SchNEWS 751: Hacktion Stations

Many people have been persuaded by Anonymous, and now Schnews, to download and use LOIC without even a basic understanding of what they are doing or the risks they are taking. If they haven't use a proxy like Tor then their IP addresses will probably have been logged both by the target organisation and their ISP. If that is their computer then they are leaving themselves wide open to prosecution in the UK under section 36 of the Police and Justice Act 2006, which can incur upto to ten years in prison, and a fine. Their best defence if arrested is to plead ignorance since the act states
(1)A person is guilty of an offence if—(b)at the time when he does the act he knows that it is unauthorised.

If they have been using a proxy like Tor, then they should stop it at once as it is both ineffectual and damaging to Tor. Instead of thousands of 'hacktivists' (sic) sending data, now there would be relatively small number of Tor routers sending the easily filterable data. That lessens the attack considerably, slows the Tor network significantly and worst of all, it makes the Tor routers easily identifiable to the nice people in various governments and corporation s.

The only safe way to use LOIC is on someone elses computer or via a spoofed or disposable IP address, which is why the few true Anonymous hackers use botnets that contain thousands of computers. Anonymous are a mixed bag,they must have a couple of techies to do this much damage but most of them aren't techies and their advice has been negligent. They failed to mention in adavnce that the IP's aren't disguised, they claimed this might not be criminal, and they wrongly claimed that the log-lists would be lost in a successful attack. It is brave to do this knowing the risk, and if the numbers of people doing it reach a critical mass then prosecution becomes less likely, but it is wrong to encourage people to take risks without explaining them.

You should no more use a computer on an action than you would employ any other technology that you don't fully understand - if you didn't have a flying license then you wouldn't use a helicopter would you? Leave the hacking to the hackers until you have trained in the basics. If you really want to put in some study time and already undertand the TCP/IP protocol suite, then learn how to use a network analysis tool that can spoof IP's, such as HPing.

So how do the police identify which IPs are people choosing to use LOIC and which are those of what must be a very sizeable botnet?

The arrest of Julian Assange was obviously political. This is obvious because rape is not normally taken seriously. Around 1 in 5 women are survivors of serious sexual assault and yet instead of challenging this disgusting situation we have a society that uses rape myths to protect rapists and while attacking survivors of rape.

Common rape myths:

- It's only rape if physical force was used (more often rapists use either psychological coercion, or alcohol and other drugs)
- Women who complain of having been raped are often lying (actually the rate is 1-2%, the same as for other crimes).
- If the victim doesn't immediately report it it isn't rape.
- If the victim knew the attacker, or was friendly with the attacker or flirted with the attacker, then it isn't rape.

In the past few days the Internet has seen a deluge of this victim-blaming bullshit. Apparently a lot of people think the best way to support Wikileaks is to say that the accusations against Julian Assange must be made up or the accusers work for the CIA or they are 'radicat feminists' or it wasn't really rape it was 'sex by surprise' or some other rape-apologist bullshit. Julian Assange is accused of rape. We don't yet have enough information to know whether or not the accusations are true but such accusations should never be dismissed or trivialised. When we dismiss or trivialize rape we give a boost to rapists while harming rape survivors.

This article explains it better than I ever could:  http://www.prospect.org/cs/articles?article=what_we_talk_about_when_we_talk_about_rape

We don't have to become rape apologists in order to support Wikileaks. We can support Wikileaks and strongly condemn rape at the same time.

This letter from Katrin Axelsson of Women Against Rape was printed in the Guardian last week:

Many women in both Sweden and Britain will wonder at the unusual zeal with which Julian Assange is being pursued for rape allegations (Report, 8 December). Women in Sweden don't fare better than we do in Britain when it comes to rape. Though Sweden has the highest per capita number of reported rapes in Europe and these have quadrupled in the last 20 years, conviction rates have decreased. On 23 April 2010 Carina Hägg and Nalin Pekgul (respectively MP and chairwoman of Social Democratic Women in Sweden) wrote in the Göteborgs-Posten that "up to 90% of all reported rapes never get to court. In 2006 six people were convicted of rape though almost 4,000 people were reported". They endorsed Amnesty International's call for an independent inquiry to examine the rape cases that had been closed and the quality of the original investigations.

Assange, who it seems has no criminal convictions, was refused bail in England despite sureties of more than £120,000. Yet bail following rape allegations is routine. For two years we have been supporting a woman who suffered rape and domestic violence from a man previously convicted after attempting to murder an ex-partner and her children – he was granted bail while police investigated.

