back to article Anonymous unsheathes new, potent attack weapon

Members of Anonymous are developing a new attack tool as an alternative to the LOIC (Low Orbit Ion Cannon) DDoS utility. The move follows a spate of arrests thought to be connected to use of the LOIC, which by default does nothing to hide a user's identity. The new tool, dubbed RefRef, due to be released in September, uses a …


This topic is closed for new posts.
  1. Eden

    The question is...

    If you are on TOR and your NODE is used as the hopping off point for some DDOS'ing are the plod likely to try and finger you for it given the woefully tech ignorant state of the justice system or average juror with something akin to Oh you HAD to know TOR would be used for illegal purposes you are guilty!!!! (LIke anyone who ever uses a Torrent is a Pirate or plays a computer game is a mass murderer etc etc)

    1. Matt Bryant Silver badge

      RE: The question is...

      Tor in itself is not totally secure and hasn't been for years. Tor was originally developed with the help of the US Navy, which means the NSA have probably been plugged into it for years. Their is suspicions that some governments like the Chinese have set up their own Tor entry nodes and hijacked others so they can monitor their dissidents, which begs the question of how do you know which Tor nodes are good or bad? The biggest hole was shown by the Fwench with the "bad apple attack", but a much simpler way for governments to defeat Tor is simply to look for the routers, then pick out the entry and exit nodes. It's trivial for the authorities to sit on your ISP's connection server and look for anyone going to a Tor entry point, then just monitor your traffic before it gets onto the Tor network. Most Tor users are too ignorant to realise Tor does not provide end-to-end encryption, so the connection between your Internet access point and the Tor entry node is packed full of juicy evidence for any criminal investigation. Think you can be smart and go use an Internet cafe or public access point? Better mask your MAC address then. Oh, and your OS UID if you're using anything other than hand-rolled Linux or BSD, and make sure your browser isn't telling the World a host of identifying details. Which the average LOIC cannonfodder will not know how to stop.

      1. Peter2 Silver badge

        The other question...

        Is if someone SHOULD be liable for what goes over their network.

        I suspect that the number of people using Tor for breaking the law massively outweighs the number using it for legitimate reasons, however that's difficult to prove as logs aren't kept.

        Why not? Seriously. If someone is abusing the network, then they should be kicked off and reported to the appropriate authorities. Failing to do so will ultimately end up with the end node owner being held responsible for the activities of the script kiddies using it to hide their attacks. When a fair number of people end up in court for their Tor nodes, they aren't likely to continue hosting their node the tor network will collapse. I'm sure it'll happen eventually.

        I think it's difficult to argue that someone should be able to host an anon proxy server with no logs, take no responsibility for stopping people abusing it and yet not end up in trouble with the authorities.

        1. Matt Bryant Silver badge

          RE: The other question...

          I know someone that used to have an Onion router running in his DMZ (it was his private company's server). He started it with the altruistic hope that he was helping oppressed people get safe access to the Web so they could protest and get help from the West. He was pretty p*ssed when he got a visit at home from the coppers, who said his node had been used to transfer kiddie porn and he was suspected of being a member of a paedophile ring. When he asked other node owners he knew if he could somehow restrict the node to just "good" users he was told it was an "all-or-nothing" approach - he had to accept the purist vision that he should allow all traffic regardless to ensure the "freedom of the Internet". So he took his node down.

          1. Peter2 Silver badge
            Thumb Down

            RE: The other question...

            Exactly. My personal guess would be that the majority of the traffic over those sort of nodes is criminal in nature with another significant percentage being trolls and advertisers/spammers getting around IP bans.

            The purist lawless ideal of the internet is going to cause significant involvement from law enforcement dictating terms when they get the laws changed to force projects like that to close, which will then lead to people setting up other things, which will lead to those getting banned as well and so on until it's locked down so tightly that people can't use it to break the law.

            That outcome is of course far more desirable than logging the traffic through the networks, and voluntarily taking the details of criminals to the Police, so avoiding the need for compulsion and regulation.

