Operation Invade Wall Street

Operation Invade Wall Street

Part of a series on Occupy Wall Street. [View Related Entries]

Updated Sep 18, 2012 at 10:27PM EDT by Brad.

Added Oct 04, 2011 at 04:30PM EDT by Don.

PROTIP: Press 'i' to view the image gallery, 'v' to view the video gallery, or 'r' to view a random entry.

This submission is currently being researched & evaluated!

You can help confirm this entry by contributing facts, media, and other evidence of notability and mutation.


Operation Invade Wall Street was a contentious hacktivist campaign launched by a faction within Anonymous with the objective of bringing down the New York Stock Exchange website through distributed denial-of-service (DDoS) attacks in support of the Occupy Wall Street protests. From the beginning, the ambitious plan was met by skepticisms regarding its authenticity and effectiveness and the proposed cyber attack never materialized.


On October 2nd, 2011, YouTube channel TheAnonMessage, presumably an Anonymous affiliate, released two videos about a DDoS attack plan called "Operation Invade Wall Street," scheduled for launch on October 10th. The first video was directed toward the general populace, while the second video specifically addressed the news media. Although there were no explicit mentions of its affiliation with Occupy Wall Street protests, the announcement was reported in the news as an extended effort of the ongoing Anonymous movement.

2009 DDoS Attacks on NYSE

Prior to the eruption of Occupy Wall Street protests, New York Stock Exchange's website had been targeted by DDoS attacks on July 8th, 2009. However, the attacks didn't impact the trading and data systems of NYSE markets. According to a report published by MarketWatch[16], the coordinated DDoS attacks also affected numerous other high-profile websites including the Washington Post, the U.S. Homeland Security and Defense (USHSD), the Federal Aviation Administration (FAA) as well as South Korean government Web sites.

Notable Developments

The D.H.S Warning

As the rumors of DDoS attacks spread across the grapevines, the U.S. Department of Homeland Security issued a warning out to financial companies to stay vigilant about a cyber security threat from Anonymous. According to a bulletin[10] released by the department in early October 2011, the authorities suspected that the group "will continue to exploit vulnerable publicly available web servers, computer networks and other digital information mediums for the foreseeable future." The Department's warning was subsequently picked up by the Village Voice[3], The Atlantic Wire[11], Fox News[12], Forbes[13], New York Magazine[14], and Business Insider.[15]

Internal Division

Meanwhile, other well-known Anonymous outlets speculated ulterior motives behind the announcement of Operation Invade Wall Street.

On October 4th, an anonymous message was posted to Pastebin[2] which claimed that Operation Invade Wall Street was fake.

Operation Invade Wall Street is bullshit! It is a fake planted operation by law enforcement and cyber crime agencies in order to get you to undermine the Occupy Wall Street movement. It proposes you use depreciated tools that have known flaws such as LOIC.
Anonymous would never tell you to use LOIC – Not after the arrests and failures of Operation Payback.
Anonymous wouldn't attack NYSE on a HOLIDAY – It is debatable if Anonymous would ever even attack NYSE.

The same day, The Examiner[7] published an article about the rumors with a reference to the Pastebin communique, which questioned whether the call to action was actually a false flag operation[5], a type of covert disinformation tactic that uses propaganda techniques to make it appear as if actions are being planned by innocent entities.

Tuesday, a significant source for all things Anonymous, AnonNews, linked to a statement denying the authenticity of Operation Wall Street, claiming the operation is most probably a false flag operation initiated by law enforcement officials in order to undermine Occupy Wall Street.

ANONYMOU S Greetings Fellow Anons: As brothers and sisters, we have to look out for one another in times like these. we have taken notice to a planned attack which has been named #invadewallstreet, which is to be held out on October 10th. We strongly advise against this action and everything it entails to. Many of our brothers and sisters have gone down in the fight for using such tactics, like the wikiLeaks defendants who took down Visa, Paypal, and Mastercard which led to mass amesis. We do not want history to repeat itself, and are sincerely worried. Using such a tool such as LOIC to get your message across would be deemed irresponsible and you would be signing your own ticket to jail Please change these tactics for this Op to spare our movement the loss and to spare OccupyWallStreet of the bad press. Thank you and we hope we have made our point We are Anonymous. We are legion We do not forgive. We do not forget. Expect us.

Follow-up Communique

On October 8th, 2011, YouTube channel TheAnonMessage released a follow-up communique refuting the accusations of Operation Invade Wall Street being a subversive entrapment set up by law enforcement agencies. The video further advised its participants to use TOR at a WiFi hotspot in order to avoid leaving any digital footprint while conducting the DDoS attacks.

I am here to clarify that factions of Anonymous are going with the operation. Other factions are opposing it. A fellow Anon told me the easiest way not to get caught is to use TOR at a hot spot, whether it be a university or a library.

The video also claimed that a group of Anonymous hackers managed to bring down NYSE's website for a period of 30 minutes, although no specific details were released for security measures.


Within minutes of the publicly scheduled attack at 3:30pm, it was reported that NYSE.com became unavailable for a very brief duration of time, from 3:35pm to 3:37pm (EST). The site returned to its normal speed within minutes and NYSE spokesperson Rich Adamonis confirmed that trading was unaffected by the downtime. The brief outage was reported by Keynote[17], an Internet monitoring company and another tracking site called DownForEveryoneOrJustMe.com.[18]

Planned Method of Attack

Low Orbit Ion Cannon

The Low Orbit Ion Cannon (LOIC) is an application capable of linking up with other machines to perform a distributed denial-of-service (DDoS) attack. In June of 2011, 5 people were arrested in the UK, 3 in Spain and 32 in Turkey that were suspected of using the LOIC tools. A paper written by the Design and Analysis of Communication Systems Group (DACS) from the University of Twente[8] in the Netherlands described how it is possible to get caught using the LOIC to perform a DDoS attack:

If hacktivists use this tool directly from their own computers, instead of via anonymization networks such as Tor, the real Internet address of the attacker is included in every Internet message being transmitted, therefore making it easy to be traced back. We also found that these tools do not employ sophisticated techniques, such as IP-spoofing, in which the source address of others is used, or reflected attacks, in which attacks go via third party systems. The current attack technique can therefore be compared to overwhelming someone with letters, but putting your real home address at the back of the envelop.

Low Orbit Ion Cannon | U dun goofed I v. IRC server Port 6667 Channel #loc . RC Mode (HMelind) Disconmecled. Manual Mode (Do it yourself) 1 . Select your target Low Orbit Ion Cannon _ 3. Ready? URL Lock on MMACHARGIN MAH LAZER IP Lock on Selected target NONE! 2. Attack options TCP/UDP message U dun goofed HTTP Subsite fasterSpeed slower> Wait for reply TCP 80 10 9001 Append random chars to the subsite / message Method Port Threads TimeoutUse Gzp (HTTP) Attack status idle Connecting Reguesting Downloading Dovwenloaded Reapested Fallad gthub.com/NewEraCracker/LOiC

Ref Ref

An application meant to replace the LOIC was released in September of 2011, and according to an interview with the developer in Hacker News[9], it uses a SQL javascript vulnerability to make the target website use its own processing power against itself.

RefRef is a revolutionary DoS java site. Basically, by using an SQL and .js vulnerability, you can send a page request packet from your home computer with embedded .js file, because of the vulnerability in the SQL/Javascript engine on MOST websites, the site actually TEMPs the .js file on its own server. So now the .js is in place on the host of the site. Next since you still have the request, it picks up the .js file, and all of the requesting for packets power happens on the server, not the requestee. I send two packets from my iphone, and everything else happens on the server. Basically eats itself apart, because since both are on the server, its all a local connection.

The program's release was first announced by @AnonOps[17] in early September in the days leading up to the beginning of #OccupyWallStreet protests on September 17th. According to various reports by ITworld[18] and Geekosystem[19], #Refref may have been previously tested on a number of websites including Pastebin and Wikileaks and it is ntended to replace the use of distributed denial-of-service (DDoS) software Low Orbit Ion Cannon. Back in July 2011, Pastebin tweeted a message in reference to someone testing software on the site.

1001astebin 101 Pastebin.comッ Please do not test your software on us again. i.imgur.com/kiWav.png I hate graphs that look like this! 29 Jul via web ☆ Favorite Retweet Reply Retweeted by willicab and 29 others 22 24 About Help Blog Status Jobs Terms Privacy Advertisers Businesses Media Developers Resources ©2011 Twitter

Search Interest

External References

Recent Videos 3 total

Recent Images 7 total

Top Comments

Nathaniel Phillips
Nathaniel Phillips

This is what's known in the world of internet security as a "Honey-pot".

The term is taken from honeypots or fly paper which used the sweet scent of honey to lure flies to their untimely demise.

A honey pot can be created by a security firm, law enforcement, research firm, or business entity. It's basically used to see how the hackers initiated the attack, and gather research on how to stop it and possibly those who started it..

Counter hacking, pure and simple. If you find this a somewhat dubious Anon-op, it's best not to go through with using either ref ref or LOIC. Remember, the best way to avoid arrest is to never commit a crime in the first place.


Anon is disappointing me recently. There is no leader of anonymous, yet you have certain individuals declaring operations. Seriously; Anonymous is not your personal army. The oldschool, spontaneous raiding anonymous used to do was much more fun an much more effective.


+ Add a Comment

Comments (20)

Display Comments

Add a Comment

Hello! You must login or signup first!