

Anyone reading this may unwittingly be taking part in a DDoS attack

Anonymous activists are using a specially crafted web page which sends mass requests to the justice.gov domain for a DDoS attack launched on Thursday on the US Department of Justice web site. When a user visits the web page, a short piece of JavaScript causes the user's browser to flood the government department's server with HTTP requests. The web page is being hosted at sites including PasteHTML, where users can post HTML code anonymously.



If a user follows the link, their browser will attempt to establish thousands of connections to the US Department of Justice server

In the past, when carrying out attacks of this kind the loose collection of activists has principally relied on the Low Orbit Ion Cannon (LOIC), which users participating in the attack must first download and run. In some countries, including the UK and Germany, this can be construed as a case of computer sabotage and therefore constitutes a criminal offence. In this case, however, the situation is less clear, as the JavaScript is executed without any user interaction and launches its attack as soon as the user opens the web page containing it.

Users have no way of knowing beforehand what will happen when they visit the page. Anonymous sympathisers have been diligently disseminating links to the web page via Twitter, frequently using any of a number of link shortening services to obscure the actual URL. In order to maximum the number of hits, Twitter users are in many cases being enticed to visit the page under false pretences.

The attack is part of #OpMegaupload, launched by Anonymous following the arrest in New Zealand of Kim Schmitz, founder of the MegaUpload service which was shut down yesterday in a worldwide operation by the authorities. Last night, the Department of Justice web site was indeed offline for some periods, but things now appear to have quietened down, with the web site currently freely accessible.

(djwm)