            Oh wait.

            Have these people never done anything in the real world?!

          2. Anonymous Coward


            Matt Bryant : Thats incorrect. You can setup your ToR node to be restricted usage for just people you've made aware of the node. This allows you to avoid all the illegal activities that go on around the onion and you know that if the police visit you for such a situation then its one of your friends.

            1. Matt Bryant Silver badge
              Big Brother

              RE: incorrect

              "....You can setup your ToR node to be restricted usage for just people you've made aware of the node..." If your node is set to allow any user then you have a reasonable case for denying knowledge of what is going through your node, but restricting access automatically implies you are aware of what is happening. For example, if the coppers come and tell you user X is sending kiddie porn from IP address Y, and you continue accepting it, you are probably up sh*t creek if they come back a second time and you haven't stopped user X's access. With my mate, he was told that the police already KNEW which users were sending what traffic. They searched my firend's home and his workplace and took all his computers and servers off for forensics, which screwed up his business too, and left him the added fun of explaining to his family, staff and customers that he wasn't actually a kiddie-fiddler. Whilst the police probably had the sole intent of catching the padeo ring, it was a very effective way of removing a Tor node from the Net, and who's to say they might simply use the paedo card to target Tor node owners. If you are running a Tor node and restrict access then you had better know EVERYTHING about what your users get up to, otherwise your trust could land you in prison.

    2. Anonymous Coward


      Knowing the law would be useful before spouting off. Just because packets come from your IP address is not enough to subject you to arrest, let alone going to court or prison.

      The use of DDoS is destructive, and is affecting millions of internet users across the globe that are legitimate. Anonymous have no consideration for the average user of the internet. Hope they all get stabbed in the eye while they are in prison.

  2. JimC

    And so the death of internet freedom

    Comes another step closer...

    1. Scorchio!!

      Re: And so the death of internet freedom

      Another notch in the ratchet, for sure.

    2. Matt Bryant Silver badge

      RE: And so the death of internet freedom

      <Yawn> So that would be another SQL injection tool, then? What's the betting that when it is analysed it turns out to be just a rehash of an existing tool they downloaded.

      All the Anonyputzs and Lultwits are doing is creating their own nightmare - a fully-licensed Internet. Before long the govertnments of the World will tire of the unregulated Internet and start demanding control of all access. The ISP will let you on only if you prove who you are and have a valid "web license". Not yet eighteen? Then you'll be stuck in the "kiddies corner" with virtually zero access to the real 'Net. Commit a cybercrime and as part of the punishment the license is revoked, leaving you in the Dark Ages. The Anons are just too stupid to realise they are happilly shooting themselves in the feet.

      1. Semaj

        I Doubt It

        That kind of system will almost certainly be imposed if things carry on as they are but as soon as that happens people will just put their efforts into making better darknets and it'll be back to square one.

      2. tmTM

        Whoas there

        Taking things a little too far? I think we're a long way from that, a bunch a people annoying the odd company and exposing poor security won't cause 'the man' to slap the cuffs on us all.

        I think you've watched V for Vendetta to many times.

        1. Matt Bryant Silver badge

          RE: Whoas there

          Unfortunately, there have been many cases of politicians on both sides of the Atlantic looking for just such a solution for years. Long before the (appallingly poor) "V for Vendetta" film came out.

        2. JimC

          > better darknets...

          Darknets connected to what... You may find you'll be back to modems and private BBS... (those were the days!)

      3. easytoby
        Black Helicopters

        The alternative plan?

        Perhaps this is actually the 'plan'

        Let some tameable skiddies loose to stir up public opinion in support of regulation (e.g. French Pres. Sarkhozy's recent speach) - so there is something else to focus on (apart from gov having no money, no gold, no clue).

        Once they get too damaging, reel them in and put them on show, then roll out controlling legislation.

