Is your kid part of the ‘Operation Payback’ army?

10 Dec 2010

Parents shouldn’t be concerned if their credit cards numbers may have been compromised in the recent ‘Operation Payback’ attacks that took down MasterCard and Visa’s websites, instead they should be worried if their teenage kids have volunteered their home computer.

Amateur ‘hacktivists’ yesterday orchestrated cyber attacks against the internet sites of organisations including MasterCard and Visa who they consider hostile to WikiLeaks.

It has been estimated that more than 3,000 people voluntarily made their computers available to ‘Operation Payback’, forming a distributed and formidable ‘army’ of attackers whose collective power took down the affected websites.

It is believed it took just 800 computers to take down MasterCard and 1,000 to take down Visa.

“For the average person this is worrying to some extent,” says Dermot Williams, managing director of IT security company Threatscape. “But rather than being concerned that your credit card might have been compromised, which has not been the case, a larger concern might be whether your teenage kids have volunteered your home computer and broadband connection to participate in perpetrating the attacks.

“It used to be that parents worried about their offspring using the family computer to download porn or pirated music and movies; now they have to wonder if they are participating in a co-ordinated global attack on major financial institutions,” said Williams.

Cyber anarchy

Whether parents can establish whether or not their teenage kids volunteered their machines, the next fear in their minds is what are the consequences.

“In many instances they can be traced, at least as far as associating an IP address with them, and there are precedents of them being tracked down and prosecuted,” Williams said.

“Then it’s a question of whether their internet service provider is willing, or is forced by court order, to hand over details of which customer was using a particular IP address at the time of an attack. A less technical analogy might be if someone is trying to overload your phone system with crank calls – but you could see their caller ID. Was the caller breaking the law? “Yes, in the case of yesterday’s cyber attacks, in many countries this type of ‘distributed of service’ attack IS a criminal offence,” he said.

Williams says these recent attacks have served as a reminder about how vulnerable the architecture of the internet can be at times, and how easily even large organisations can be impacted by relatively small numbers of attackers.

“And the high profile of yesterday’s incident may spawn future copycats in the name of other causes. While there are methods of mitigating the impact of these attacks, they take time and money to implement and cannot entirely defeat them. Is this an example of democracy in the digital age? We’d suggest it is more akin to cyber anarchy”.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years