* New features in the works for potential future attacks
* Software to launch attacks is extremely easy to use
* Software may be used to support other causes
By Jim Finkle
BOSTON, Dec 15 Supporters of WikiLeaks who last
week attacked the websites of MasterCard and Visa, say they are
tweaking the software used for those assaults in a bid to
create more powerful tools for possible future protests.
Several programmers posted their versions of the attack
program, known as Low Orbit Ion Cannon or LOIC, on Geeknet
Inc's GKNT.O SourceForge.net website.
Users can download the software for free, and also post
suggestions to developers on how to improve it.
"I improved this software to make a better weapon of it," a
developer working on the project, who goes by the screen name
ChipForkAnon, told Reuters in an email.
The programmers are joining supporters of WikiLeaks who
believe it is being unfairly attacked for publishing thousands
of secret U.S. diplomatic cables. Credit card companies like
Visa (V.N) and MasterCard (MA.N) have stopped processing
donations for the nonprofit site, while Amazon.com Inc (AMZN.O)
kicked WikiLeaks off its hosted service.
Take a Look [ID:nWIKI]
Reuters Breakingviews [ID:nLDE6B80K1]
The attack program is easy to use: Users need only enter
the web address of the site they want to attack to join the
army of computers launching a denial of service, or DOS, attack
on a website. Such attacks can shut down a site by overwhelming
it with web traffic.
Last week's attacks succeeded in shutting down the sites of
MasterCard and Visa. Attackers sought but failed to shut down
the better defended Amazon and PayPal sites.
Some 88,000 copies of the program were downloaded from
SourceForge.net this week.
The LOIC software is not just a weapon. It can also be used
by security experts to simulate attacks on websites that they
want to protect.
Executives at SourceForge said they will continue to host
the software, regardless of how frequently it is used in denial
of service attacks -- unless they are served with a court order
to remove it from their site.
"There's nothing inherent in the software that's bad," said
Geeknet Chief Executive Scott Collison. "It would be like going
to a store and saying 'Somebody used a hammer to kill somebody.
Remove all hammers form the store.' We can't do that."
Supporters of the anonymous attacks are now incorporating
changes to make it a more powerful weapon.
One key modification under consideration is adding a
feature to hide the identities of the attackers. The current
version allows the site under attack to log the location of its
attackers, which would help law enforcement track them down.
Denial of service attacks are illegal in many countries
including the United States and Britain.
Programmers are quietly working to improve the software so
that it will work more efficiently in future attacks.
"I support this cause wholeheartedly," a programmer who
goes by the screen name Urijah said in an email. "This is the
new social mechanism we've been waiting for to correct the
deficiencies of markets."
Analysts said publicity over the denial of service attacks
by the WikiLeaks supporters will encourage other types of
protesters to launch similar attacks on behalf of other causes
with the same LOIC software,
"When we look back years from now we'll see this as a
tipping point in 'hactivism' going from largely a theoretical
threat to something that's more a day-to-day issue," said
Yankee Group analyst Ted Julian.
Barrett Lyon, a security expert who specializes in
protecting companies against sophisticated denial of service
attacks from criminal professionals, said he suspects that
political websites could be targets in upcoming political
"There are people willing to risk breaking the law to join
a cause of some sort to silence somebody," he said.
(Reporting by Jim Finkle; Editing by Ros Krasny and Tim