'Anonymous' defends the use of web attacks
Web activist group Anonymous has criticised the arrest of its members claiming the web attacks they launched were a legitimate form of protest.
Five men were arrested yesterday in connection with web attacks carried out in support of Wikileaks.
Overnight, US law enforcers said they had executed 40 search warrants in conjunction with UK operation.
Anonymous said the action was a "serious declaration of war" by the UK government against it.
Despite Anonymous' claims, in an open letter published online that denial of service attacks are a legitimate way to protest, UK law says such attacks, which bombard sites with data, are illegal.
The arrests of five of its members was "a sad mistake" by the UK authorities, Anonymous.
Distributed denial of service (DDoS) attacks should not be confused with malicious hacking, instead be regarded as "a new way of voicing civil protest", it added.
What is a DDoS attack?
- A Distributed Denial of Service (DDoS) attack aims to make websites inaccessible
- Attackers commonly use networks of compromised computers - called a botnet - that they control to launch the attacks
- However, the Anonymous attacks recruited volunteers to download a tool to create a "virtual" botnet
- By overwhelming the target site with requests, the attackers can ensure that genuine visitors cannot reach the site
- These requests look like genuine web traffic so can be hard to filter out
- Typically, such attacks have been aimed at high-profile websites, such as those belonging to government departments, banks and political organisations
- They are illegal in most countries
Detectives from the Metropolitan Police's Central e-Crime Unit arrested five men, aged between 15 and 26 in connection with offences under the Computer Misuse Act 1990.
The men were arrested at residential addresses in the West Midlands, Northamptonshire, Hertfordshire, Surrey and London.Not so anonymous
That legislation makes it clear that launching DDoS attacks is illegal, said Graham Cluley, senior security analyst at Sophos.
"Most of the people that took part in the attacks in support of Wikileaks volunteered to do so," he told BBC News.
The web attacks were mounted against firms such as Mastercard, PayPal and Amazon which had withdrawn their services to Wikileaks, in the wake of its publication of leaked embassy cables.
The DDoS attacks launched against those companies was done using a web toll known as the Low Orbit Ion Cannon (Loic).
That made it easy for authorities to locate those responsible, as Loic does nothing to mask the IP address of those initiating the flood of web traffic, said Cluley.
"Once you know someone's IP address it's relatively simple to find their physical address," he said.
In December two Dutch teenagers were taken into custody and subsequently released over allegations that they had helped coordinate the attacks.
The five men arrested in the UK have been released on bail.