in the voluntary botnet [being used to launch the DDoS attacks]," Correll wrote.

As as of 1:30 p.m. EST, the company's site remained unreachable. In a statement, the company would not admit that DDoS attacks were behind the the issue.

"MasterCard is experiencing heavy traffic on its external corporate website – MasterCard.com," it read. "We are working to restore normal speed of service.

But the Anonymous group took credit, according to a tweet.

Last week, it was WikiLeaks feeling the brunt of the attacks. And the Anonymous website has recorded 11 hours of downtime since Monday and also was defaced, Correll said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.