Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Communications Security

Anonymous Now Attacking Corporate Fax Machines 410

An anonymous reader writes "Anonymous has claimed responsibility for distributed denial of service attacks against several anti-WikiLeaks websites this month. In a novel twist to the campaign, Mission Leakflood has started a new DDoS attack against fax numbers belonging to Amazon, MasterCard, Moneybookers, PayPal, Visa and Tableau Software. Some numbers have already stopped responding, and Twitter and PostFinance have since been added to the target list."
This discussion has been archived. No new comments can be posted.

Anonymous Now Attacking Corporate Fax Machines

Comments Filter:
  • A what? (Score:5, Funny)

    by jamesl ( 106902 ) on Monday December 13, 2010 @06:24PM (#34540752)

    What's a Fax Machine?

    • Re:A what? (Score:5, Funny)

      by pspahn ( 1175617 ) on Monday December 13, 2010 @06:35PM (#34540888)

      It's a machine that stores, retrieves, and serves Fax. Fax such as "how many licks does it take to get to the center of a tootsie pop" and "how often does Google watch me in the shower?"

      Current forms of Fax Machines are Wikipedia, and Answers.com. They serve their purpose and serve it well. Previous incarnations include the Rosetta Stone, Newpaper Rock, and the Black Monolith. While comparatively primitive by modern standards, these archaic Fax Machines undoubtedly sparked the minds of those who used them.

      Honorable mention goes to Baghdad Bob for keeping faithful to the true heart of Fax Machines, though ultimately his Fax were deemed inaccurate.

    • i think it must have been a typo, fox machine maybe?
      as in "fear and misinfo spreading, fox news machine"

      btw whats a fox?

      • by arth1 ( 260657 )

        btw whats a fox?

        I've heard that that lady in Transformers, what's her name again, is a real Fox.

    • by arth1 ( 260657 )

      I don't understand businesses (and government agencies!) that insist on faxes in 2010.

      Sure, you get a delivery receipt, but you get that with e-mail too -- the SMTP server that the recipient states in their MX record also "signs off".
      Sure, you can get a caller ID, but that's as easily spoofed as an e-mail header..

      You'd think that telefax would have died fifteen years ago, but then again, there are still people who pay with cheques and listen to mp3s.

      • by Dthief ( 1700318 )
        A lot of government bureaucracy requires you to get hard copies of things....for example often times a signature must be an actual hard copy or facsimile but cannot be an emailed file, in which case having a fax is essential.

        Governments are always slow to change, and thus are many years behind the current tech. Once thy catch up, faxes will go away.

      • Re:A what? (Score:4, Interesting)

        by Pharmboy ( 216950 ) on Monday December 13, 2010 @09:53PM (#34542500) Journal

        Faxes aren't going anywhere any time soon. It is still more convenient for many tasks, and software hasn't done a great job when it comes to standardization of attachments. I still get email attachments from people who just installed the newest version of Microsoft Office, and when I tell them to save it in an older format, they have no fucking clue what that means. They just save in the default format, which is always the "new" format, and we don't run MS Office in our office, on purpose. We run OpenOffice (which is now LibreOffice) but I digress. So I tell them "Then fax it to me" because I don't have the time to explain why they are a 'tard for not knowing how to save a file as a "word 95" file.

        And of course, what they end up sending me is nothing more than plain text anyway, which could have been done using Notepad, but they have no idea what that is. Sometimes they use a fancy font, usually one that is barely readable. We avoid this by simply having a "print to PDF" feature in our office, so we just send everyone a PDF when we email, unless of course we are just sending text, in which case we type it. Unless it is a page from an old owners manual, in which case we just copy it then fax it.

        Have I made myself clear? No? Good. Because most people in the biz world are too busy trying to get business done to care how they get it, and faxing is easy, cheap and fast.

        As for checks/cheques, they will also be around for a long time as they are handy for a creating paper trail and delaying payment for a couple days. And you can fax them to the other party to show them that the check is in the mail, which doesn't make much sense as technically, it is in a fax machine, but it makes them feel good if you are a week behind on the payment for some reason. Then you wait another week, send the check, and blame the post office. I times are really hard, you can just seal an empty envelope, then use a letter opener to open the empty envelope, then mail that, then when the receiving party says the envelope was open and empty, tell them that someone must have stolen the check, so it isn't your fault, and that you will send another check TODAY, which you then fax a copy of, wait one week, then mail.

        So in short, the reason that faxes and cheques exist is that they are simple and efficient.

  • Not Very Anonymous (Score:5, Insightful)

    by bit trollent ( 824666 ) on Monday December 13, 2010 @06:24PM (#34540756) Homepage

    I love how all these "Anonymous" noobs are basically reporting themselves to the authorities by running Denial of Service attacks from their home computer.

    "Sorry, the FBI took all our computers dad. I was doing some 1337 hacking for 'Anonymous'"

    • by Anonymous Coward

      not unless if you claim your machine has hijacked and you were not aware of it.

      are they going to fine/jail everyone?

      • by Coldegg ( 1956060 ) on Monday December 13, 2010 @06:30PM (#34540832)

        It doesn't matter... I'm not sure how much time you've spent with the police or in front of the judge, but it's really a pain. For most people, having to go through all of those things can be life impacting. It is hard enough for alot of thee people once corporations grab onto them (see DMCA, etc). It's a whole lot worse when you've pissed off the federal government and they latch on.

        It will be interesting to see how this goes down... but I have a strong feeling that there will shortly be a large numbers of household raids w/ electronics confiscations. Good luck telling them that your machine was hacked. With that defense, you might see your computer again after a few years of courthouse battle.

