Australians could be charged for WikiLeaks site attacks: expert

Dec 14, 2010

Australians who took part in attacks that brought down the websites of firms refusing to transfer payments to WikiLeaks may find themselves in breach of the law, a University of Sydney cyber-security expert says.

Last week a Low Orbit Ion Cannon (LOIC) 'botnet' network brought down Visa, MasterCard and websites after overloading those sites with requests from individual computers. These requests, made in response to the companies' refusal to make payments to WikiLeaks, were generated after controllers of the LOIC botnet commanded thousands of members to bombard the sites.

Professor Michael Fry from the School of Information Technologies says LOIC members who responded to the call to bring down the sites were potentially in breach of computer crime laws.

"If readily identified, the owners of the machines participating in this LOIC botnet could see themselves charged with abuse of computer facilities," Professor Fry says.

Professor Fry says it is unusual to see so many people willingly partake in such cyber attacks, known as distributed denial-of-service (DDOS).

"Usually DDOS attacks occur after 'botmasters' illegally take over thousands of computers, turning them into 'zombies' that can be used for illegal activities including spam generation, identity theft and extortion through denial of service. More often than not, the primary users of zombie machines are unaware their computer has been infected and used for illegal activity. By some estimates one in four home machines connected to the internet and one in eight corporate machines are zombies.

"What is fascinating and novel here is the latest attacks involved thousands of willing participants who knowingly allowed their machines to be infected in order to participate in politically motivated attacks. This suggests a huge level of emotive support for and its activities, but also a level of naivety. It seems members of the group downloaded publicly available LOIC code, but took no steps to evade discovery and identification, unlike criminal botnets which use sophisticated evasion techniques. This makes members vulnerable to detection, potential prosecution and counter-cyberattack. Counter-attacks have indeed happened today, initiated by US political groups.

"Whether or not legal action is taken against offending participants is a thorny issue. This cyber war is gathering pace and prosecutions could generate another round of attacks. Either way we are seeing the beginning of a new era in political cyber-warfare with the widespread use of botnets."

Next year the University's School of Information Technologies and Centre for International Security Studies will jointly teach a postgraduate cyber-security course, developed in response to growing cyber-warfare.

Explore further: Facebook dressed down over 'real names' policy

Provided by University of Sydney

1 /5 (2 votes)
add to favorites email to friend print save as pdf

Related Stories

WikiLeaks under new cyber attack: Twitter feed

Nov 30, 2010

WikiLeaks said in a Twitter message on Tuesday that it was under a new cyber attack after a similar incident at the weekend just before the website began releasing secret US diplomatic cables.

DOS Extortion Fading

May 01, 2007

The economics of Denial Of Service blackmailing isn't working out, and botnet owners are shifting to other, less risky crimes.

Report: DDoS attacks big Net threat

Oct 12, 2005

A new report warns that Internet service providers are facing an unrelenting barrage of distributed denial of service attacks aimed at crashing the network.

WikiLeaks backlash all bark, no bite: experts

Dec 12, 2010

Despite their martial overtones, the attacks on credit card and other websites by supporters of WikiLeaks founder Julian Assange are more political protest than real cyber war, experts say.

Microsoft uses law to cripple hacker spam network

Feb 25, 2010

Microsoft on Thursday said it combined technology with an "extraordinary" legal maneuver to cripple a massive network of hacked computers that had been flooding the Internet with spam.

Recommended for you

Facebook dressed down over 'real names' policy

2 hours ago

Facebook says it temporarily restored hundreds of deleted profiles of self-described drag queens and others, but declined to change a policy requiring account holders to use their real names rather than drag names such as ...

Yelp to pay US fine for child privacy violation

9 hours ago

Online ratings operator Yelp agreed to pay $450,000 to settle US charges that it illegally collected data on children, in violation of privacy laws, officials said Wednesday.

A Closer Look: Your (online) life after death

Sep 16, 2014

Sure, you have a lot to do today—laundry, bills, dinner—but it's never too early to start planning for your digital afterlife, the fate of your numerous online accounts once you shed this mortal coil.

Web filter lifts block on gay sites

Sep 16, 2014

A popular online safe-search filter is ending its practice of blocking links to mainstream gay and lesbian advocacy groups for users hoping to avoid obscene sites.

User comments : 0