PROTIP: Press 'i' to view the image gallery, 'v' to view the video gallery, or 'r' to view a random entry.
Operation Payback, also known as Operation: Payback Is A Bitch, is a series of DDoS attacks organized by users of 4chan’s /b/ (random) board that started on September 17th, 2010 against major entertainment industry websites such as the websites for the Recording Industry Association of America and the Motion Picture Association of America. The attacks began September 19th, 2010, and have continued unabated for over one month.
Beginning on December 7th, 2010, a series of DDos assaults led by the Anonymous under Operation Avenge Assange successfully brought down Paypal, Visa and MasterCard’s websites in retaliation against their decision to suspend all transactions with WikiLeaks, reportedly under political pressure from the U.S. State Department. Some of the other targeted sites included Amazon, Swiss Postal Finance as well as a number of U.S. government websites and various cybersecurity contractor firms.
The plan for Operation Payback was initially made by the users of 4chan as a response to the DDoS attacks carried out by Indian company Aiplex Software, who were hired by major media companies to carry out the said DDoS attacks against music and movie torrent-sharing sites, most notably The Pirate Bay. After learning of the DDoS on the torrent communities, 4chan users began planning their own retaliatory attacks on media websites, with the Motion Picture Association of America (MPAA) and Aiplex as their first targets.
After releasing this poster on 4chan and spreading it around the boards, the instigators were able to assemble multiple users bent on taking down the sites and they delivered, bringing the website down for over an hour on the first day, with over 22 hours down-time on the MPAA website and over 24 hours for Aiplex.
With the creation of the website for Operation Payback (now defunct), Anonymous participants were able to concentrate their efforts on specific targets at specific times, with little need for collaboration over 4chan itself and the ability to strike a wider range of targets.
After the original attacks against Aiplex and the MPAA, the participants decided to continue the Operation, taking down any websites that they disagree with or that have had a hand in an attempt to take down The Pirate Bay website. Throughout over a month of attacks, several websites were brought down. Some like MPAA were brought down over 20 times in the span of less than 48 hours.
- September 17th: MPAA was the first website to be attacked and had 22 hours of downtime. International Federation of the Phonographic Industry, the second site to be attacked, had over 14 hours of downtime.
- September 18th: Aiplex, the third site to be attacked, was attacked on the 18th and continued through the 20th, with over 25 hours of downtime.
- September 19th: The RIAA were attacked starting at midnight on September 19th, being interrupted over 35 times and having an hour and a half of downtime.
- September 20th:: An attack was scheduled against the British Phonographic Industry but was unsuccessful. The Operation switches its target back to the MPAA, with much less success.
- September 21st: ACS Law experiences a server shutdown across Europe, as a result of DDoS attacks.
Social Networking Advocacy
In light of the recent explosion of interest in counter DDoS attacks, many advocates of targeting companies and organizations that oppose WikiLeaks have created social networking pages for their cause. However, these pages were shut down by their respective hosts, including the Facebook page, though many other iterations of the page have spawned since its take down. Operation Payback’s Twitter account was suspended, although there has yet to be any official comment on whether or not the suspension of service was enacted by Twitter itself.
U.S. Copyright Office Targeted
Following the attacks on numerous multinational music and film industry websites, Anonymous targeted and brought down the website of The United States Copyright Office as part of its ongoing aggression against any institution or company that defends the copyright regime. On November 3rd, 2010, the gorup managed to bring Copyright.gov offline for about half an hour before the site began to respond again slowly. Shortly after the news of the attacks, F.B.I launched an investigation to track down the infiltrators.
Sarah Palin Targeted
On December 8th, 2010, ABC News reported that Sarah and Todd Palin’s credit card account were attacked and “disrupted” by Operation Payback. In addition, Sarahpac.com was also attacked by Operation Payback. Hints in the DDOS attack, including a screenshot of a server log file showing the wikileaks.org URL, led the authorities and Palin’s associates to suspect the perpetrators’ affiliation with WikiLeaks and Anonymous, though the hacktivist group never claimed the responsibility for targeting Palin with DDoS attacks.
Operation Avenge Assange
Following WikiLeak’s unprecedented expose of sensitive documents containing US diplomatic cables in February 2010, the U.S. government criticized the WikLeaks founder Julian Assange, and began pressing on the affiliates of WikiLeaks to halt their transactions with the Swiss-based website. As a result, WikiLeaks’ server host Amazon dropped their service, while Mastercard and PayPal ceased all transactions of funds donated by the supporters of WikiLeaks and Julian Assange.
Beginning in December 2011, Amazon took down their hosting of the WikiLeaks servers less than a day after being contacted by the office of Senator Joe Lieberman and was then followed by PayPal, Visa, Mastercard and most recently, MasterCard. Official statements from these respective companies cite things like ToS violations and pending investigations but the government intervention in all this is somewhat suspect.
There is a letter from the US State Department floating around that was sent to Assange on November 27th, which is now making it’s rounds to the organizations still supporting WikiLeaks.
