Forgot your password?
typodupeerror
Security The Almighty Buck

MasterCard Hit By WikiLeaks Payback Attacks 715

Posted by CmdrTaco
from the this-is-getting-messy dept.
An anonymous reader writes "MasterCard's website has been hit by a distributed denial of service attack. Netcraft describes how the attack uses a voluntary botnet of LOIC (low orbit ion cannon) users to swamp sites with traffic. PostFinance, the PayPal blog and Swedish prosecutors have been targeted previously."
This discussion has been archived. No new comments can be posted.

MasterCard Hit By WikiLeaks Payback Attacks

Comments Filter:
  • Idiots! (Score:5, Insightful)

    by santax (1541065) on Wednesday December 08, 2010 @11:02AM (#34486646)
    Don't target the website, target the servers that do the money-traffic!!!!
    • by duguk (589689)

      Don't target the website, target the servers that do the money-traffic!!!!

      That'll stop the public being behind them, just like the Miners' strike in the UK. Damaging the corporate side is the right idea.

    • Re:Idiots! (Score:4, Informative)

      by Monkeedude1212 (1560403) on Wednesday December 08, 2010 @11:59AM (#34487772) Journal

      Don't target the website, target the servers that do the money-traffic!!!!

      Once again the same kind of shameless ignorance seems to rise to the top.

      Like many people have pointed out already - that does nothing to truly affect Mastercard, they still have people owing them money, all that does is attacks the people who use mastercard. It's going to be hard to generate sympathy when you make people's lives considerably harder.

      On top of that... Do you understand how the money traffic servers work? They're not like publicly accessible HTTP Web servers, you can't DDoS them. All the purchase requests that go through Mastercard enter the MC network and get sent off to the hundreds of servers that process them -

      In order to even reasonably take this down you not only need to know the IP of where these are entering (It COULD be the same as the web server, but I doubt it) - the only way you're gonig to manage that is to somehow get some kind of tracking on your packets when you make a legit purchase - or gaining access to the server you are starting your purchase on (For example, the Steam servers when you purchase a game). These may make a request to the webserver to point them to the nearest Mastercard payment processing server - there might actually be hundreds spread out across the world to ensure fast processing.

      Then, suppose you've figured out your point to attack, you need to figure out the vector. Using the LOIC as is won't cut it, they probably have the most minimal of firewalls that knows to just drop anything that looks like an HTTP request - so in order to really DDoS it you'll need to figure out which port your using (Which shouldn't be too difficult if you've managed to reach this part) - but then you might also need to form your requests in such a way that they don't appear malformed either, lest they be trended and dropped.

      But no - really - if you've figured it all out, you know the logistics of how to attack the money-traffic servers, AND you can prove that this is a better idea than taking out their webserver right now? By all means, write them an email, I'm sure they'd be glad to hear about it.

      • by seyyah (986027)

        Here's a statement from MasterCard a few hours ago:

        Please be advised that MasterCard SecureCode Support has detected a service disruption to the MasterCard Directory Server. The Directory Server service has been failed over to a secondary site however customers may still be experiencing intermittent connectivity issues. More information on the estimated time of recovery will be shared in due course.

  • by cdrudge (68377) on Wednesday December 08, 2010 @11:03AM (#34486664) Homepage

    And now because of Slashdot linking to MasterCard, their denial of service attack increased even more.

  • Poor Mastercard (Score:5, Insightful)

    by Cornwallis (1188489) on Wednesday December 08, 2010 @11:04AM (#34486680)

    I wonder how they feel being denied due process...

  • by eldavojohn (898314) * <eldavojohn@gmFREEBSDail.com minus bsd> on Wednesday December 08, 2010 @11:05AM (#34486708) Journal
    Reminds me of an article I saw on Techdirt the other day [techdirt.com] pointing out that Visa and Mastercard were getting all high and mighty about morality in regards to Wikileaks but happily fielding transactions for sites like the KKK.
  • by Anonymous Coward on Wednesday December 08, 2010 @11:22AM (#34487016)

    I keep trying to read the story at http://www.mastercard.com/ [mastercard.com] but nothings happening.

