‘Operation Payback’ disrupt Visa and MasterCard sites
It is, according to one breathless blogger, “the first great cyber war”, or as those behind it put it more prosaically: “The major shitstorm has begun.”
The technological and commercial skirmishes over WikiLeaks escalated into a full-blown online assault yesterday when, in a serious breach of internet security, a concerted online attack by activist supporters of WikiLeaks succeeded in disrupting MasterCard and Visa.
The acts were explicitly in “revenge” for the credit card companies’ recent decisions to freeze all payments to the site, blaming illegal activity. Though it initially would acknowledge no more than “heavy traffic on its external corporate website”, MasterCard was forced to admit last night that it had experienced “a service disruption to the MasterCard directory server”, which banking sources said meant disruption throughout its global business.
Later, Visa’s website was also inaccessible. A spokeswoman for Visa said the site was “experiencing heavier than normal traffic” and repeated attempts to load the Visa.com site was met without success.
MasterCard said its systems had not been compromised by the “concentrated effort” to flood its corporate website with “traffic and slow access”. “We are working to restore normal service levels,” it said in a statement. “There is no impact on our cardholders’ ability to use their cards for secure transactions globally.”
In an attack referred to as Operation Payback, a group of online activists calling themselves Anonymous said they had orchestrated a DDoS (distributed denial of service) attack on the site, and issued threats against other businesses which have restricted WikiLeaks’ dealings.
Also targeted in a dramatic day of internet activity was the website of the Swedish prosecution authority, which is currently seeking to extradite the WikiLeaks founder, Julian Assange, on sex assault charges, and that of the Stockholm lawyer who represents them. The sites of the US senator Joe Lieberman and the former Alaska governor Sarah Palin, both vocal critics of Assange, were also attacked and disrupted, according to observers. Palin last night told ABC news that her site had been hacked. “No wonder others are keeping silent about Assange’s antics,” Palin emailed ABC. “This is what happens when you exercise the First Amendment and speak against his sick, un-American espionage efforts.”
An online statement from activists said: “We will fire at anything or anyone that tries to censor WikiLeaks, including multibillion-dollar companies such as PayPal … Twitter, you’re next for censoring #WikiLeaks discussion. The major shitstorm has begun.” Twitter has denied censoring the hashtag, saying confusion had arisen over its “trending” facility.
A Twitter account linked to the activists was later suspended after it claimed to have leaked credit card details online.
Though DDoS attacks are not uncommon by groups of motivated activists, the scale and intensity of the online assault, and the powerful commercial and political critics of WikiLeaks ranged in opposition to the hackers, make this a high-stakes enterprise that could lead to uncharted territory in the internet age.
A spokesman for the group, a 22-year-old from London who called himself Coldblood, told the Guardian it was acting for the “chaotic good” in defence of internet freedom of speech. It has been distributing software tools to allow anyone with a computer and an internet connection to join in the attacks.
The group has already succeeded this week in bringing down the site of the Swiss bank PostFinance, which was successfully attacked on Monday after it shut down one of WikiLeaks’ key bank accounts, accusing Assange of lying. A PostFinance spokesman, Alex Josty, told Associated Press the website had buckled under a barrage of traffic. “It was very, very difficult, then things improved overnight, but it’s still not entirely back to normal.”
Other possible targets include Amazon, which removed WikiLeaks’ content from its EC2 cloud on 1 December, and EveryDNS.net, which suspended dealings with the site two days later. PayPal has also been the subject of a number of DDoS attacks – which often involve flooding the target site with requests so that it cannot cope with legitimate communication – since it suspended all payments to WikiLeaks last week.
A PayPal spokesman told the Guardian that while a site called ThePayPalBlog.com had been successfully silenced for a few hours, attempts to crash its online payment facilities had been unsuccessful.
The site suggested today its decision to freeze payments had been taken after it became aware of the US state department’s letter saying WikiLeaks’s activities were deemed illegal in the US.
Tonight PayPal said that it was releasing the money held in the WikiLeaks account, although it said the account remains restricted to new payments.