There is a long tradition of the use of rape and sexual assault for political agendas that have nothing to do with women's safety. In the south of the US, the lynching of black men was often justified on grounds that they had raped or even looked at a white woman. Women don't take kindly to our demand for safety being misused, while rape continues to be neglected at best or protected at worst.

Katrin Axelsson

Women Against Rape

You get different types of botnet so that's too big a question to answer in depth, but traffic analysis often makes the difference between a manually operated LOIC and a botnet obvious. If you are part of a botnet, voluntarily or not, you are still as legally liable - that's why kiddie pornographers just can't claim they didn't know it was there. The 16 year old who was first arrested was running the IRC presumably as the C&C, which isn't a very sophisticated botnet and may explain the speed of his arrest, but that doesn't imply the other botnets are the same. Seemingly they are busy recruiting much larger existing botnets as support. I should add my job was just to stop attacks having any effect, it was smarter people than me whose job was to trace the attackers and unlike many sys admins they would've had more than local data. A secure organisation - and the credit card companies should have been secure - will probably have a honeynet (sort of trap network) that'll have logged the initial probing of the botnets, and if so it'll be the initial users who'll be the first arrested. There's even been some speculation that this is a false-flag operation to ensnare the unwary into identifying themselves but I doubt that, more likely you are being used as cannon-fodder to distract from the initiators. Even more likely is it just didn't occur to them ( read about Alex Taparanis if you don't believe Anonymous cock things up badly).

If you are asking if there is plausible deniability in claiming in court that your PC was infected remotely to run LOIC, then you'll need a clean PC and IP, as opposed to having downloaded LOIC on that PC or IP, plus you'll need a copy of some botnet infectious code. It'd be easier claiming you had let a stranger use your PC to check their email and they must've done it, or to tear down your security and claim it was hacked. Another possible legal defence would be that you as an individual didn't send enough data to block access to the target computer, that'll be true unless of course you were running a botnet, but I don't know how a court would take that argument. It's not come to mass-arrests yet, and it may not for various reasons. For example, the companies may prefer not to make a big deal about it because the additional press makes them look insecure and unprofessional, which is more damaging to their business than the actual attacks.

DoSing isn't illegal everywhere so you could run a VPN to a jurisdiction where it's legal, but like I said if you're really interested then learn how to use a safer tool.

As much as I support these leaks we must keep in mind that Julian is NOT squeaky clean. Cryptome has done a great deal to leak on wikileaks. It is important to distinguish this from the obvious smear from the mainstream and various governments; however much of the legitimate criticism levied at Julian and wikileaks in general has been circulating for quite some time, and comes from ex-wikileaks members/editors.

I've never heard of any zombie being prosecuted, so you may think I'm over-reacting, but the second Dutch arrest was a user not an admin or herder so all bet's are off. He did (allegedly) attack the Dutch Prosecutors office, but if you've signed up for the botnet 'war' then chances are you have too. And we all know now that European Arrest Warrants don't require any evidence...

I should preface my opinion on the Assange allegations with two anecdotes.

My poorest sexual relationship was with the prettiest girl I have ever seen. Upon approaching sexual climax she would scream out 'No, No, No', and as I am so conditioned to know that 'no means no' I always would stop. She would ask what was wrong, I'd explain it, but neither of us could change our behaviour.

I have never acted in a sexually inappropriate manner with a woman, and I never will. Regardless of that I have been smeared on various IM collectives as being a 'convicted sex offender' by various political enemies who have links to the police and security services. As the publishers of these smears I could sue the various collectives, including this one, for libel, and with British libel laws the way that they are this would probably close down the collectives. I have chosen not to do this because I feel this is such a common security service tactic that it only highlights the depravity of my smearers rather than me.

Assange was foolish to think he could act as a lightening rod for WikiLeaks and maintain a promiscuous sex-life, that choice made this situation inevitable. If these charges aren't true then they would have been invented, as has happened to me and to many other much higher profile activists. The allegations may in fact be true as he has a reputation for enjoying his celebrity /notoriety, but some things must be borne in mind by feminists. He is getting special treatment, no other male accused of similar offences is being persued especially by the Swedish judiciary who have a lamentable recent record of prosecution and convition of sexual offences. He is being held without bail for exactly the same reasons granted bail to a man accused of murdering his wife, by the same judge in both cases. To any critical mind this is much more likely to do with attempts by US authorities to find an excuse to extradite him on trumped up terrorism charges than any real concern over womens rights.

As to the actual charges, well I take the point that they shouldn't be diminished or dismissed out of hand, nor should the accusers be smeared yet for their dodgy political connections and all the other dubious factor, but from the leaked facts about the charges then it is clear that is not a case of Assange pouncing on girls in a dark alley, it is not violent rape, it is a question of sexual mores and the Swedish concept of sexual integrity. There have been some (predominantly male) commentators who have expressed mysoginist attitudes in dismissing the charges out of hand, but they are best ignored and instead we should focus on the serious and well-known female feminists who have ridiculed the charges.

