This is turning into one of the best stories so far this year, and yet it seems doomed to only be known by geeks. Still spinning quickly, with new revelations daily, but it goes a little something like this:
[Y]our numbers are too small to draw the conclusion but you don't want to accept it. Your probability based on frequency right now is a gut feeling. Gut feelings are usually wrong.
Hunton & Williams was recommended to Bank of America's General Counsel by the Justice Department -- meaning the U.S. Government is aiding Bank of America in its defense against/attacks on WikiLeaks.Copious footnotes and link as usual. Required reading. Palantir and Berico eventually issue a condemnation of the targeting of Salon and Greenwald.
Articles on or related to cyber attacks/security:
The Australian Government will learn that one does not mess with our porn.
I had read about Barrett Lyon a few years back when his CSO story was linked around on Slashdot etc. At the time--and this is five years ago--a big enough bot net could take anyone down. Lyon built one of the first (*the* first?) DDoS firewalls to protect gambling sites from, what turned out to be Russian, extortionists. The CSO article ends wryly, noting that companies now pay around $50,000 to protect themselves from having to pay protection. Insert joke here about virus scanners slowing down your machine so that viruses can't.
The fact that Google can be attacked, and that they'd partner with the NSA, illustrates the gravity of the current threat. This time, it's not just thugs but government sanctioned thugs. I've read in Slashdot threads that Russia has the same tactics: leverage their hackers to disrupt Western corporations and governments. It's nice to know that the US doesn't stoop to such measures (insert joke that when *we* do it, it's not torture).
Lyon's company started protecting Scientology sites after Anonymous started their Project Chanology raids in January 2008. Since Anonymous employs multi-honed attacks (DDoS, black faxes, picketing, information) a firewall offers only partial protection. And, as had been shown with the Marblecake hack, sites can be subverted without being taken down. The True/Slant article references a Neuromancer quote as prediction of the decentralized, directed mob that is Anonymous. They're doing what any activists do: bring attention to an injustice. Reading the inevitable panic-stricken comments denouncing Anonymous, it's interesting to note the difference between "activist" and "terrorist".
The internet is at that awkward age of being both fragile and essential. Small groups like Anonymous are leveraging that fragility as much as are governments. Grab some popcorn; watch the show.
[ updated 25 Feb 2010 ]
US unable to win a cyber war [ via Slashdot ] reaffirmed that the US's extra-connectiveness increases its weaknesses. One proffered solution is to give the Pres access to the on/off switch of the internet (Reminding me of a two-panel cartoon I saw on the internet years back showing the difference between defending a cyber attack in the movies and IRL. The movie scene has the hero spewing 24-style techno-babel that barely makes sense in the fictional world. The real scene has the pimply tech grab the router and pull out the network cable. The Slashdot thread has an oddly compelling comment on what will happen when shit gets real.
[ updated 6 Mar 2010 ]
Slashdot posts a rebuttal and declares the concept meaningless.
Those wacky kids on 4chan were at it again. Their target this month? The Time.com poll of the 100 most influential people in the world. Their goal had originally been to put 4chan creator Moot at the top, but after that proved to be too easy they aspired to a higher purpose and gamed the results to spell a "secret message" with the first letters of the names in the list. Eschewing the mundane (e.g. spelling out "eat me" or some such), they went with the more cryptic "marblecake, also the game". Take that, NSA.
I'd first seen the result from a post on Reddit and, honestly, almost didn't believe that they could do it. But after reading Music Machinery's interview with one of the perpetrators [ also via Reddit ], I can't believe what web dev dorks the people at Time.com are. If the interview is to be believed, their poll accepted any and any number of GETs to add a vote. ?!? While the rest of us are puzzling over XSS vulnerabilities, Time breaks the first rule of GET. The rest of the interview (with Zombocom, referencing the always-entertaining http://www.zombo.com/) revealed the details of how they wrote tools to attack each part of the problem. One script busily kept names beginning with unwanted letters out of the top; another sorted the remaining names to spell the message. Although the interviewer grossly overstated the importance of what was done, the casual manner that web skills are applied by this community is interesting. Kids used to work on car engines.
So, what next for 4chan? Well over the past few days they've been working to put both Ashton Kutcher and CNN in their place. The two are in a battle to be the first Twitter users with 1,000,000 followers. 4chan has put it's weight behind a certain account called basementdad. Followers (whose IDs consist of a suspicious mangle of the same few names) appear to be increasing at a few hundred every 15 minutes or so.
[ updated 28 Apr 2009 ]
Childish? Yes. But man, I hope these guys that have declared war against Scientology keep up the fun:
It's like.. written in some kind of secret upside down moonspeak.
[ updated 24 January 2008 ]
Wired News has a more complete summary of the e-carnage.
[ updated 2 February 2008 ]
And Huffington Post has some praise for Anonymous and their tactics.