Anonymous Wikileaks attackers 'easy' to find says study Published duration 13 December 2010

image caption Web attacks were like sending a menacing letter bearing a return address, say researchers

Working out who carried out web attacks in support of Wikileaks would be easy, suggests a study.

The tool used in the attacks leaks the net addresses of everyone who used it, reveal Dutch computer scientists.

In early December thousands of people downloaded the tool to aid attacks on Mastercard, Visa, Paypal and Amazon.

The study found that the tool makes no attempt to hide a user's net address which would lead any investigator almost straight to an attacker.

No spoofing

"What I do expect is that some people will be caught," said Dr Aiko Pras of the Design and Analysis of Communication Systems department at the University of Twente who lead the study.

Dr Pras said some countries will want to make an example of those that took part in the web attacks in early December. Two people have already been arrested in Holland for co-ordinating the attacks.

The Anonymous group behind the attacks recommended supporters download and install LOIC to punish companies it regarded as being anti-Wikileaks.

Advice on the site from which LOIC can be downloaded re-assured people by saying there was "next to zero" chance that anyone who used it would be caught.

However, said Dr Pras, analysis of the data traffic LOIC generates suggests that it would be easy to find attackers.

"The current attack technique can be compared to overwhelming someone with letters, but putting your real home address at the back of the envelope," they wrote in a report on LOIC.

To investigate how LOIC works the University of Twente team set up a small network and bombarded one machine with packets of data generated by LOIC.

The target machine was set up to record information about the packets of data being sent to it. This is known as a denial of service attack and aims to overwhelm a host or server with request for data.

A look at the packets of data generated by LOIC showed the net address of an attacker in every one and revealed that "the tool does not take any precautions to obfuscate the origin of the attack" wrote the researchers.

This was a surprise, they said, because techniques to spoof net addresses are well known and trivial to use.

"The tool was written to do a stress test on your own servers and there was no intention for it to used to do denial of service, said Dr Pras, "because of that they did not do any anonymization."

LOIC tries to create thousands of connections to a target, said Dr Pras, which would mean that there was plenty of evidence police forces could use to trace attackers.