        (Mind you, our western record of controlling guerilla forces that we set up is not exactly spotless, so there may be a problem here)

    3. PCMcGee

      Re: And so the death of internet freedom

      The scarcer freedom becomes, the more it is sought.

      There is no scarcity in the want for freedom, I assure you.

      1. Matt Bryant Silver badge

        RE: Re: And so the death of internet freedom

        There is no scarcity of smart-arse quotes that do nothing but avoid the situation. You can crave freedom all you like, but if the governments take your toys away and puts you in a sandpit then all you get to play with is sand. Just ask the poeple of North Korea how that works. Or the Chinese dissidents, who would probably really not like to lose even the chance of safe Internet access because a bunch of skiddies were playing for "lulz". Who will complain about what the Chinese goverment gets up to if our own governments implement exactly the same controls in order to stop the likes of the Anonyputzs? Be thankful "Knee-jerk" Blair isn't still in power, or we'd already be there by now.

  3. Stefan 6

    DDoS is the last of your worries ...

    "So far, what they have is something that is platform neutral, leveraging JavaScript and vulnerabilities within SQL to create a devastating impact on the targeted website."

    If your website is open to simple XSS or SQL-injection attacks then DDoS should be the least of your worries.

  4. Bernard M. Orwell

    Skiddies still?

    Not bad for a bunch of script kiddies.

    1. Ru


      This is the 's' in 'skiddy', the purpose of which is to facilitate use of mildly sophisticated attacks by complete idiots. The sort of people who will be using it will be significantly less capable that the sort of person who wrote it.

    2. Matt Bryant Silver badge

      RE: Skiddies still?

      Yes, they still are. Your fanboi-like level of blind devotion seems to have allowed you to ignore the facts that:

      1. It's likely just another SQL injection tool, so nothing new or even vaguely inventive. In all likelyhood, when the project falters due to their lack of skillz, it will be just a minor rehash of one of the toolz they downloaded for their previous crimes.

      2. They haven't produced anything yet.

      So, yes, they're still just attention-seeking wannabes.

    3. Doug Glass

      Unorganized ...

      ... and undisciplined script kiddies to boot.

  5. This post has been deleted by a moderator

    1. Anonymous Coward

      What have you been expecting?

      I did think that LOIC at least issued http requests? Otherwise all you anon skiddies could just use ping. I probably shouldn't even mention ping.... oh well.

      1. This post has been deleted by a moderator

        1. Anonymous Coward

          @AC Friday 5th August 2011 09:24 GMT

          Apologies if I have offended your sense of your own technical skillz. I can however point to the parts of your original post that suggested that you were involved in Anonymous as a skiddie, and didn’t seem to know how LOIC worked.

          > About time, I've been expecting this for a while.

          This was the paragraph that suggested to me that you are involved with anonymous. When I read this suggests you have been awaiting with anticipation the arrival of this ‘fine’ DDOS’ tool. To my mind a hard worked developer defending the world wide web sites from DDOS would be more likely to say ‘About time, I was afraid they would develop their tools in this manner’.

          > Simple TCP/UDP flooding is pointless when you can issue web requests that consume much more processor power. Find a relatively processor intensive request, and hammer that and it'll be far more damaging. Bonus points if you do it over HTTPS which adds in the extra strain of encryption to it all.

          Again there is a degree of relish in your phrasing above, note particularly your phrase ‘bonus points’ for using HTTPS. You also mention TCP/UDP flooding, which whilst it can indeed be caused by masses of HTTP GET requests, can be more easily achieved with a number of other standard network tools. You then go on to say that ‘you can issue web requests’ implying that LOIC doesn’t issue web requests, not even an HTTP GET.

          > I don't see that anonymity networks being slow would be a bottleneck either tbh, find the right web request and it will often be heavy enough on CPU time disproportionately to the amount of data sent. Effectively it changes the battle from one of bandwidth, to one of CPU power

          And yet more relish in the emotive tone of your original paragraph. You may want to think through the points about ‘emotive tone’ above if you comment again?

