WikiLeaks has always pledged to protect the identity of people who send it sensitive documents, such as the diplomatic cables it began publishing last week.
But even the whistle-blowing website, which is fast becoming a test case for freedom of speech online, cannot have anticipated the lengths anonymous benefactors would go to protect it. Just hours after the UK detention of Julian Assange, WikiLeaks’ founder, over alleged sexual offences, a faceless band of mischief-makers disrupted a string of payment companies’ websites, including MasterCard.com and PayPal’s blog.
The organisation behind “Operation Payback” is Anonymous, an amorphous group with a long history of online pranks and more severe assaults against groups that it believes are restricting expression online. Its latest targets have included companies that have withdrawn services from WikiLeaks, the US politicians who have encouraged them to do so and Swedish prosecutors.
Anonymous, which has claimed responsibility for the raids, has its origins on the 4Chan message board, a site better known for harmless internet in-jokes, including “LOLcats” where funny pictures of felines are tagged with amusingly misspelt captions. It has targeted YouTube, scientologists and the Recording Industry Association of America, when it tried to suppress online piracy.
Even ardent WikiLeaks supporters such as Electronic Frontier Foundation co-founder Jon Perry Barlow complain that censorship is a poor way to support free speech. Anonymous’s tactics are similar to some directed against WikiLeaks itself: overwhelming a site’s servers with huge volumes of traffic in a so-called distributed denial-of-service attack.
Networks of virus-infected computers that can be controlled remotely, known as botnets, have been an important tool for online hackers as they can incapacitate websites by directing thousands of simultaneous requests for data, rendering them inaccessible to ordinary users. But Anonymous’s botnet is different as it is comprised largely of willing participants, who have handed over control of their computers to support the cause.
People have for years installed programs that use spare computer capacity to aid the search for extraterrestrial intelligence or to unlock the human genome. But only recently have citizens volunteered the use of their computers for collective activism.
During the 2008 armed conflict between Russia and Georgia, some websites spread tools that average Russian users could download to join denial-of-service attacks on Georgian government and media sites. A group called Help Israel Win encouraged Israelis to join a botnet for denial-of-service attacks against Palestinian sites the following year.
Anonymous has given thousands of followers a user-friendly tool to download and join the attacks.
“Think of it like a voluntary botnet,” the distributors wrote in an installation guide for the tool. Users can claim they have a virus should any questions arise, making the chances of being arrested for using the tool “next to zero”.
While a classic denial-of-service attack might require 10,000 computers or more to plug the network pipes of a big website, more sophisticated botnets could achieve the same result with only a few hundred machines, said Gunter Ollmann of security provider Damballa in Atlanta. And the voluntary tools such as those spread by Anonymous and others had generally been getting more effective, he said.
All of which raises the stakes for a group which, while it may call itself Anonymous, likes to crow about its achievements.