  • by slim (1652) <john AT hartnup DOT net> on Wednesday December 08, 2010 @11:28AM (#34487138) Homepage

    Note that the latest leaks show that the US Govt put pressure on Russia, to avoid legislation that would level the field for Visa/Mastercard competitors:

    http://www.guardian.co.uk/world/2010/dec/08/wikileaks-us-russia-visa-mastercard [guardian.co.uk]

  • by digitaldc (879047) * on Wednesday December 08, 2010 @11:28AM (#34487148)
    Anon DDOS attack? ... Priceless
  • by bsDaemon (87307) on Wednesday December 08, 2010 @11:36AM (#34487310)

    Regardless of the merits of Wikileaks and the service/information that the supply, I really don't see this as a productive response by their supporters. Rather, it just makes it appear as if a significantly-sized contingent of destructive, if not criminally-minded people support Wikileaks. It may or may not be Wikileaks' fault but the fact that groups are using, albeit incorporeal, violent action to pursue their political agenda is pretty much the definition of terrorism and they're really just making it easier for the government and media to paint Wikileaks with that brush. A campaign against companies which are at the heart of the modern economy is easy enough to paint as a threat to economic stability and therefore "national security" and is probably going to come back to bite them in the ass, one way or another.

    Of course, they're going to do what they're going to do. As long as they don't knock out the credit card processing capabilities then it won't affect me since I never go to the websites of these companies. But still, as they say on The Boondocks: "that's not a good look" and will probably have no positive outcome for those participating in the action.

    • by duguk (589689)

      Regardless of the merits of Wikileaks and the service/information that the supply, I really don't see this as a productive response by their supporters. Rather, it just makes it appear as if a significantly-sized contingent of destructive, if not criminally-minded people support Wikileaks. It may or may not be Wikileaks' fault but the fact that groups are using, albeit incorporeal, violent action to pursue their political agenda is pretty much the definition of terrorism and they're really just making it easier for the government and media to paint Wikileaks with that brush. A campaign against companies which are at the heart of the modern economy is easy enough to paint as a threat to economic stability and therefore "national security" and is probably going to come back to bite them in the ass, one way or another.

      Of course, they're going to do what they're going to do. As long as they don't knock out the credit card processing capabilities then it won't affect me since I never go to the websites of these companies. But still, as they say on The Boondocks: "that's not a good look" and will probably have no positive outcome for those participating in the action.

      So you suggest we ignore the problem of free speech and free press being restricted? That if we disagree what a government or company is doing, we should ignore it?

      Remember, this is not an organised group, it is a group of people who are pissed off. Voting hasn't worked. Writing letters hasn't worked. The only thing these companies will listen to is an attack on their profits and bad publicity. And even then they're being very quiet about admitting to it.

      Unless, of course, you've got some other genius

  • by Ismellpoop (1949100) on Wednesday December 08, 2010 @11:36AM (#34487316)
    with websites selling fake viagra.
    Last year I got a complaint from a Danish ISP that i was spamming their customers. I requested and got forwarded one of my supposed emails. A little bit of poking around I found that the viagra company was based in Hong Kong. Whois told me the address, names, telephone numbers etc. (you'd thing scum like that would hide their info better).
    I phoned and emailed Visa, MC, the spam company, even their service provider. The only response was from that Danish ISP their tech guy if you can call him that was complaining about my continual spamming even after I gave him the proof that the email originated from China not Canada. You would think traceroute and whois are kind of basic tools and any dumbass should be able to use them but this guy didn't even know how to look at email header info.
    As for visa MC they would not be bothered even though I gave them all the info (btw they were shipping their product from Texas) Visa and MC told be to get bent.
    • by hedwards (940851) on Wednesday December 08, 2010 @12:32PM (#34488338)
      Indeed. I'm curious as to what sort of liability this is going to open for them in the future. Previously they only refused transactions that the government required them to or in cases where they suspected fraud.

      If they're now blocking transactions which the government doesn't require them to and that they have good reason to believe the cardholder consented to, that's got to open up all sorts of liability over their connection with cybercriminals.
  • by formfeed (703859) on Wednesday December 08, 2010 @12:26PM (#34488240)
    As Newspapers allover Europe start pointing out: Mastercard doesn't have any problems collecting donations for the Klan.

When speculation has done its worst, two plus two still equals four. -- S. Johnson

Working...