MasterCard Hit By WikiLeaks Payback Attacks 715
An anonymous reader writes "MasterCard's website has been hit by a distributed denial of service attack. Netcraft describes how the attack uses a voluntary botnet of LOIC (low orbit ion cannon) users to swamp sites with traffic. PostFinance, the PayPal blog and Swedish prosecutors have been targeted previously."
Re:"voluntary botnet" (Score:5, Informative)
Just like people volunteer for Folding@Home. If one believes in a cause strongly enough they could be convinced to lend CPU cycles (well, network packets) to help DDoS a site.
Re:why mastercard? (Score:5, Informative)
According to the Washington Post [washingtonpost.com], it's all due Mastercard no longer permitting donations via their services to Wikileaks.
However, I doubt the DDOS is going to change their mind.
Re:why mastercard? (Score:3, Informative)
Re:Stupid action (Score:5, Informative)
Just an FYI: you can't take your money elsewhere unless you go completely cash and are picky with ATMs. MC owns a few of the biggest consumer money transfer networks, so even if you pick Visa you'll still often be using MC services.
Re:Stupid action (Score:5, Informative)
Visa *is* doing the same thing. [bbc.co.uk]
Re:Stupid action (Score:5, Informative)
Re:Stupid action (Score:3, Informative)
Furthermore, Visa is already doing the same thing.
Re:Stupid action (Score:5, Informative)
As it should be!
Apparently, Paypal has admitted to being coerced into smashing the cookie jar. [guardian.co.uk]
You scratch my back... (Score:5, Informative)
Note that the latest leaks show that the US Govt put pressure on Russia, to avoid legislation that would level the field for Visa/Mastercard competitors:
http://www.guardian.co.uk/world/2010/dec/08/wikileaks-us-russia-visa-mastercard [guardian.co.uk]
Re:why mastercard? (Score:4, Informative)
Except the first amendment only applies to the government. If a company wants to impend your speech they can.
Visa and MC have no problem being associated.... (Score:5, Informative)
Last year I got a complaint from a Danish ISP that i was spamming their customers. I requested and got forwarded one of my supposed emails. A little bit of poking around I found that the viagra company was based in Hong Kong. Whois told me the address, names, telephone numbers etc. (you'd thing scum like that would hide their info better).
I phoned and emailed Visa, MC, the spam company, even their service provider. The only response was from that Danish ISP their tech guy if you can call him that was complaining about my continual spamming even after I gave him the proof that the email originated from China not Canada. You would think traceroute and whois are kind of basic tools and any dumbass should be able to use them but this guy didn't even know how to look at email header info.
As for visa MC they would not be bothered even though I gave them all the info (btw they were shipping their product from Texas) Visa and MC told be to get bent.
Re:why mastercard? (Score:5, Informative)
In America, distributing classified documents is illegal.
Not true. It's illegal to initially leak them if you have clearance. Republishing them is not... note that the New York Times has republished most of the leak; has Mastercard stopped doing business with them?
Re:why mastercard? (Score:5, Informative)
In America, distributing classified documents is illegal. They stopped allowing people to send money to a criminal (in their jurisdiction) company. Case closed. This has nothing to do with 'free speech' and the First Amendment doesn't have anything to do with this.
Your statement is incorrect. Please read the decision of New York Times Co. v. United States.
Re:why mastercard? (Score:5, Informative)
Re:Idiots! (Score:4, Informative)
Don't target the website, target the servers that do the money-traffic!!!!
Once again the same kind of shameless ignorance seems to rise to the top.
Like many people have pointed out already - that does nothing to truly affect Mastercard, they still have people owing them money, all that does is attacks the people who use mastercard. It's going to be hard to generate sympathy when you make people's lives considerably harder.
On top of that... Do you understand how the money traffic servers work? They're not like publicly accessible HTTP Web servers, you can't DDoS them. All the purchase requests that go through Mastercard enter the MC network and get sent off to the hundreds of servers that process them -
In order to even reasonably take this down you not only need to know the IP of where these are entering (It COULD be the same as the web server, but I doubt it) - the only way you're gonig to manage that is to somehow get some kind of tracking on your packets when you make a legit purchase - or gaining access to the server you are starting your purchase on (For example, the Steam servers when you purchase a game). These may make a request to the webserver to point them to the nearest Mastercard payment processing server - there might actually be hundreds spread out across the world to ensure fast processing.
Then, suppose you've figured out your point to attack, you need to figure out the vector. Using the LOIC as is won't cut it, they probably have the most minimal of firewalls that knows to just drop anything that looks like an HTTP request - so in order to really DDoS it you'll need to figure out which port your using (Which shouldn't be too difficult if you've managed to reach this part) - but then you might also need to form your requests in such a way that they don't appear malformed either, lest they be trended and dropped.
But no - really - if you've figured it all out, you know the logistics of how to attack the money-traffic servers, AND you can prove that this is a better idea than taking out their webserver right now? By all means, write them an email, I'm sure they'd be glad to hear about it.
Re:why mastercard? (Score:2, Informative)
Except the first amendment only applies to the government. If a company wants to impend your speech they can.
Yes, but the government has reportedly been coercing MC and other companies to stop providing service to Wikileaks. That would be a governmental action impeding free speech.
Re:Forgive me if I'm off topic here... (Score:5, Informative)
Re:why mastercard? (Score:3, Informative)
In America, distributing classified documents is illegal.
No it's not, you fucktard.
Masterrace? Reactions from Europe (Score:5, Informative)
"Ku-Klux-Klan ja, Wikileaks nein" [sueddeutsche.de]
"Apoyo a organizaciones racistas" [publico.es]
'Je mag met je Visa- of Mastercard wel geld geven aan de Ku Klux Klan, maar inmiddels geen donaties meer doen aan WikiLeaks.' [volkskrant.nl]
"Ku Klux Klan'a bagis var, Wikileaks'e yok" [hurriyet.com.tr] [Sorry for the spelling, but
"[..]- nie ma za to problemów z donacj np. na róne odamy Ku-Klux-Klanu" [konflikty.wp.pl]
Re:why mastercard? (Score:5, Informative)
Shameless karma whoring:
New York Times Co. v. United States, 403 U.S. 713 (1971) [google.com]
The unanimous opinion itself is very short; essentially, designating documents as secret and punishing anyone who publishes them is a 'prior restraint' and presumed unconstitutional.
We granted certiorari in these cases in which the United States seeks to enjoin the New York Times and the Washington Post from publishing the contents of a classified study entitled "History of U. S. Decision-Making Process on Viet Nam Policy." Post, pp. 942, 943.
"Any system of prior restraints of expression comes to this Court bearing a heavy presumption against its constitutional validity." Bantam Books, Inc. v. Sullivan, 372 U. S. 58, 70 (1963) [google.com]; see also Near v. Minnesota, 283 U. S. 697 (1931) [google.com]. The Government "thus carries a heavy burden of showing justification for the imposition of such a restraint." Organization for a Better Austin v. Keefe, 402 U. S. 415, 419 (1971) [google.com]. The District Court for the Southern District of New York in the New York Times case and the District Court for the District of Columbia and the Court of Appeals for the District of Columbia Circuit in the Washington Post case held that the Government had not met that burden. We agree.
Re:Masterrace? Reactions from Europe (Score:5, Informative)
Please see the case of NEW YORK TIMES CO. v. UNITED STATES which examines this section and the surrounding ones, and found that the New York Times was not guilty under it for publishing classified documents:
http://caselaw.lp.findlaw.com/scripts/getcase.pl?court=us&vol=403&invol=713 [findlaw.com]
Re:Stupid action (Score:5, Informative)
I am highly critical of the release of the cables. It contained very little information for the damage done. I think the decision to release those cables was because they could release them and not due to the insight they provided. My impression is that ego and publicity had a lot to do with it.
CU, Martin
On the contrary, the cables contain plenty of evidence of government wrongdoing, although not necessarily by the US government. As a Swede, it is very interesting to know that the us embassy reports that my government prefers to share information about Swedish citizens using a "strong but informal agreement" instead of having a formal agreement, as such an agreement would have to be discussed by the parliament. If the cable is correct, my government is probably violating the Swedish "grundlag", which can loosely be translated as the constitution of Sweden. See http://www.thelocal.se/30654/20101206/ [thelocal.se]