Crime warning for web protestors

  • Published
Wikileaks website is pictured on a smartphone
Image caption,
Pro-Wikileaks protetesters were defending the right to publish 250,000 diplomatic cables

Online protests could become prime targets for internet fraudsters, according to computer security experts.

The frequency of web demonstrations has risen in recent weeks, including a series of strikes in support of controversial website Wikileaks.

As more people join such protests, some believe cybercriminals will hijack popular causes for their own ends.

"It's really dangerous for people to go into this," said Feike Hacquerbord, a senior analyst at Trend Micro.

The problem is that most of the people trying to defend Wikileaks don't realise they might get into bed with criminals," he added.

Hijacking programs

He is among those concerned that the methods used by some online campaigners leave them open to abuse - even potentially fooling mass protests into attacking the wrong target.

The worries stem from the methods used by Anonymous, the loose online collective behind the recent string of Wikileaks protests.

Their virtual demonstrations, which have so far targeted services including PayPal and Mastercard, involve a series of co-ordinated strikes known as "denial of service" attacks.

These harness a large number of computers and point them all toward a target website at the same time. If the traffic is significant enough, it can be enough to overload the victim's servers and bring down the service.

Although such attacks are illegal in many countries - including the UK - that has not prevented the tactic being used with varying results.

But it is also a method that could be exploited by criminals, allowing them to hijack protests for their own financial gain, rather than the political objectives of the demonstrators.

A particular issue could be the fact that many protesters use ready-made programs to launch their attacks.

This means they could be rewritten by fraudsters in a way that fools demonstrators into thinking they are joining a larger protest while actually sending the attack traffic to the target of cybercriminals

"I'm not sure if will happen more often in the future," said Hacquebord. "But I'm certainly concerned that there are a lot of people who can really do harm."

Net scammers

The warnings come after spam-monitoring service Spamhaus was subjected to a distributed denial-of-service attack, with some of the traffic thought to have come from Anonymous protesters.

The episode began when Spamhaus blacklisted, an unofficial site that provided a list of other sites mirroring wikileaks content.

Spamhaus claimed the site the same internet space associated with a well-known gang of Russian cybercriminals and the site's host was a well known source of spam.

Following protests from, Spamhaus removed the site from its blacklist.

However during the wrangles, Spamhaus was subject to a DDoS attack, which it originally blamed on members of Anonymous.

The organisation's analysis now suggests the flood of data came largely from the cybercriminals associated with the spamming, with only small amounts of traffic from the Anonymous group.

"A lot of the guys doing this are 14 year-old nerds," said Jon Reid of the organisation. "They've found this new hammer and they're out smashing things."

Some experts have suggested that the impact of the Wikileaks protest itself has been overplayed.

But even he admitted that the nature of the attacks could escalate as they become more sophisticated and powerful.

"Internet scammers will notoriously hijack things on the web without an authoritative source," added Joseph Bonneau, a security researcher at the University of Cambridge.

"So it's not a total shock that this would happen."

Related Internet Links

The BBC is not responsible for the content of external sites.