A statement from PayPal’s general counsel, John Muller, sought to “set the record straight”. He said that the company was required to comply with laws around the world and that the WikiLeaks account was reviewed after “the US department of state publicised a letter to WikiLeaks on November 27, stating that WikiLeaks may be in possession of documents that were provided in violation of US law. PayPal was not contacted by any government organisation in the US or abroad. We restricted the account based on our Acceptable Use Policy review. Ultimately, our difficult decision was based on a belief that the WikiLeaks website was encouraging sources to release classified material, which is likely a violation of law by the source.
“While the account will remain restricted, PayPal will release all remaining funds in the account to the foundation that was raising funds for WikiLeaks. We understand that PayPal’s decision has become part of a broader story involving political, legal and free speech debates surrounding WikiLeaks’ activities. None of these concerns factored into our decision. Our only consideration was whether or not the account associated with WikiLeaks violated our Acceptable Use Policy and regulations required of us as a global payment company. Our actions in this matter are consistent with any account found to be in violation of our policies.”
PayPal did not explain how WikiLeaks violated this policy in their statement and requests for further information went unanswered.
There have been accusations that WikiLeaks is being targeted for political reasons, a criticism repeated yesterday after it emerged that Visa had forced a small IT firm which facilitates transfers made by credit cards including Visa and MasterCard, and has processed payments to WikiLeaks, to suspend all of its transactions – even those involving other payees. Visa had already cut off all donations being made through the firm to WikiLeaks.
DataCell, based in Iceland, said it would take “immediate legal action” and warned that the powerful “duopoly” of Visa and MasterCard could spell “the end of the credit card business worldwide”. Andreas Fink, its chief executive, said: “Putting all payments on hold for seven days or more is one thing, but rejecting all further attempts to donate is making the donations impossible.
“This does clearly create massive financial losses to WikiLeaks, which seems to be the only purpose of this suspension. This is not about the brand of Visa, this is about politics and Visa should not be involved in this … It is obvious that Visa is under political pressure to close us down.”
Operation Payback, which refers to itself “an anonymous, decentralised movement that fights against censorship and copywrong”, argues that the actions taken by Visa, MasterCard and others “are long strides closer to a world where we cannot say what we think and are unable to express our opinions and ideas. We cannot let this happen. This is why our intention is to find out who is responsible for this failed attempt at censorship. This is why we intend to utilise our resources to raise awareness, attack those against and support those who are helping lead our world to freedom and democracy.”
The MasterCard action was confirmed on Twitter at 9.39am by user @Anon_Operation, who later tweeted: “We are glad to tell you that http://www.mastercard.com/ is down and it’s confirmed! #ddos #WikiLeaks Operation: Payback (is a bitch!) #PAYBACK”
The group, Coldblood said, is about 1,000-strong. While most of its members are teenagers who are “trying to make an impact on what happens with the limited knowledge they have”, others include parents and IT professionals, he said.
Anonymous was born out of the influential internet messageboard 4chan in 2003, a forum popular with hackers and gamers. The group’s name is a tribute to 4chan’s early days, when any posting to its forums where no name was given was ascribed to “Anonymous”.
But the ephemeral group, which picks up causes “whenever it feels like it”, has now “gone beyond 4chan into something bigger”, its spokesman said. There is no real command structure; membership of the group has been described as being “like a flock of birds” – the only way you can identify members is by what they are doing together. Essentially, once enough people on the 4chan message boards decide some cause is worth pursuing in large enough numbers, it becomes an “Anonymous” cause.
“We’re against corporations and government interfering on the internet,” Coldblood said. “We believe it should be open and free for everyone. Governments shouldn’t try to censor because they don’t agree with it. Anonymous is supporting WikiLeaks not because we agree or disagree with the data that is being sent out, but we disagree with any from of censorship on the internet.”
Last night WikiLeaks spokesman Kristinn Hrafnsson said: “Anonymous … is not affiliated with WikiLeaks. There has been no contact between any WikiLeaks staffer and anyone at Anonymous. We neither condemn nor applaud these attacks. We believe they are a reflection of public opinion on the actions of the targets.”