You’ve likely seen the news that Visa, Mastercard, PayPal and others are under distributed denial of service (DDOS) attacks by folk who feel that WikiLeaks headman Julian Assange is being persecuted for distributing sensitive information he’d received from others.
Setting aside that entire espionage, sex-by-surprise, persecution, journalism and right to information thing, what’s left is the hacking attempts — coördinated attacks on key points of the infrastructure of commerce. This, as we are in the midst of the holiday buying season. A juicy target indeed.
The coördinated attacks seem to be having some small effect on commerce. According to one report:
MasterCard, calling the attack “a concentrated effort to flood our corporate website with traffic and slow access,” said all its services had been restored and that account data was not at risk.
But it said the attack, mounted by hackers using simple tools posted on the Web, had extended beyond its website to payment processing technology, leaving some customers unable to make online payments using MasterCard software.
How it’s done
By using freely available tools to target and coördinate these attacks, *anyone* can join in the action. Find the right IRC server, download the tools, and turn them on — poof, you’re a ‘hack-tivist’ and your computer (or computer network) is now part of a botnet:
The weapon of choice is a piece of software named a “Low Orbit Ion Cannon” (LOIC) which was developed to help Internet security experts test the vulnerability of a website to these assaults, the distributed denial of service attacks. The LOIC is readily and easily available for download on the Internet.
The LOIC can be controlled centrally by an administrator in an Internet Relay Chat (IRC) channel, a type of computer chat room; it can seize control of a network of computers and use their combined power in a DDoS attack. The attack is aimed at the target website and when the LOICs are activated they flood the website with a deluge of data requests at the same time.
The DDoS attack prevents the overloaded server from responding to legitimate requests and slows down the website to a crawl — or shuts it down totally. The attacks are coördinated in the IRC channel, and on Thursday, around 3,000 people were active on the Operation: Payback channel at one stage.
One side effect of all this is that the participants are also testing the limits of the commerce infrastructure for hackers and others who’s intentions may not be so noble as preventing a perceived injustice.
So what does this mean for retailers and customers in the next few weeks and months, and what does this mean for the future of online commerce?
- Slow or blocked online commerce — if the servers are clogged, your online merchant may not be able to process your credit card or PayPal transaction, and can’t complete the sale
- Increased attacks — depending on how this spate of incidents turns out, copy-cats will use the same techniques against new targets, or evolve their own methods and tools
- Increased unease — new online consumers will have another reason to *not* shop online, preferring to continue shopping at brick and mortar shops as they’ll feel more secure
- Increased security — essential to recover control of the commerce infrastructure and to demonstrate to consumers that online commerce works and is safe
- Increased cost — better and tighter security isn’t free, so this ‘cost of doing business’ will be factored into the retail process, resulting in higher prices
The Genie is out of the bottle
Yep, the tools and techniques have been around for a while. It’s taken one event like this to catalyze a motivated and unconnected group of people around the world to participate in coördinated action. We will see more of this, maybe aimed at political institutions, national governments, or launched by environmental activists. Welcome to a new reality.