Over the weekend, Anonymous continued its long running DDoS campaign against various government agencies by attacking the CIA, MI6, and the U.K.’s Home Office. The attacks are part of a larger effort to bring attention to recent legal developments, including the controversial CISPA bill, as well as the U.K.’s extradition policies and Internet surveillance proposals. While three of the attacks were a success, one targeting the GCHQ failed to make a noticeable difference to the website’s operation.
On Sunday, the CIA’s main domain was taken out for just over an hour. The outage marks the second time the agency’s website has fallen due to a DDoS attack claimed by Anonymous. In February – simply for the lulz the loosely associative group reported – Anonymous targeted the CIA for several days. At the time, the DDoS left the intelligence agency’s domain unavailable for more than 24-hours and sluggish at best for the following 48-hours.
On Saturday, Anonymous also targeted MI6 (mi6.gov.uk, sis.gov.uk) and the Home Office (homeoffice.gov.uk). These attacks, conducted as part of Operation Trial at Home, follow similar ones conducted the previous Saturday as Anonymous protests the 2003 Extradition Act in the U.K.
On April 7, Anonymous proclaimed support for Richard O'Dwyer, a 23-year-old student responsible for the creation of the TVShack website. Anonymous’ support came in the form of a DDoS attack against the Home Office’s and the Ministry of Justice’s websites. Each were down for several hours before returning to working order.
The short version of O’Dwyer’s story is that he might head to the U.S. to face charges of copyright violations for linking to third-party domains hosting television shows. Those supporting Operation Trial at Home are quick to point out the fact that while TVShack was operational, O’Dwyer managed it from within the U.K. Likewise, the servers and domains were not located in the U.S.
Their point being, if he committed any crimes at all, he did so within the U.K. and should face charges at home.
In a rare moment of disconnected agreement, some within the U.K.’s government also feel that the 2003 Extradition Act is in need of change. The act itself has been accused of being a lopsided relationship that favors the U.S.
In March, the Commons Home Affairs Select Committee said that there were major changes needed to the 2003 Extradition Act in order to restore public faith. The MPs, the BBC noted, said that it was “easier to extradite a British citizen to the USA than vice versa.”
Another Operation Trial at Home target that was planned for this past Saturday was the Signals Intelligence Agency, better known as the GCHQ. However, despite a week’s worth of attention and promoting, when the attack was launched the GCHQ remained online with little impact aside from brief moments of sluggishness.
Sources at BT (one of the backbone providers to the GCHQ) said that they were aware of the pending attack when The Tech Herald spoke to them last week. The engineer said that the company was taking the appropriate precautions to deal with the attack, but would not offer additional details.
Given the distributed nature of the GCHQ on the web, it looks as if all BT did was layer capacity and null route the IP that was initially being targeted (184.108.40.206).
Such actions would have caused the DDoS to be directed towards the current authoritative IP address, which is covered by several additional layers and load balancing provisions.
This type of layered anti-DDoS measure is likely why an Anon calling himself Winston Smith was quoted by Sky News with: “We are trying to bring down GCHQ single-handedly. And to be honest, GCHQ are giving a bit of a fist of it actually compared to last weekend. I am impressed actually.”
Later, the Smith expressed one likely reason for the issues taking the domain offline.
“The thing is, we don’t know how many servers that this [the GCHQ website] is being distributed across. We could’ve taken down a server already, and they could’ve just copped it...”
Audio from the chat is available from Sky News on YouTube. In the video, you can hear the Anons talk about the inability to take the domain down, while they are browsing it.
An outline of the basic infrastructure supporting the GCHQ online is here.
In related news, Anonymous’ Operation Defense, currently targeting organizations within the public and government sectors linked to their support of the Cyber Intelligence Sharing and Protection Act (CISPA), were also targeted with DDoS attacks earlier this month.
Two technology trade associations (TechAmerica and USTelecom), one of the world’s largest defense contractors (Boeing), as well as the U.S. Chamber of Commerce, the Whitehouse, and the National Cable and Telecommunications Association have been taken offline via DDoS for their connections to the bill.
The way things are shaping up, it seems clear that Operation Defense and Operation Trial at Home are far from finished. As of 0400 EST, MI6 remains offline, but the Home Office website and the CIA’s websites are working properly.
A new target, the U.S. Department of Justice - selected for the lulz it was stated - was quickly taken offline early Monday morning, and was down at the time this story was written.