UK police investigate WikiLeaks supporters
 http://www.ft.com/cms/s/0/9f2de848-084a-11e0-8527-00144feabdc0.html#axzz18EY09Mn9
December 15 2010 13:42

WikiLeaks: Police to investigate Anonymous online attacks
 http://www.guardian.co.uk/technology/2010/dec/15/wikileaks-met-police-investigate-anonymous
Wednesday 15 December 2010 18.47 GMT

You didn't do it, some stranger who used your computer did it.
or
You didn't do it, your computer was hacked and made to do it as part of a botnet.
or
You did do it but you don't believe it was illegal because you didn't send enough data to prevent access to the publically available server that requested data.
or
You did do it as part of an accountable demonstration against an unlawful and unjust politically motivated State persecution of free speech, and it was much less damaging than a sit-down protest in front of a building.

I'm not a lawyer, maybe some legal student here could advise which of those options is best advice, or offer their own suggestions.

I personally regard both the LOIC and the Met police with disdain, and these newspaper reports are probably just scare tactics, but if there are mass-arrests over this then I suggest everyone joins in using a better tool. Some techie with patience please start publicising an up-to-date idiots guide to section 4 of this:
 http://www.radarhack.com/dir/papers/hping2_v1.5.pdf

The bail hearing is a red-herring. In a way it is a good thing, because it keeps the story in the media. Whether Assange is on bail or prison in the UK, or in Sweden, has nothing to do with the Swedish allegations, it is to give the US 'law-makers' time to indict him on an espionage charge for embarrassing them and exposing their crimes. Anonymous have described this as 'war' but at this stage it is a phoney-war. Hackers haven't intervened seriously yet, but that is changing the more that US 'dirty-tricks' involvement is made official like this article in todays NYT-

U.S. Tries to Build Case for Conspiracy by WikiLeaks
 http://www.nytimes.com/2010/12/16/world/16wiki.html

Among materials prosecutors are studying is an online chat log in which Private Manning is said to claim that he had been directly communicating with Mr. Assange using an encrypted Internet conferencing service as the soldier was downloading government files. Private Manning is also said to have claimed that Mr. Assange gave him access to a dedicated server for uploading some of them to WikiLeaks. Adrian Lamo, an ex-hacker in whom Private Manning confided and who eventually turned him in, said Private Manning detailed those interactions in instant-message conversations with him...
Wired magazine has published excerpts from logs of online chats between Mr. Lamo and Private Manning. But the sections in which Private Manning is said to detail contacts with Mr. Assange are not among them. Mr. Lamo described them from memory in an interview with The Times, but he said he could not provide the full chat transcript because the F.B.I. had taken his hard drive, on which it was saved.

The Wired involvement in the stitch-up is fully exposed here-

The strange and consequential case of Bradley Manning, Adrian Lamo and WikiLeaks
 http://www.salon.com/news/opinion/glenn_greenwald/2010/06/18/wikileaks

Adrian Lamo and Kevin Poulsen have a long and strange history together. Both were convicted of felonies relating to computer hacking: Poulsen in 1994 (when he was sentenced to 3 1/2 years in prison, ironically because a friend turned government informant on him), and Lamo in 2004 for hacking into The New York Times. When the U.S. Government was investigating Lamo in 2003, they subpoenaed news agencies for any documents reflecting conversations not only with Lamo, but also with Poulsen. That's because Lamo typically sought media publicity after his hacking adventures, and almost always used Poulsen to provide that publicity...
Jacob Appelbaum, a well-known hacker of the Tor Project who has known Lamo for years, said that Lamo's "only concern" has always been "getting publicity for Adrian." Indeed, Lamo's modus operandi as a hacker was primitive hacking aimed at high-profile companies that he'd then use Poulsen to publicize. As Appelbaum put it: "if this situation really fell into Adrian's lap, his first and only thought would have been: how can I turn this to my advantage? He basically destroyed a 22-year-old's life in order to get his name mentioned on the Wired.com blog."

My prediction is that there are enough rational, patriotic Swedes and Britons still working within the system that the instant any formal attempt to extradite Assange to a US kangeroo court become apparent, their authorites won't have to worry about external DoSing. Their systems will be brought down internally. There will be so many people willing to sabotage such an obviously corrupt system that there will be no way for the judicial system to prosecute or persecute anyone. That'll be the end of the phoney war, and the start of genuine insurrection.