5 Questions About Anonymous’ New DDoS Techniques

In case anyone missed this news, Group Anonymous has put up code at pastehtml.com (a free and anonymous HTML code-hosting site) which uses your web browser to launch LOIC DDoS attacks.

Here’s a quick synopsis from the Computerworld report:

“According to Cluley, members of Anonymous distributed links via Twitter and elsewhere that when clicked automatically launched a Web version of LOIC and attacked predefined victims. The links pointed to a page on PasteHTML.com which in turn executed some JavaScript to fire LOIC at Anonymous-designated targets.”

This can of course be used on Facebook/Twitter and other sites to lure unsuspecting users into joining the DDoS attacks.

Given these new and ingenious techniques to ‘automate’ a DDoS attack with end-users essentially ignorant to the fact that they might have unintentionally launched a DDoS attack from a ‘rused’ link they clicked, escalates the “Hacktivists” war and adds yet another effective technical technique to their basket of tricks.

Given this new ‘tactical attack technique’ – what are the questions a security professional should be asking themselves right now? I’ve pondered this and have come up with the following and would appreciate your inputs as well:

  1. What other tools can be easily combined with this java script technique? E.g. besides LOIC, can malware be distributed this way as well? How about application layer attack tools such as refref?
  2. What does this mean for managed service providers who, no doubt will host a tremendous amount of unintentional DDoS attacks and whom will be left with the burden of contacting their customers of their initiated DDoS attacks?
  3. What does this mean for the victims of such attacks? Do they have any recourse if the ‘perpetrators’ didn’t really know that they were initiating the attacks?
  4. How does an attack like this scale? It seems to me that this technique effectively scales logarithmically which, if true, has ominous consequences.
  5. Because this technique will look like normal users, how effective will cloud and ISP scrubbers be going forward against this type of technique? Also, doesn’t it seem like DNS are a natural attack venue for something like this?

Carl Herberger

Carl is an IT security expert and responsible for Radware’s global security practice. With over a decade of experience, he began his career working at the Pentagon evaluating computer security events affecting daily Air Force operations. Carl also managed critical operational intelligence for computer network attack programs to aid the National Security Council and Secretary of the Air Force with policy and budgetary defense. Carl writes about network security strategy, trends, and implementation.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program


An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center