          1. Decius

            Easily prevented... and the prevention is easily subverted

            Toss in a quick check: has this IP address sent spurious or excessive requests? If so, ignore the request.

            I wonder, though- why hasn't the previous tool been modified to send packets with someone else's IP address? The only reason IP address spoofing can't be used is that nothing gets back to the sender (Same problem with using a fake address for mail fraud). In a DoS attack, that seems irrelevant...

            Is the guy they caught the guy that did it, or his enemy/rival?

            1. David Dawson

              Reaches for the popcorn

              Sits back.

          2. This post has been deleted by a moderator

            1. Anonymous Coward

              @AC Posted Monday 8th August 2011 08:40 GMT

              No I remain unconvinced by your arguments. As evidence I would this time point to the somewhat spurious use of the argument that I have a suspicious nature, and your heavy use of invective language.

              Moving the goal posts on the discussion suggests to me that you don’t really understand the technology on which you are commenting. The use of invective shows low self-esteem problems.

  6. Oliver Mayes

    So what exactly have Pastebin ever done?

    The twats are now attacking Pastebin as a test of their latest script kiddie tool? How can anyone support these idiots who are willing to bring down innocent sites just because they feel like it?

    They're no better than 419ers or malware authors.

    1. Ru


      How much money do you suppose the various colours and flavours of Anon have defrauded from the public?

    2. Sir Cosmo Bonsor


      It is a bit puzzling, I mean they even *use* pastebin to post their various ill-gotten files. Seems a bit like shitting on one's own front door.

    3. Anonymous Coward
      Anonymous Coward

      Why attack pastebin...

      They have to field-test the weapon somewhere, and running it against a live site provides the most real-world result. I figure that since Anon uses pastebin so much themselves that they consider it a kind of home base on which to test their attack methods, without arousing too much public or police ire, before they're ready for the next real attack.

  7. Anonymous Coward


    Are people really stupid enough to use all their internet bandwidth to attack Sony because Microsoft told them to do so for removing OtherOS that nobody cared about?

    Are people stupid enough to think the internet is anonymous?

    Are people stupid enough to download malicious stuff like this and risk going to jail and/or getting really big fines?

    1. Loyal Commenter Silver badge


      "Are people really stupid enough to use all their internet bandwidth to attack Sony because Microsoft told them to do so for removing OtherOS that nobody cared about?"

      Microsoft did what now?

      I won't get into that argument now, but some people did want the ability to both use OtherOs and play games on their PS3s, and were, quite rightly in my opinion, pissed off with Sony when they took it away.

      And no, poeple weren't stupid enough to do this, because it isn't what happened. Sony got cracked, not DDoSed IIRC.

      "Are people stupid enough to think the internet is anonymous?"

      Yes, some are. I think naïve is probably a better word though. The people who assume that they are anonymous on the internet by default are probably the same people who believe without question the things they read in the papers or hear on Sky News. There are plenty of these people, unfortunately.

      "Are people stupid enough to download malicious stuff like this and risk going to jail and/or getting really big fines?"

      There have already been arrests, so I think you may have answered your own question.

      I think the sheer fact that LOIC has been used for DDoS attacks, without proxy anonymisation, and that quite a lot of people have joined in to do so, demonstrates that there are number of people who are both stupid enough and either pissed off enough, or are trying to fit in with a 'cool' crowd, to do so.

    2. Matt Bryant Silver badge

      RE: Questions...

      The first outings for LOIC showed the limits both to the number of people willing to use such a tool and the naivety of the Anons in thinking they would get general support. The take-up of LOIC was so poor that the supposedly non-existant leaders of the Anons had to resort to using zombienets. You know, the type of zombienets that do REAL criminal stuff like steal your gaming accounts and creditcard details - gee, I wonder how the Anons knew how to get those?

