Wednesday, December 08, 2010

Mastercard and others hit by cyberattacks

In what may be just the beginning of a full scale cyberwar between activists and corporations an anonymous group of hackers have brought down the Mastercard website and struck at sites belonging to PayPal and that of the Swedish prosecutors office which is pursuing Wikileaks' founder Julian Assange.

Mastercard said there was "no impact" on people's ability to use their cards for transactions. But it does not bode well for companies that have tried to distance themselves from the whistle-blowing website. PayPal, which stopped processing donations to Wikileaks last week, has also been targeted. The online payment firm has admitted that it stopped payments following a request from the US government. "State Department told us these were illegal activities. It was straightforward," PayPal's Osama Bedier told the Le Web conference in France.

But the reasons behind the companies' decisions have not deterred the activists. Yesterday the Swiss bank that closed Wikileaks' head Julian Assange's account, was hit by cyberattacks. "In response to the arrest of Julian Assange, Anonymous has taken down PostFinance.ch, who terminated Wikileaks bank account, using a distributed denial-of-service attack," a web post read. "Subsequently, Anonymous attacked http://www.aklagare.se, the Swedish Prosecutors office, also using a DDoS attack, and took the site down in under 10 seconds of beginning the attack."

The hackers have said that any site attacking Wikileaks or denying services would not immune from potential attacks. Noa Bar Yosef, a senior analyst at security firm Imperva said the attacks were "very focused". "It is recruiting people from within their own network. They are actually asking supporters to download a piece of code, the DDoSing malware, and upon a wake-up call the computer engages in the denial of service," he said.

The credit card company did not directly confirm they were under cyberattack but did acknowledge problems accessing the website. "Mastercard is experiencing heavy traffic on its external corporate website - Mastercard.com - but this remains accessible," Doyel Maitra from Mastercard said earlier today. However the site was stll inaccessible several hours later in London. The company said the attacks would not affect transactions. "We are working to restore normal speed of service. There is no impact whatsoever on Mastercard or Maestro cardholders' ability to use their cards for secure transactions," Maitra said. 

While the attacks have so far only been a minor inconvenience, if they increase they could pose a significant financial threat to some of these corporations. Mastercard is just one of several companies who have stopped providing services to Wikileaks. Others include PayPal, Visa, Post Finance, Amazon web services and domain name provider EveryDNS. Concerted attack on these companies could cause considerable economic damage. Amazon would be particularly affected, should it be targeted, especially in the run-up to Christmas. 

So far, the attacks have been cited, more as a protest. But they well grow along with the anger that has been voiced at those attacking both Assange and Wikileaks. One of those said to be behind the attacks, and going by the name Coldblood, told the BBC, "As an organisation we have always taken a strong stance on censorship and freedom of expression on the Internet and come out against those who seek to destroy it by any means. We feel that Wikileaks has become more than just about leaking of documents, it has become a war ground, the people vs. the government."

While many of the DDoS attacks failed to take sites offline, that was not the point of the attacks, Coldblood said. "The idea is not to wipe them off but to give the companies a wake-up call," he said. "Companies will notice the increase in traffic and an increase in traffic means increase in costs associated with running a website."

Wikileaks still has a presence on Twitter and on Facebook, though some have questioned whether they too will be pressured to cut their links with the website. "We haven't received any official requests to disable the Wikileaks page, or any notification that the articles posted on the page contain unlawful content," Facebook's Andrew Noyes said today. "If we did, of course, we would review the material according to our rules and standards, and take it down if appropriate. The mere existence of a Wikileaks fan page on Facebook doesn't violate any law and we would not take it down just like we don't take down other pages about controversial topics. We're continuing to monitor the situation."

Meanwhile Twitter spokesperson Matt Graves issued a statement to reporters in which he said, "Twitter is not censoring #wikileaks, #cablegate or other related terms from the Trends list of trending topics. There's a number of factors that may come into play when seemingly popular terms don't make the Trends list. Sometimes topics that are popular don't break into the Trends list because the current velocity of conversation (volume of Tweets at a given moment) isn't greater than in previous hours and days. Sometimes topics that are genuinely popular simply aren't widespread enough to make the list of top Trends. And, on occasion, topics just aren't as popular as people believe." [Forbes / ibtimes / BBC / Sky News]

tvnewswatch, London, UK

No comments: