Foot Soldiers for Wikileaks: 27,000 Download Attack Software Overnight

An inside look at the anatomy of the pro-WikiLeaks hack attack.

ByABC News
December 9, 2010, 2:55 PM

Dec. 10, 2010— -- Downloads of the software program used by Wikileaks supporters to launch cyberattacks online spiked overnight, topping more than 43,000 downloads in the past week, according to the U.S. data security company Imperva.

While impossible to know whether all the computer users had joined the ongoing "cyberwar" against U.S. companies that severed ties to Wikileaks, the data suggest a growing number of people are answering the call to arms put out by a scrappy, decentralized coalition of WikiLeaks defenders that calls itself Anonymous.

There were 700 worldwide downloads of the widely available software, Low Orbit Ion Cannon, or LOIC, Monday, with more than 27,000 downloads occurring Thursday, according to Imperva web security researcher Tal Beery.

Over the past few days, members of Anonymous have bombarded corporate websites for MasterCard, Visa and Paypal, disrupting their normal operations. There are also signs that it was behind attacks on Swedish government websites and those tied to Sarah Palin and Sen. Joe Lieberman.

How'd they do it? The technology behind Operation Payback is surprisingly simple, cybersecurity experts say.

The massive hack attack appears to have been orchestrated by a handful of organizers with control over a virtual army of tens of thousands of computers. The networks -- called botnets -- can inundate their targets with denial of service attacks, so overwhelming a site's server that regular customers can't get through.

Security experts reached by ABC News estimated that several thousand computer users have voluntarily dedicated their machines to the campaign, downloading attack software, installing it on their computers and connecting to a central server called a HiveMind.

Anonymous has posted online step-by-step instructions for download, telling participants that after installing the software they simply "sit back and enjoy!"

Then, HiveMind masterminds input the IP address of their desired target, and all the affiliated computers running the special software begin to bombard the site.

"Remember: current target is, port 443. We are currently FIRING!" one of the HiveMind organizers posted under the Twitter handle AnonOpsNet late Thursday.

The software, a simple Windows application called Low Orbit Ion Cannon, or LOIC, was developed decades ago to test the ability of a website to handle traffic. Because it's open source, meaning its code is publicly available, it is also easily shared and manipulated.

"This program just goes and grabs data on the target website at a high rate, in effect having no pause in your viewing of a webpage," said Barrett Lyon, an Internet security expert who created the first denial of service defense company in 2004 and has analyzed the ongoing cyberwar. "It's basically just blasting the website using all the resources of the user."

But the attacks don't appear to be meant to do more than create a show, Lyon said, noting the hackers don't seem to be seeking confidential company or consumer information, such as credit card account numbers.

In their manifesto posted online Thursday, Anonymous said it did not intend to attack the "critical infrastructure" of sites like Visa and MasterCard but instead to disrupt their corporate websites. "Anonymous does not seek to disturb the public peace nor the average internet citizen; for average internet citizens are most of us who are Anonymous," the statement says.

WikiLeaks' founder, Julian Assange, has vehemently denied directing these attacks in any way. His lawyer told ABC News' Jim Sciutto, "Wikileaks is not in the business of revenge."