Political hacktivists turn to web attacks

Large and small perfumiers were hit in one extended attack

Political activists are increasingly using net attacks as a means of protest, reveals a report.

Since late 2009, environmental, political and ideological groups have become significant users of attacks that swamp sites with data.

The groups are well resourced and use innovative techniques said Prolexic, a security firm that combats the attacks.

Its findings come as cyber-activists block Australian government websites in protest at plans to filter content.

Prolexic estimates about a total of nine million computers are used to mount the data flooding attacks.

"The last three months have been pretty interesting," said Paul Sop, chief technology officer of Prolexic.

For years, said Mr Sop, organised crime gangs had been the main users of so called Distributed Denial of Service (Ddos) attacks which try to knock websites offline.

New techniques

Such gangs typically hire someone who runs a network of hijacked machines, a botnet, and asks them to flood a target with data on their behalf.

Click's Spencer Kelly talks to Jacques Erasmus from Prevx after taking control of 22,000 computers in March 2009

The tactics and techniques they used remained unchanged for a long time, he said.

"Then something strange was starting to happen," he said. "New players started to enter the field involved with ideological, political and environmental activism."

In one attack both large and small perfume firms were hit in an apparent attempt, said Mr Sop, by green activists to express their disquiet with the way the companies made and tested their products.

These players also used techniques that had never been seen before, he said.

"We've seen the new code base to test the new capabilities and the new weaponry," he said.

These techniques are far removed from those favoured by organised criminals. Some targeted databases behind a website in a bid to swamp that with bogus login attempts or lengthy search requests that would knock out the server and take out the website too.

"We asked ourselves what's changed?" he said. "What's the most likely rationale behind these attacks?"

Often when a site employed defence measures those carrying out the attacks backed off. This was not the case with the novel attacks which kept battering away at their targets.

It became obvious who was behind these attacks, said Mr Sop, when Prolexic looked at the organisations being hit which included banks, newspapers and free speech forums.

Government attacks

Increasingly, he said, the attacks were being carried out to make a political point.

This week, anti-Scientology group Anonymous blocked access to some key Australian government websites, including the parliament site and the website of Prime Minister Kevin Rudd.

It was in protest at plans to block access to a range of sites, including those featuring gay pornography.

Mr Sop said Prolexic suspected that some of the attacks it had seen in recent months were being mounted by governments or their proxies in the hacking community as a way to demonstrate their cyber capabilities.

The resources being put into the attacks, some of which targeted very expensive pieces of net hardware, ruled out the involvement of organised crime, he said.

The Prolexic report said it was tracking about 4,300 command and control servers, each one of which was in charge of a herd of compromised machines. Some botnets have millions of members and others have only a few thousand.