    3. JC 2

      @ Questions

      Q1) QOS is rather trivial to implement. People are discontent and willing to attack anyone if they are tricked into believing that doing so will ultimately bring them more good than harm.

      Q2) People are smart enough to realize that the odds of any one particular person being prosecuted are very low if the level of engagement is merely running a DDOS tool every now and then. Certainly some (younger kids) won't realize how easily things can be traced back to them, remember that teenagers think they are invincible to the point of even driving recklessly which is clearly a greater risk to them than running a DDOS tool on the internet.

      Q3) People are People

    4. Your Retarded

      Stupid enough to download

      You do realise that the mere act of downloading such tools does not have the risk of jail or fines associated with it?

  8. Citizen Kaned

    dont these tools realise?

    that what they are doing is in fact jeopardising our internet freedom? it will only be a matter of time before the govs lock all this down even more than normal.

    if shoplifters can get jail time then these little digital terrorists should expect a lengthy spell

    1. Anonymous Coward
      Thumb Up

      Couldn't agree more

      Yeah, civil disobedience is a terrible thing that has never achieved anything.

      Let's lock them all up, because that will stop the establishment from trying to shaft the rest of us. Really it will!

      History teaches us nothing.

      1. Random_Walk

        You really don't get it, do you?

        None of it is about locking up the brats.

        Even if the sentence was only just a light spanking from their mothers, the 'civil disobedience' in question will only spur the government(s), led by a massively ignorant population(s), to require, as a fellow poster put it, a Licensed Internet.

        Good luck being civilly disobedient on that framework.

        1. Anonymous Coward

          @Random_Walk: I really don't get what you're on.

          I was responding to the calls to lock them up.

          The internet is already under attack. Do you honestly care what excuse our governments use to attempt to justify this? They are going to try it anyway, and it is the 'brats' that will carry on fighting to stop them.

          You're arguing that we must cower in obedience in order to maintain the framework that enables us to rebel. Do I really need to point out the stupid there?

          1. Matt Bryant Silver badge

            re: @Random_Walk: I really don't get what you're on.

            ".......You're arguing that we must cower in obedience in order to maintain the framework that enables us to rebel...." What you fail to grasp is that the vast majority of the public, whom are all Internet users nowadays, do not see a problem with "licensing" the Internet, in fact the actions of the Anonyputzs is doing nothing more than driving the conviction that locking down the 'net is neccessary to stop people like the Anons. What you fail to grasp is the average Joe doesn't think like you do, sees your "rebellion" as just childish vandalism, does not want anarchy on the 'net, and cedrtainly does not support the actions of the Anonyputzs. Even my old Mum, not exactly living on the cutting edge of technology, came up with; "Well, we all have to have a driving license, insurance and registration plates before we go driving on the roads, so why should it be different on the information highway?"

            "...... Do I really need to point out the stupid there?" No, you have pointed out exactly how stupid you are.

    2. PCMcGee


      If the government is already locking down your internet, like "normal", aren't you the one already in a prison?

  9. Anonymous Coward
    Anonymous Coward


    What happened to all of their posturing about running LOIC on your own machine and not running it over botnets etc in order that "the man" knows you are protesting? That seems to have taken a bit of a back seat, another nail in the coffin of anonymous having any credibillity.

    In short: Protesting against Scientology: Good

    DDoSing everything that moves and putting up people's personal information for all to see: bad.

    1. MarkieMark1
      Big Brother

      Looking at it objectively

      Even scientology starts smelling of roses in comparison

      – then, saying that, everyone's own interpretation of it would possibly be a function of their reaction to the notion of the means justifying the ends

  10. Anonymous Coward

    If I were a script-kiddie tool

    I'd be anonymous too

    The embarrassment!

  11. tmTM


    "Whether or not RefRef does a better job at anonymisation, by default, remains unclear"

    With the group called Anonymous you'd hope so!

  12. Nunyabiznes

    Here there be a title.


