By the time East Coasters were finishing dinner last night, 10 websites had fallen to what hacktivist group Anonymous calls its “low orbit ion cannon,” or LOIC — a public domain software tool named after a weapon in a popular sci-fi real-time strategy game that’s designed to stress test whether a network can handle a distributed denial of service attack.
According to Anonymous, 10 well-known governmental and corporate sites with ties to the entertainment industry were assaulted and knocked offline in retaliation for the FBI shutting down Megaupload.com, one of the world’s largest file-sharing sites. The FBI had closed Megaupload.com earlier Thursday afternoon, accusing the company of more than $500 million in revenue losses stemming from copyright violations, and arresting four people in connection with the indictment.
(MORE: Anonymous Claims DOJ, RIAA, MPAA Sites Hit for Megaupload Bust)
Dubbing its DDoS spree “OpMegaupload,” Anonymous claims it took down usdoj.gov and justice.gov (the U.S. Department of Justice), universalmusic.com (Universal Music Group), RIAA.org (the Recording Industry Association of America), MPAA.org (the Motion Picture Association of America), copyright.gov (the U.S. Copyright Office), hadopi.fr (France’s copyright-enforcement agency), wmg.com (Warner Music Group), bmi.com (Broadcast Music, Inc.) and fbi.gov (the Federal Bureau of Investigation). The DOJ’s website was first to fall, about an hour after the Justice Department announced its indictment of Megaupload.com.
That’s technically nine sites, since the first two direct to the same URL, but either way, it’s the largest single-day DDoS assault carried out by the hacker collective. In fact Anonymous claimed after the operation that this was its “largest attack ever crippling government and music industry sites,” and that at the attack’s peak, “5,635 people [were] confirmed using #LOIC to bring down sites.”
“The FBI didn’t think they would get away with this did they? They should have expected us,” said the group in one of its signature statements at the operation’s close.
In a DDoS attack, someone works to overwhelm a computer (or in this instance, a web server) by flooding it with packets of data in ways that disrupt services. This can either make a site’s web page appear to be slow or unresponsive, or cause the server to crash. Indeed, during the attack timeframe, we were able to confirm all of the sites listed above were either slow to respond or generated access errors.
All of the sites listed above appeared to be available by early Friday morning, highlighting a problem with this form of protest (in addition to its illegality, that is): It’s like leaving a nasty surprise on someone’s front lawn — impermanent and ultimately more of a nuisance than an actual hack, where servers are often damaged or sensitive information compromised.