Anonymous Wikileaks supporters mull change in tactics

Web attacks carried out in support of Wikileaks are being wound down as activists consider changing tactics.

Attacks against Amazon were called off late on 9 December and re-directed towards net payments firm Paypal.

Analysis suggests the earlier attacks were made more effective by the involvement of hi-tech criminals.

At the same time one wing of the activist group suggested ditching the attacks and doing more to publicise what is in the leaked cables.

The attacks have been carried out using a tool, called LOIC, that allows people to bombard a site of their choosing with data or let the target be chosen by those running the Anonymous campaign.

The tool launches what is known as a distributed denial of service (DDoS) attack which tries to knock a website offline by bombarding it with so much data that it cannot respond.

The LOIC tool has been downloaded more than 46,000 times but, said Anonymous activists in a tweet, this did not translate into enough people using it to knock the retail giant off the web.

Instead, the attack was re-directed towards Paypal and its computer systems which, according to a status page, has intermittently suffered "performance issues" ever since.

There have also been calls for attacks on official Dutch websites following the arrest of a 16-year-old boy suspected of involvement in the online campaign.

But early on 10 December Moneybookers was chosen as the next target and its site was occasionally unreachable from about 1100 GMT.

The chances of success could be boosted by a new version of LOIC written in web programming language Javascript that allows anyone with a browser, including on a mobile phone, to launch attacks.

However, defences against the attacks were being drawn up as security firms scrutinise the code behind LOIC to work out how attacks happen. Some suggest that well-written firewall rules would be able to filter out most of the harmful traffic.

Information is also starting to emerge about the other resources that supporters of Anonymous have been able to bring to bear. Research by security firm Panda suggests that some of the earlier attacks on payment firms were aided by hi-tech criminals.

Luis Corrons, technical director of Panda Labs, said during its investigation of Anonymous' attacks its analysts got talking to some of the activists via Internet Relay Chat (IRC).

One of those activists said he had a botnet of 30,000 machines under his control that he was planning to use on behalf of Wikileaks.

"The guy said he had this botnet which was nothing special and was not specifically designed to do these attacks but could be used to do them," said Mr Corrons.

A botnet is a network of hijacked home computers that have been compromised by their owners visiting a booby-trapped webpage that installs code to hand over control to a hi-tech criminal.

Mr Corrons said a botnet with 30,000 machines in it was "about average size". Most of the spam sent around the net is funnelled through machines that are in botnets.

It was becoming clear, he said, that some attacks were aided by the 30,000 machines under the cyber criminals control.

"We know for sure the botnet was used in at least one attack on Paypal," he said.

Panda itself has come under attack with its blog knocked offline for hours by an attack very similar to those Anonymous has been carrying out. Mr Corrons said that, so far, it did not know why it was being attacked or who was attacking it.

There are also suggestions that the Anonymous group might be about to drop the web attacks in favour of another tactic.

A message posted on the 4chan image board, out of which Anonymous has grown, suggests dropping LOIC in favour of publicising information in the diplomatic cables that Wikileaks is releasing.

Searching for the less-well publicised cables and spreading the information they contain around the web could be more effective than simply knocking out sites deemed to be enemies of Wikileaks, it said.

The message also suggests using misleading tags on posts and YouTube videos to trick people into reading or viewing the information.

"They don't fear the LOIC, they fear exposure," read the message.

It is not yet clear if the call to change tactics has been taken up by the Anonymous group at large.

In related news, Wikileaks looks set to have a rival as former staffers of the whistle-blowing website prepare to launch. Set up by Daniel Domscheit-Berg, Open Leaks is expected to launch in mid_December and will host and post information leaked to it.