12.07.10

Hackers War Over WikiLeaks

Hackers attacked Sarah Palin, MasterCard, and Visa's websites on Wednesday in revenge for assaults on WikiLeaks. Other hackers are fighting to defend the U.S. government. Brian Ries goes inside the First Amendment smackdown.

Hackers attacked Sarah Palin, MasterCard, and Visa's websites on Wednesday—and threatened Amazon.comin revenge for assaults on WikiLeaks. Other hackers are fighting to defend the U.S. government. Brian Ries goes inside the First Amendment smackdown.

When the Swiss bank PostFinance made the call Monday morning to seize the account of WikiLeaks’ Julian Assange—claiming he had provided “false information regarding his place of residence”—the finance house had unknowingly committed an act of war against a shadowy army of WikiLeaks sympathizers. The response was as swift as it was scathing—judging from the mood in a chat room in which some 250 hackers had gathered under cloak of anonymity to compare notes on how to shut down the bank’s website.

I got a peek at “Operation: Payback”—a collective of anonymous hackers fighting Assange’s battles in WikiLeaks’ information war—when I was invited in by a member of the group leading the charge on Twitter. But PostFinance wasn’t the group’s only enemy. They were also fuming over a surprising crew of equally skilled hackers bent on stopping their attacks. The hacker community was at war over WikiLeaks and its discontents.

"We only hit their main page, not the banking itself," one user, Lalala, writes of the assault on PostFinance. "That’s where it hurts for them." Another: "Let’s hit the sub domain too at the same time." And then: Tango Down, PostFinance was offline. Cheers erupted throughout the room.

Then, suddenly, the enemy army struck back—knocking the community’s resource site offline. "http://anonops.net 408 error from spain," one user posts, notifying the group their website was down in Spain. "From germany too," confirms another, "Is it possible anonops.net is under DDoS from the US Government?” (DDoS stands for Distributed Denial of Service attacks, in which a network of compromised computers—a botnet—is told to attack a targeted website all at once, crippling its servers).

Julian Assange— under arrest on sexual assault charges he denies, under investigation for possible espionage charges by the U.S. Justice Department, and being dropped by companies left and right—has triggered feverish debate about national security, patriotism, and the Internet’s role in the freedom of information. Nowhere is that debate more pointed than in the hacking community.

Howard Kurtz: Punching Back at WikiLeaks

Full coverage of WikiLeaks
“Our primary objective is to protect sharing of digital information and culture, so everybody can access to it, so that implies defending freedom of speech,” three of the hackers attacking the Swiss Bank told me in a collaborative online discussion on Monday. (When asked to whom that statement should be attributed, the answer came back: "We are nothing without each other. We all act as one.")

“We will fire at anyone or anything that tries to censor WikiLeaks. The major shitstorm has begun.”

“[The] Internet is the only place left where we can communicate freely without any censorship... until now,” they said.

These are the "hacktivists," a loose collective fighting for WikiLeaks and those ideals the organization embodies—openness, access, and freedom of speech. They are soldiers in what John Perry Barlow, co-founder of the Electronic Frontier Foundation, has called “the first serious infowar,” and they have engaged. “The field of battle is WikiLeaks. You are the troops,” read his recent tweet.

Lining up in opposition: shadowy operatives working to knock WikiLeaks and its supporters offline. Nobody in the hacking community knows how many, or who they are exactly–-save for The Jester, a self-described “patriotic hacker” who usually attacks terrorists’ message boards, but has since redirected his efforts toward WikiLeaks as a matter of national security. The hatred for him runs deep; one hacker told me Jester’s “a lammer (maybe fascist) or simply a kid brainwashed by their government.”

“Aside from Jester,” says Nadim Kobeissi, a 20-year-old Beirut-born hacktivist who founded an ethical hacker network called Anapnea told me, “No other ‘hacker’ has come out as a WikiLeaks cyberattacker.”

But there are rifts in the “hacktivist” ranks. Some fight their battles through innovative, non-harmful ways like setting up some of the hundred or so “mirrors”—literal carbon-copies of a website hosted elsewhere—of the original WikiLeaks cable archive, to protect the site’s material.

The other—the "script kiddies"—the name given to those using software to launch the attacks on WikiLeaks’ enemies.

“The only divide we see here are the smart hackers who understand the ideals and what’s at stake and have the talent to fight for it in innovative ways, and the not-so-talented ones whose only trick in the book is to dump a deluge of packets on a server to take it down,” adds Kobeissi.

Operation: Payback, some of the more determined “script kiddies” in the fight, uses software called Low Orbit Ion Cannon—an application developed as digital weaponry in a previous war with Scientology.

Its foot soldiers use off-shore hosting, virtual private networks, masked IP addresses, and false identifies to keep from being caught. Many are European; many work in fields like electrical engineering, computer engineering, or computer network engineering. Others chafe at those descriptions as incomplete stereotypes. In the chat rooms, they vote, spread e-posters on message boards like 4chan, and launch attacks.

Operation: Payback outlined its mission on one such poster passed around Monday in the moments leading up to the assault on the Swiss bank. “Target: http://www.postfinance.ch,” it read, sentencing the Swiss bank responsible for freezing Julian Assange’s defense fund Monday morning to a death of a thousand cuts. “We will fire at anyone or anything that tries to censor WikiLeaks. The major shitstorm has begun.”

By Tuesday, they had taken down other WikiLeaks enemies too, including PayPal’s blog, the website of the Swedish prosecutors in Assange’s trial, and Senator Joe Lieberman’s government website.

At one point, as Operation: Payback was attacking Lieberman’s site, a threat researcher at PandaLabs watching over Tuesday’s battle noted an intensity in the counter-attacks. “We’re not sure who exactly is involved in the retaliation against the group,” Sean-Paul Correll wrote, “but we suspect that it may be a group of patriots attempting to protect the greater interests of the United States of America.”

The battle lines drawn in the WikiLeaks showdown aren’t entirely new. Emmanuel Goldstein, editor of The Hacker Quarterly, says that when an American spy plane went down in China and his organization was “deluged” with emails about patriotic hackers of both countries fighting each other. But Goldstein suspects that many of the so-called patriots are actually based at the Defense Department.

“Every one of those emails was traced back to .mil addresses,” he said. “Hackers are viewed as potential armies, mostly by existing armies and by those who have no conception of what hackers are all about.”

And those who seek to silence anyone they disagree will violate the hacker ethic, Goldstein says.

“In the hacker world, we respect the opinion of the individual and unite with those we agree with in order to get the message out,” he says. “Silencing your opponent is simply for people who have run out of ideas.”

Brian Ries is tech and social media editor at The Daily Beast. He lives in Brooklyn.