In retaliation against the US-led counter-measures and support of Assange, Anonymous contingent launched several waves of DDoS attacks against various companies whom they perceived as “enemies of Julian Assange,” under the catchy-sounding codename Operation Avenge Assange.
The Next Web Media reported that Paypal has released funds left over in their WikiLeaks account, which was terminated in by the company after an apparent “terms of usage violation” where WikiLeaks was said to have been “used for any activities that encourage, promote, facilitate or instruct others to engage in illegal activity.” The account, however, is still closed.
Timeline of Attacks in December 2010
- December 6th, 2010: Swiss bank website PostFinance.ch was attacked.
- December 7th, 2010: Swedish Prosecution Authority website and EveryDNS, one of the world’s largest free DNS management services were attacked.
- December 8th, 2010: Joseph Lieberman’s official website, Sarah Palin’s official website, MasterCard, Borgstrom & Bodstrom and Visa websites were attacked.
- December 9th, 2010: PayPal and Amazon websites remained offline.
- December 10th, 2010: Paypal, Moneybookers and Conservatives4Palin websites were attacked.
Zimbabwean Government Websites
In early January 2011, Operation Payback brought down several Zimbabwean government websites after the Zimbabwean President’s wife sued a newspaper for US $15 million for publishing a WikiLeaks cable that linked her with the alleged trade in illicit diamonds.
U.S. and U.K. Arrests in January 2011
As reported by RawStory, one Dutch teenager was arrested with alleged connections to Operation Payback in December 2010. The teen could face up to six years in prison for the cyber attacks, according to the Netherlands’ prosecutor’s office spokesperson. In apparent retaliation of the teenager’s arrest, the Dutch Police Office’s website was consequently attacked and were offline for several hours on the morning of December 10th, 2010.
On January 27th, 2011 the FBI executed more than 40 search warrants across the United States in investigating the retaliatory DDoS attacks against companies that cut off services to WikiLeaks, including Visa, Mastercard, Paypal and Amazon. No arrests have been announced in conjunction with the searches. Meanwhile in the UK, the British police arrested five men on the same day on suspicion of participating in the Anonymous operation.
Protect IP Act
On May 23rd, 2011, an image was posted to Reddit detailing instructions on how to DDoS the United States Chamber of Commerce, a lobbying group that represents businesses and trade associations and has supported the proposed Protect IP bill. A CNET article from May 12th, 2011 outlined specific sections of the bill that were controversial:
Sen. Patrick Leahy (D-Vt.) today introduced a revised version of a controversial bill that would give the Department of Justice and individuals new powers to enforce copyright and trademark law against “rogue” and “pirate” Web sites that offer unlicensed copies of protected content or which sell illegal knock-offs of brand-name goods.
A PDF document link to the full proposed bill can be found on Senator Patrick Leahy’s website.
FBI Arrests & Raids in July 2011
On July 19th, 2011, CNN reported at least 14 people were arrested in New York, New Jersey, Florida and San Francisco Bay Area as part of an ongoing FBI investigation of the notorious “Anonymous” collective, citing a senior federal law enforcement official. In New York City alone, federal agents executed the search warrants in a half dozen locations in Long Island, Brooklyn and the Bronx, where they seized computers and other digital records.
The federal authorities initially didn’t announce the specific charges of the arrested individuals, but all are believed to have been involved in carrying out distributed denial of service (DDoS) attacks on numerous high-profile corporate and government websites. It was later reported by Wired[14[ that the first 14 arrestees were charged under the Computer Fraud and Abuse Act.
According to an FBI affidavit released on July 26th, the federal authorities have been working closely with PayPal security officials who provided a list of 1,000 IP addresses most accountable for the heavy traffic volume during the DDoS attack against their website. The document also revealed that FBI agents began monitoring Anonymous press releases and Twitter announcements about Operation Payback as early as on December 6th, 2010, the day when PayPal began receiving heavy traffic.
Anonymous Announces #RefRef
Amidst the preparations of peaceful demonstrations related to #OccupyWallStreet and Day of Rage protests on September 17th, 2011 @AnonOps announced the simultaneous release of #RefRef, a tool that is intended to replace the use of distributed denial-of-service (DDoS) software Low Orbit Ion Cannon (LOIC). Unlike the traditional method of employing massive “botnets” to request the target server, #RefRef triggers a flood of processes from a single computer onto the target server itself, which results in an overload of internal resources.
According to various reports by ITworld and Geekosystem, #Refref may have been previously tested on a number of websites including Pastebin and Wikileaks. Back in July 2011, Pastebin tweeted a message in reference to someone testing software on the site.
The Guardian – Wikileaks website pulled by Amazon after US political pressure / 12/2/2010
Rawstory – Targeted by ‘Anonymous,’ Bank of America website sees intermittent outages / 12/27/2010
Sydney Morning Herald – Film Industry Hires Cyber Hitmen to Take Down Internet Pirates
The News Portal Online – Paypal Admits Government Pressure led to WikiLeaks Freez