This article is from the source 'bbc' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at http://www.bbc.co.uk/go/rss/int/news/-/news/technology-11983246
The article has changed 2 times. There is an RSS feed of changes available.
Previous version
1
Next version
| Version 0 | Version 1 |
|---|---|
| Anonymous Wikileaks attackers 'easy' to find says study | Anonymous Wikileaks attackers 'easy' to find says study |
| (about 1 hour later) | |
| Working out who carried out web attacks in support of Wikileaks would be easy, suggests a study. | |
| The tool used in the attacks leaks the net addresses of everyone who used it, reveal Dutch computer scientists. | The tool used in the attacks leaks the net addresses of everyone who used it, reveal Dutch computer scientists. |
| In early December thousands of people downloaded the tool to aid attacks on Mastercard, Visa, Paypal and Amazon. | In early December thousands of people downloaded the tool to aid attacks on Mastercard, Visa, Paypal and Amazon. |
| The study found that the tool makes no attempt to hide a user's net address which would lead any investigator almost straight to an attacker. | The study found that the tool makes no attempt to hide a user's net address which would lead any investigator almost straight to an attacker. |
| No spoofing | No spoofing |
| "What I do expect is that some people will be caught," said Dr Aiko Pras of the Design and Analysis of Communication Systems department at the University of Twente who lead the study. | "What I do expect is that some people will be caught," said Dr Aiko Pras of the Design and Analysis of Communication Systems department at the University of Twente who lead the study. |
| Dr Pras said some countries will want to make an example of those that took part in the web attacks in early December. Two people have already been arrested in Holland for co-ordinating the attacks. | Dr Pras said some countries will want to make an example of those that took part in the web attacks in early December. Two people have already been arrested in Holland for co-ordinating the attacks. |
| The Anonymous group behind the attacks recommended supporters download and install LOIC to punish companies it regarded as being anti-Wikileaks. | The Anonymous group behind the attacks recommended supporters download and install LOIC to punish companies it regarded as being anti-Wikileaks. |
| Advice on the site from which LOIC can be downloaded re-assured people by saying there was "next to zero" chance that anyone who used it would be caught. | Advice on the site from which LOIC can be downloaded re-assured people by saying there was "next to zero" chance that anyone who used it would be caught. |
| However, said Dr Pras, analysis of the data traffic LOIC generates suggests that it would be easy to find attackers. | However, said Dr Pras, analysis of the data traffic LOIC generates suggests that it would be easy to find attackers. |
| "The current attack technique can be compared to overwhelming someone with letters, but putting your real home address at the back of the envelope," they wrote in a report on LOIC. | "The current attack technique can be compared to overwhelming someone with letters, but putting your real home address at the back of the envelope," they wrote in a report on LOIC. |
| To investigate how LOIC works the University of Twente team set up a small network and bombarded one machine with packets of data generated by LOIC. | To investigate how LOIC works the University of Twente team set up a small network and bombarded one machine with packets of data generated by LOIC. |
| The target machine was set up to record information about the packets of data being sent to it. This is known as a denial of service attack and aims to overwhelm a host or server with request for data. | The target machine was set up to record information about the packets of data being sent to it. This is known as a denial of service attack and aims to overwhelm a host or server with request for data. |
| A look at the packets of data generated by LOIC showed the net address of an attacker in every one and revealed that "the tool does not take any precautions to obfuscate the origin of the attack" wrote the researchers. | A look at the packets of data generated by LOIC showed the net address of an attacker in every one and revealed that "the tool does not take any precautions to obfuscate the origin of the attack" wrote the researchers. |
| This was a surprise, they said, because techniques to spoof net addresses are well known and trivial to use. | This was a surprise, they said, because techniques to spoof net addresses are well known and trivial to use. |
| "The tool was written to do a stress test on your own servers and there was no intention for it to used to do denial of service, said Dr Pras, "because of that they did not do any anonymization." | "The tool was written to do a stress test on your own servers and there was no intention for it to used to do denial of service, said Dr Pras, "because of that they did not do any anonymization." |
| LOIC tries to create thousands of connections to a target, said Dr Pras, which would mean that there was plenty of evidence police forces could use to trace attackers. | LOIC tries to create thousands of connections to a target, said Dr Pras, which would mean that there was plenty of evidence police forces could use to trace attackers. |
| "Most people have no clue about the traces they leave on the internet," he said. | "Most people have no clue about the traces they leave on the internet," he said. |
Previous version
1
Next version