Anonymous deploys trickster DDoS sites to fuel online attacks

A new Anonymous tool deployed in recent days can inadvertently turn casual browsers into participants in a distributed denial-of-service attack, and is believed to have been at least partially responsible for taking Universal Music and other sites offline in MegaUpload-related protests. Although until now Anonymous has focused on the so-called LOIC (Low Orbit Ion Canon) tool to carry out DDoS attacks, a freely downloaded app that helps bombard sites with hits until they are overwhelmed and unresponsive, a new browser-based strategy has surfaced, CNET reports, that creates a DDoS-fueling webpage.

The new system involves directing people to specially constructed webpages that rely on JavaScript to redirect visitors to any site to be targeted, the page repeatedly attempting to access that target until the window is closed. A variation on the theme offers more control to the user, allowing them to set their own target by URL or IP address.

Because the attack can be triggered inadvertently, without the user realizing, it's suggested that there is plausible deniability should future investigations cite their particular IP address. This is not the case with LOIC, which members of Anonymous have taken to running through the secure TOR network so as to mask their own IP address and escape identification.

"If you are an unwitting participant then technically you're not liable under the law" computer crime specialist Jennifer Granick suggests, "because all criminal statutes, with some narrow exceptions, require some criminal state of mind."

Anonymous began distributing links to such sites via its Twitter feed, and the tool is believed to have assisted in last week's takedown of the Department of Justice site, among others. Meanwhile, PC Mag reports, Universal Music and Vivendi were both forced offline this weekend, while a DNS poisoning attack redirected all visitors to CBS.com.