  13. Anonymous Coward

    Two possibilities

    This tool is either:

    1) A shitty rehash of the open-source Slowloris tool

    2) A shitty rehash of an existing open-source SQL injection attack tool

    Either way, they'll have to release it somehow. Looking forward to reading the "technical" details of it.

  14. Anonymous Coward
    Anonymous Coward

    They ain't anonymous so it doesn't matter

    When they go to prison they can tell the other inmates how well their new attack didn't work.

  15. Spoonsinger

    Kick an anarcist in the nuts day needed

    duck and cover :-)

    1. Matt Bryant Silver badge

      RE: Kick an anarcist in the nuts day needed

      What seems to be needed is a lot better parenting for these skiddies. That and a removal of their access to the Internet. Followed by a good kick in the nuts.

  16. Gav

    Not a problem

    "The problem with LOIC is that unless attacks are anonymised by routing them through networks, such as Tor, then users will be flinging junk packets that are stamped with their IP address at the targeted systems."

    I don't see that as a problem at all. I see this as a good thing.

  17. Anonymous Coward


    I know it's asking too much for you guys to look something up you aren't sure about.

    SQL-Injections != Denial of Service Attack

    It's pretty much Keep-Dead 2: Electric Boogaloo.

    Try reading the link in the article.

    1. Anonymous Coward
      Anonymous Coward

      Re: "SQL-Injections != Denial of Service Attack"

      SQL injections can result in a DOS via leveraging sleep functions (e.g., or expensive wild card searches.

  18. Andus McCoatover

    Alright. That's it.

    Enough. I'm shutting my TOR off. Couple of years ago, it was the highest bandwidth TOR server in Finland.

    But I'm not aiding this shit.

  19. James Woods


    In all honesty what anonymous promotes in these types of things is doing nothing wrong. If anonymous wanted to take down a site without using loic all they would have to do is tell people to visit so and so website and continue to refresh it or use an auto-refresh.

    There is no way the web servers of the world could hold up to it unless your on a google/paypal scale and even those begin to feel the push after awhile.

    Smaller companies would run into it clogging their pipes and costing them money but isn't that always the goal?

    From what i've seen in the USA protesters can cause alot of problems for people. In the past protests have resulted in peoples deaths.

    So far anonymous hasn't killed anyone and the last time I also checked verizon, comcast, and the others know exactly what users are doing with their internet connections.

    So if they know why aren't they #1 held responsible for it and #2 simply enforcing terms of service?

    Guess they don't want to lose the money from the real terror threat; http attacks.

    Regardless of what happens in the future with anonymous they did prove their point.

    WIkileaks never did anything wrong or release anything that either A wasn't already released by the media and B if they did do anything wrong sure weren't convicted for it. But that didn't stop visa, mastercard, opendns (for redirecting traffic around anonops), paypal, and amazon (no taxes here kthx).

    When will the anti-trust filings open up about paypal being the only easy payment method to use on ebay or how about how the auction site and paypal are the same company. In my previous dealings with both you'll often find your emails from corporate coming from both sides. I've dealt with ebay and had paypal corp contact me and vice versa.

    Seems one in the same to me. Bell monopolies? Microsoft anti-trust?

    It's who you know.

    1. Anonymous Coward

      Quite an embarassing level of ignorance

      On current hardware even fairly cumbersome web servers can serve around 30 requests per second per process. How often do you think people can refresh the browser window? And you still think this is an effective attack vector? Maybe on a mom'n'pop or hobby server but anything professional should hopefully have a few more resources:

      1) serve as much content as possible statically - this can easily get you thousands or requests a second performance

      2) multipe server processes

      3) reverse-proxy caching

      4) CDN caching

      For DDOS http requests are, in my experience at least, fairly inefficient. Poisoned TCP and UDP packets attack the network directly and require more skill both to run and defend against. I think Slow Loris follows this approach but it is limited as to the server it can attack. Utility computing makes distributed, brute force attacks of this type fairly easy to run but if people are not careful they can fall foul of IETF because of the sheer volume of traffic generated. If this happens, you can expect more than your local ISP to come down on you.

      http attacks on servers are more useful for either detecting vulnerabilities or exploiting known ones. No point in sending poisoned requests to a server that ignores them. Such attacks generally seek to do more than simply make a server unavailable. But I don't think they really count as terror attacks. Getting onto a company's mail or file server is likely to be more rewarding or dangerous, depending on your point of view.

