Anonymous vs Her Maj’s Gov

Today Gene Simmons’ website was redirecting to The Pirate Bay again for a while, but now both of his domain seem to be showing generic advertising pages, so it looks like Anonymous took him off the Internet, all because he couldn’t keep his mouth shut for 5 minutes. Today sees more interesting developments in the increasingly bizarre land of Anonymous.

tieve.tk 'press release'

Tieve.tk was down earlier, and it now looks like the reason for this may be that the UK government pressured their web host due to its involvement in the attacks (which is amazing really, the UK government doing anything). Anonymous seems to have responded by DDoSing the intellectual property office again, whose site is currently running but saying “We are currently running a limited service on our website. We are working to resume a full service as soon as possible.”.

Anonymous did attack the government’s intellectual property office on Saturday, but this seems to indicate a slight change of direction for the whole thing. Annoying private companies is one thing, annoying governments is, well, possibly not really the smartest move they could have made. As far as I know this is the first interest that has been shown by any kind of law enforcement entity (Gene Simmons’ claims aside), so it will be interesting to see whether anything comes of it. It is also likely to lose them some public support. I will freely admit that I quite enjoyed seeing them taking on (and embarrassing) greedy people like the RIAA/MPAA, Andrew Crossley and Gene Simmons because they had it coming to them, but I’m not aware the IPO has done anything that would make anyone (including me) understand why Anonymous is attacking it. I realise they aren’t necessarily doing it for public support. The public image of Anonymous has always inherited from that of 4chan’s, i.e. a bunch of 14 year olds doing it for the lulz. After sitting in their IRC channel for the past few days this isn’t really an accurate perception. It’s 80% accurate. Firstly 4chan aggressively removes any Operation Payback topics they create (although I think that’s still their main source of members), and secondly, whilst they undoubtedly do have a bunch of members who clearly don’t really understand what their ‘low orbit ion cannon’ actually does, and have probably never heard of half the organisations they’re attacking, there are quite a few members who appear to be young adults genuinely interested in the political cause. And I think a lot of people agree with the message they’re spreading even if we wouldn’t endorse their methods. I also mentioned previously that some of them (claim to) have botnets, which suggests these people to be more skilled and knowledgeable than any 14-18 year old is likely to be. Of course these are in the minority and a large number of their members are the kind of stupid 4channers you’d expect. However, in my opinion anyway, they are kind of undermining themselves and reducing any lasting political impact they’re likely to have by trying to make enemies out of governments because it feeds the impression that they’re some kind of insane chaotic suicide bombers.

I was aware of the attack on the patent office on Saturday, and ten minutes before the attack I started querying their site every 60 seconds to see how it held up (out of curiosity). The amount of data this involves is absolutely microscopic and will have no measurable effect on their server load. The data follow, you’ll notice that the site seemed to disappear 3 minutes before the scheduled attack time of 6PM and as far as I remember, my system clock and Anonymous’s countdown timer weren’t more than a few seconds out. This seems to indicate that they took down their site willingly, but it came back up again a few minutes later, so perhaps their admins were doing some last minute preparation. This would imply they knew about it in advance, which makes you wonder whether the government had been keeping an eye on Anonymous or if someone just tipped them off on the day.

the columns are:
Unix timestamp, ping time (-1 means no response), home page HTTP throughput (-1 means no response) and hostname resolved IP address. You’ll notice the IP address changes, but it’s the same site. You’ll notice the site comes back up again after the attack starts but the throughput is a lot lower.

[17:47-17:56]
"1287247640","-1","109 KB/s","212.100.0.44"
"1287247700","-1","-1","212.100.0.44"
"1287247760","-1","155 KB/s","212.100.0.44"
"1287247820","-1","153 KB/s","212.100.0.44"
"1287247880","-1","106 KB/s","212.100.0.213"
"1287247940","-1","107 KB/s","212.100.0.213"
"1287248000","-1","155 KB/s","212.100.0.44"
"1287248060","-1","124 KB/s","212.100.0.213"
"1287248120","-1","123 KB/s","212.100.0.213"
"1287248181","-1","109 KB/s","212.100.0.44"
[17:57-18:22]
"1287248241","-1","-1","212.100.0.213"
"1287248301","-1","-1","212.100.0.213"
"1287248377","-1","-1","84.12.207.146"
"1287248451","-1","-1","212.100.0.44"
"1287248537","-1","-1","212.100.0.213"
"1287248626","-1","-1","84.12.207.146"
"1287248686","-1","-1","212.100.0.213"
"1287248746","-1","31.1 KB/s","212.100.0.213"
"1287248806","-1","58.3 KB/s","212.100.0.44"
"1287248866","-1","-1","212.100.0.213"                                          
"1287248926","-1","24.3 KB/s","84.12.207.146"                                   
"1287248986","-1","62.9 KB/s","84.12.207.146"
"1287249046","-1","47.0 KB/s","84.12.207.146"
"1287249106","-1","55.9 KB/s","84.12.207.146"
"1287249166","-1","55.4 KB/s","212.100.0.44"
"1287249226","-1","62.7 KB/s","212.100.0.213"
"1287249287","-1","29.2 KB/s","84.12.207.146"
"1287249347","-1","69.0 KB/s","212.100.0.213"
"1287249407","-1","-1","212.100.0.44"
"1287249471","-1","-1","84.12.207.146"
"1287249531","-1","-1","84.12.207.146"
"1287249591","-1","-1","84.12.207.146"
"1287249651","-1","50.0 KB/s","84.12.207.146"
"1287249711","-1","34.3 KB/s","212.100.0.213"
"1287249771","-1","23.8 KB/s","84.12.207.146"

It is a slightly bleak outlook that government infrastructure can’t handle an amateur DDoS attack. Although it didn’t go down entirely.

Edit (waaay later):
NOTE: I still get quite a number of pageviews for the Anonymous stuff via the Gene Simmons article so I want to clear up some stuff about this entry. A bunch of other places (e.g. Panda security) who reported on these attacks and also gathered statistics erroneously believe the IPO was down for several days. This is false. The IPO never went down for more than a few minutes according to my viewpoint in the UK. What’s more likely is they mitigated the DDoS attack by dropping international traffic. The site only really has relevance inside the UK, so in my opinion the UK government had the most sensible and effective response of all the attacks I observed, it’s inaccurate and quite unfair to the sysadmins to say that Anonymous was successful in bringing them down.

Advertisements

I like blogging

Posted in Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: