Hacktivist collective Anonymous has made joining a denial-of-service attack as easy as clicking a link on a Twitter post, making it possible to gather an army of unwitting participants.
Graham Cluley, senior technology consultant for security vendor Sophos, was the first to report on Anonymous' new "tactical attack technique," which was used against the U.S. Justice Department Web site last week. The attack followed law enforcement's take down of Megaupload.com, a file-sharing site accused of costing the entertainment industry a half-billion dollars in losses from illegally shared movies, music and software.
Previously, Anonymous encouraged sympathizers to install a program called LOIC, or Low Orbit Ion Canon, in order to join a DDoS attack. The latest technique ups the ante by making it possible to trick people into becoming participants. "This can of course be used on Facebook/Twitter and other sites to lure unsuspecting users," Carl Herberger, vice president of products at network security vendor Radware, said Tuesday in the company's blog.
Overall, the new method "escalates the hactivist war and adds yet another effective technical technique to their (Anonymous) basket of tricks," Herberger said.