Much of the organization and communication among the group, which calls itself Anonymous, was taking place on chat rooms hosted on anonops.net. On Thursday, one room hosted more than 2,000 participants, while on Friday most of the rooms seem to have been shut down due to counterattacks.  The few protestors able to connect — less than 100 on Friday – appear to be devoting their energies to combat a counter-protester who keeps blasting the message: “WHAT YOU’RE DOING IS ILLEGAL. STOP NOW AS YOU SUCK AT IT. WIKILEAKS SUCKS AS WELL”.

Adding to the confusion, the site anonops.info is reporting that their DNS provider ENOM has cut services to the domain hosting the chat channels, and that the operation is suffering from its own popularity and outside attacks.

Still the group is struggling on, and in a chatroom that was still operable, one member requested that protesters register their vote for the next target, using a embeddable Google form to collect the info.

The group made headlines around the world on Wednesday when the ragtag band of computer activists successfully overwhelmed both Visa.com and Mastercard.com, the homepages of the two giant payment processors that cut off the ability to make donations to WikiLeaks using their cards. The companies said they made the decision after deciding that WikiLeaks publication of secret U.S. diplomatic cables provided to it by a whistleblower violated their terms of service, though the site has not been charged with a crime.

The companies’ payment systems were not affected by the flood of traffic. Anonymous then shifted their focus to PayPal — which had also shut off the ability to donate to Wikileaks — where they briefly disrupted the popular online payment firm by targeting the company’s payment system directly.

The attacks aren’t hacks in the real sense of the word, since they don’t penetrate the companies’ computer systems and leave no lasting damage. They simply overwhelm servers with web requests, in an attempt to make a site inaccessible to real users. The attacks on Visa.com and Mastercard.com were, in effect, an internet age version of taking over a college campus building as a protest — potentially illegal, but leaving no lasting damage.

That distinction was lost on many, and even the august New York Times used the word “cyberwar” in its lead sentence in its report on the attacks Thursday.

Parts of Anonymous seemed to realize that it was losing in the propaganda war, which was exacerbated by media reports that the group would be attacking Amazon.com, which cut off WikiLeaks from Amazon’s robust web hosting service.  In a press release, someone purporting to speak for the group tried to explain that the purpose of the attacks were to raise awareness, not mess with Christmas shopping.

“[T]he point of Operation: Payback was never to target critical infrastructure of any of the companies or organizations affected. Rather than doing that, we focused on their corporate websites, which is to say, their online public face’. It is a symbolic action — as blogger and academic Evgeny Morozov put it, a legitimate expression of dissent.”

As for the reported attacks on Amazon.com, the press release said the group refrained because they didn’t want to be seen as disrupting Christmas. (An attack would not likely have a chance against Amazon, whose infrastructure is so good that it rents it out to other companies.)

“Simply put, attacking a major online retailer when people are buying presents for their loved ones, would be in bad taste. The continuing attacks on PayPal are already tested and preferable: while not damaging their ability to process payments, they are successful in slowing their network down just enough for people to notice and thus, we achieve our goal of raising awareness.”

While these are smart public relations sentiments, the Anonymous attacks on PayPal that started on Wednesday night and continue, albeit in much smaller volume, on Friday morning, went after PayPal’s payment infrastrucure (technically, its payment API which merchants use to communicate with PayPal.com), not the website. Anonymous members made it clear in one heavily used chat room Thursday that they were gunning to shut PayPal down, not simply “slow down” the service.

Another communique, perhaps unofficial, re-published by BoingBoing Thursday night, announced that Anonymous would be halting the denial of service attacks and instead turning their attention to the leaked cables. The idea was for Anonymous to spend its time looking for little reported revelations in the cables, create videos and stories about them, and bombard sites, including YouTube, with links to them.

The FBI has said they are looking into the attacks, and already Dutch police have arrested a 16 year-old boy in connection with the attacks. Two people involved in Anonymous’s previous attacks on Scientology were convicted on jailed on charges of violating federal computer crime statutes. Those who join in the attacks using their own computers and IP addresses that can be traced back to them are making themselves very vulnerable to similar prosecutions.

Few who are part of Anonymous are actual “hackers,” and instead join in the attacks by running specialized software provided by more technically adept members. Instruction for which sites to target and when are passed around dedicated online chat channels and websites, creating a sort of online insurgency.

Anonymous’ DDoS tool has an unusual twist, according to 3Crowd CEO and DDOS expert Barrett Lyon, incorporating features that allow members to connect to the botnet voluntarily, rather than mobilizing hijacked zombie machines. It is called LOIC, which stands for “Low Orbit Ion Cannon,” and evolved from an open source website load-testing utility. A new feature called Hivemind was added, which connects LOIC to anonops for instructions, and allows members to add their machines to an attack at will.

In a further development, Anonymous members have also created a JavaScript version of the tool, dubbed JS LOIC, which only requires someone to connect to a webpage and press a button to turn their computer into a dedicated attacking machine (see image).

However neither that site nor the downloaded software masks a user’s IP address, and the downloadable software has generated complaints from its users that it sucks up all their available bandwidth when it’s in attack mode.

Authors: Ryan Singel

to know more click here