Anonymous attacked WikiLeaks

Powered by SC Magazine
 

New exploit attack tool undergoes field tests, goes live in September.

Anonymous members have taken responsibility for launching a denial of service attack against Wikileaks this week using a custom-built tool that exploits a SQL server flaw.

Members were conducting field tests of the tool dubbed RefRef against several websites including WikiLeaks, Pastebin and was hitting 4Chan at the time of writing.

Users of a Twitter account linked to the RefRef attacks and an AnonOps blog described themselves as hacktivist with “a personal vendetta against WikiLeaks” adding that “we are sorry we took you down. We are even.”

Other Anonymous users had pledged support for Wikileaks and during this year and 2010 launched attacks against organisations which hindered or reviled the whistleblower organisation.

The RefRef tool was under development for months and was due for release mid September.

It exploited a known SQL injection vulnerability that overwhelmed a target’s resources by "using a target site's own processing power against itself" according to an AnonOps blog.

The tool would become useless against websites that had patched the vulnerability.

“So far, what they have is something that is platform neutral, leveraging JavaScript and vulnerabilities within SQL to create a devastating impact on the targeted website,” the AnonOps blog said.

“Previously, Low Orbit Ion Canon (LOIC) was the go to weapon for Anonymous supporters during protests against dictators in North Africa, and Operation: Payback. However, LOIC is also the reason scores of people have been arrested in the last year, so many feel its time is at an end.

“An attack vector that has existed for some time, resource exhaustion is often skipped over by attackers who favour the brute force of a (Distributed Denial of Service) attack sourced from bots or tools such as LOIC”.

Pastebin administrators in a tweet asked Anonymous to not “test your software on us again”.

 

More to follow.

Copyright © SC Magazine, Australia


Anonymous attacked WikiLeaks
Tags
 
 
 
Top Stories
Beyond ACORN: Cracking the infosec skills nut
[Blog post] Could the Government's cybercrime focus be a catalyst for change?
 
The iTnews Benchmark Awards
Meet the best of the best.
 
Telstra hands over copper, HFC in new $11bn NBN deal
Value of 2011 deal remains intact.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1793

Vote
Do you support the abolition of the Office of the Information Commissioner?