      Personally, I regard the wikileaks stuff as the high-point of Anonymous' success. White hat activity which highlights common security holes is important and it is important for journalists to cover the most egregious breaches, both of which generally tend to include a period of grace for fixing any problems.

      But much of the more recent attacks can perhaps best described as petulant. I have a little more time for the Lulzsec "doing it for laughs" approach which is at least free of the sickening self-righteousness of such of the anonymous stuff and, if there is an equivalent of graffiti on the web, then "Kilroy was 'ere" should be seen in the same light - it's a civil offence but also sometimes a legitimate form of protest.

      As others have noted, the poorly thought-out and executed DDOS attacks are fodder for those politicians who think that a free internet is per se a bad thing™. Much as Thatcher used civil unrest and the threat of IRA terrorism in the 1980s to extend the period of detention without trial and ban groups of more than six people gathering - yeah, worshipping the summer solstice at Stonehenge is the end of civilisation!

      As for your protests against Ebay and Paypal - you have my sympathy in that bank giro transfers don't seem to have reached America yet. I believe this has something to do with limiting the power of retail banks to doing business within a state. Anyway electronic transfers and alternative marketplaces are the solution to that particular problem.

  20. Anonymous Coward
    Anonymous Coward

    Already in use

    This tool sounds like 'Keep-Dead' by esrun which we've seen in use before.

    LOIC was a slight mod to old code. RefRef sounds like it could be the same deal.

  21. Dennis Wilson
    Thumb Up


    ........and here i am thinking that there was nobody else left in that lot who could read.

    I think these people are a godsend for teaching little old ladies how to change passwords.

  22. Anonymous Coward
    Anonymous Coward

    Replacing LOIC

    Using the TOR is only going to result in many sites blocking all TOR traffic, and Congress passing a law to allow or require them to do that. And it is something the RIAA and MPAA are already wanting blocked everyplace.

    I find this whole story suspicious. Why would an Anon, develop something, then let you know that it's coming and how it works? Personally, if I created something, I would keep it a secret until the last second, then release it without too much information.

    Something is not right about this.

  23. Chris 228

    As long as they go to jail, who cares?

    Anonymous is no longer anonymous since the chaps have been arrested so I suspect a lot more of these people will be headed for jail.

  24. Anonymous Coward


    I can't make sense of all the Tor comments on here. AFAIK there are only a finite (and relatively small) number of Tor exit nodes and they're publicly listed. So if someone is attacking you through Tor it's pretty simple to block all the relevant sites. That makes Tor pretty useless for this sort of thing.

    For an effective attack, there have to be lots of sites involved with unpredictable addresses. So that'd probably involve using open proxies (not much chance of shutting all those down), or botnets (ditto), or naive users (suicide bombers) who don't know they're not anonymous. That last one's already been tried of course.

    The other possibility seems to be masquerading as someone else by faking an IP address. I guess that's possible here because you don't need a reply. But I don't know how impenetrable that sort of fakery is at the receiving end.

    Whatever the relative merits of these approaches (for an attacker) they don't look to me like they'll prompt a draconian clampdown and result in a "licenced internet". If that were a silver-bullet solution to any of these approaches it would already have been done as they cause enough problems as it is. Having a few more script kiddies using them isn't going to make a whole load of difference, it seems to me.

    1. JohnG

      TOR and Proxies

      TOR and proxies do feature in some of the lists of banned IP addresses and networks used by some organisations. Obviously, it is a game of Whac-A-Mole, with new addresses popping up all the time but the blocklists catch a reasonable chunk of undesired traffic.

