Anonymous Wikileaks attackers 'easy' to find says study

Post box, Getty Web attacks were like sending a menacing letter bearing a return address, say researchers

Working out who carried out web attacks in support of Wikileaks would be easy, suggests a study.

The tool used in the attacks leaks the net addresses of everyone who used it, reveal Dutch computer scientists.

In early December thousands of people downloaded the tool to aid attacks on Mastercard, Visa, Paypal and Amazon.

The study found that the tool makes no attempt to hide a user's net address which would lead any investigator almost straight to an attacker.

No spoofing

"What I do expect is that some people will be caught," said Dr Aiko Pras of the Design and Analysis of Communication Systems department at the University of Twente who lead the study.

Dr Pras said some countries will want to make an example of those that took part in the web attacks in early December. Two people have already been arrested in Holland for co-ordinating the attacks.

The Anonymous group behind the attacks recommended supporters download and install LOIC to punish companies it regarded as being anti-Wikileaks.

Advice on the site from which LOIC can be downloaded re-assured people by saying there was "next to zero" chance that anyone who used it would be caught.

However, said Dr Pras, analysis of the data traffic LOIC generates suggests that it would be easy to find attackers.

"The current attack technique can be compared to overwhelming someone with letters, but putting your real home address at the back of the envelope," they wrote in a report on LOIC.

To investigate how LOIC works the University of Twente team set up a small network and bombarded one machine with packets of data generated by LOIC.

The target machine was set up to record information about the packets of data being sent to it. This is known as a denial of service attack and aims to overwhelm a host or server with request for data.

A look at the packets of data generated by LOIC showed the net address of an attacker in every one and revealed that "the tool does not take any precautions to obfuscate the origin of the attack" wrote the researchers.

This was a surprise, they said, because techniques to spoof net addresses are well known and trivial to use.

"The tool was written to do a stress test on your own servers and there was no intention for it to used to do denial of service, said Dr Pras, "because of that they did not do any anonymization."

LOIC tries to create thousands of connections to a target, said Dr Pras, which would mean that there was plenty of evidence police forces could use to trace attackers.

"Most people have no clue about the traces they leave on the internet," he said.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.