    2. Matt Bryant Silver badge

      RE: Puzzled

      There has never really been a reason for the Western governments to go after Tor, probably becuase they make clandestine use of it themselves, and probably becuase they have already penetrated it and are keeping an eye on certain nasty types. But never forget the unreasoning ability/stupidity of vote-pandering politicians that might decide "cleaning up" the "lawless" Internet is going to win votes in 2012 (the movie/song industry would happilly bankroll it). How long would Tor stand up to the might of the NSA? Probably about five minutes. All you would need to do is reconfigure tools like Soat to target nodes that the NSA doesn't already own, then either knock them off the Net by lawfare or simply DDoS them if they are outside US juristiction (say, Russia). Then just watch the IRC channels for chatter on any attempts to get round the blockade.

    3. Pseu Donyme


      ... spoofing the IP with a simple, no-reply-needed DDOS would seem to be a no-brainer (?). Also, the possibilty thereof would seem like a major problem for prosecution even if egress filtering was used by the ISPs in general.

  25. T J


    So.... they've basically reinvented Satan? Ie. the tool that along with Gabriel became Nagios.

    Nagios can already perform this kind of attack. And defend against it too.

    But then again a lot of idiots run that m$ rubbish as webservers, so until that is exterminated from the face of the web - not long to go now - it will remain fairly easy to penetrate and take down a lot of sites.

  26. This post has been deleted by a moderator

  27. Anonymous Coward
    Anonymous Coward

    To all "script-kiddie" attackers

    Don't you morons realise that all automated processes use scripted actions, because it is very slow, error prone and boring to do these operations manually e.g. users of NMAP could be accused of being script-kiddies but anyone who did would be an idiot!

    A lot of automated testing, including software testing is performed using some form of script.

    1. Matt Bryant Silver badge

      RE: To all "script-kiddie" attackers

      Yes, but peeps with real skillz can actually write their own scripts, rather than being reliant on just downloading someone else's. The essence of smart coding is re-use, never re-invent the wheel, but it helps if you have the ability to make your own wheels in the first place.

      1. Brian Miller

        "peeps with real skillz"

        A "peep with real skillz" wouldn't use something which leads directly back to them. A "peep with real skillz" would read about what successful anonymous DDOS attacks have happened, and *write* *code* which does the same thing. This means a little bit of knowing how a TCP stream works and writing raw sockets code, but not much.

        The only way to pull off a truly anonymous attack means that some innocent third party will be abused along with your intended target. But really, like a recent XKCD comic noted, this is defacement of a wall poster. Big deal.

        1. Matt Bryant Silver badge

          RE: "peeps with real skillz"

          "......The only way to pull off a truly anonymous attack means that some innocent third party will be abused along with your intended target....." Not wanting to help the Anonyputzs, but you can avoid the "abuse of innocents" (yeah, right, like they care!) by simply spoofing the targeted system to send responses either to loopback or it's own IP address. Or some address like that of the FBI or CIA. Truth is, the Anons don't give two figs about anyone else, they see their supporters as expendable "martyrs" for "the cause".

  28. Anonymous Coward

    Low Orbit Ion Cannon?

    Anonymous should follow the Reg's lead and name their next tool urL Operpowering Hacking Assistance Network--AKA--LOHAN!!

  29. catphish

    Use the police

    1) An application layer attack prevents the possibility of spoofing an IP address, so every source will be identifiable.

    2) Ask the police to go and knock on the door of every location originating these attacks.

    3) The police will meet one of 2 people: some kid's parents, or a Tor exit owner who might reconsider running their node if this is what it is being used for.

    If the chance of the police showing up at your door were 50% instead of 0.001% then maybe they'd think twice. I'd never suggest that people be prosecuted because their network was being used illegally, but a visit from the police can be very persuasive.

  30. PCMcGee


    So, SQL injection and java vulnerabilities are now the same thing as DDoS?

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021