        • But what if it really was hijacked? With all the news about unpatched Windows XP hosts lying around and botnets with millions of nodes, surely someone in "Anonymous" has access to a botnet or two?

          Oh well, if it leads to educating the people to patch their computers (yes, their new one), it's one small (large?) plus.

          Incidentally, I wonder how many defense contractors are -- using PowerPoint probably -- trying to convince each other and those who would listen and give them money the Gawker database breach was

        • millions of homes. raided. tens of millions of people affected due to relatives, social circle, friends, colleagues.

          goes WAY over the population limit of many countries, mind that.
        • by EdIII ( 1114411 ) on Tuesday December 14, 2010 @01:08AM (#34543422)

          You may never see your computer again period.

          Innocence is truly not a factor in these cases. They will come down on your hard enough to "put the fear of God" in you, so that you never make the mistake of even thinking of being an activist. That is if you are truly innocent, too.

          Regardless, your computer is now evidence in another case, one that they will be building against the person that hacked your machine. Of course, that investigation could go on for years, then the inevitable court cases, multiple jurisdictions, possibly multiple countries involved, etc.

          By the time you get your computer back from the evidence room everything will be on the Internet (translation Google) and accomplished by omni-present holographic interfaces in your whole house, including the shitter. More than likely you will get a form first asking if you want to donate it to the Smithsonian.

      • Comment removed (Score:4, Interesting)

        by account_deleted ( 4530225 ) on Monday December 13, 2010 @06:31PM (#34540844)
        Comment removed based on user account deletion
      • not unless if you claim your machine has hijacked and you were not aware of it.

        are they going to fine/jail everyone?

        Most likely they will just join IRC, forums and mailing lists just like everyone, see who's coordinating the actions, and go after them. I would like to know how their servers are set up, what IP address, country, proxies, etc. If there's any running inside Tor, it's a bit of test of Tor trackability.

      • by bit trollent ( 824666 ) on Monday December 13, 2010 @07:04PM (#34541224) Homepage

        That defense may actually work if your computer is actually part of a botnet. Otherwise, you will likely find yourself learning more about computer forensics and perjury laws. No, your not going to just be able to lie to the FBI about your computer and get away with it.

        The police / FBI may have a little trouble with 'the botnet defense' when they discover that your computer is not actually controlled by a botnet. Or is your computer under botnet control?

        For those naive enough to take 'the botnet defense' seriously:
        If the police are talking to you, you have already lost
        The kind of lawyers that can actually get you off cost alot of money
        Lying to the police is easier in theory than in practice
        Your best defense against the police is silence. Just shut your mouth and get a lawyer.

        "They can't arrest us all"
        No, but they can log all of our IP addresses and arrest whoever they want. They can't arrest every drug user, but that doesn't stop them from filling the prisons with them. If you want to stay out of trouble, you should do your best to make yourself a small target.

    • What if you only send one fax? It's the equivalent of a post-card protest, IMO. What few companies seem to realize is that everything can be now "crowd-sourced" in ways never thought to be possible in the past, given enough publicity. It's only now that this fact is getting a bit more lime-light.
      • What if you only send one fax?

        If you're only going to send one fax, make it count. Fax them a box of green-bar paper.

    • Starbucks free net FTW... ...we're not all just sitting there and trying to look trendy writing something on a Mac, you know.

    • by ron_ivi ( 607351 ) <sdotno@@@cheapcomplexdevices...com> on Monday December 13, 2010 @07:35PM (#34541544)

      It's not a case of being clueless noobs.

      It's a classic example of Civil Disobedience ( http://en.wikipedia.org/wiki/Civil_disobedience [wikipedia.org] ) not unlike refusing to sit in the back of a bus - and when many people do it in large numbers, it changes policies.

      This is a million geeks saying I AM ANONYMOUS just like the guys saying I AM SPARTACUS in that old movie.

      • by eriqk ( 1902450 ) on Monday December 13, 2010 @08:33PM (#34542042)

        This is a million geeks saying I AM ANONYMOUS just like the guys saying I AM SPARTACUS in that old movie.

        You do know how that ended, right?

    • Now I'm wondering if anyone's been running LOIC over unsecured wireless routers.
  • Going Backwards (Score:2, Insightful)

    by Anonymous Coward

    It looks like the "hacktivist" (better known to me as "vandals") are going backwards in time. Maybe they finally recruited someone older than 12?

    • It looks like the "hacktivist" (better known to me as "vandals") are going backwards in time. Maybe they finally recruited someone older than 12?

      Or maybe it is part of a bigger plan that is slowly escalating - aka: Tell me when to stop...

      1) DDoS against your websites - Little damage, little inconvenience, little embarrassment.
      2) Wardialing your faxmachines - More annoying, more interruption to actual business, not likely as embarrassing.
      3) ...
      4) ...

      Sooner or later, someone calls uncle.

  • by secretcurse ( 1266724 ) on Monday December 13, 2010 @06:26PM (#34540768)
    I'm betting this just gets worse for a while. These attacks are all being carried out for attention, and they've been generating tons of it. They even get extra credit with the several "Are the attacks over???" articles I've seen over the past two days or so. These articles are adding fuel to the fire.
  • by RightwingNutjob ( 1302813 ) on Monday December 13, 2010 @06:31PM (#34540838)
    when the feds bust down the door to her house because you've been dialing out of her basement.
  • Can Fax die now? Lets move on to something from the 90's at least. How about email?

    • I find it amusing that companies are willing to accept blurry, low-quality, could-have-been-signed-by-Bigfoot black-and-white signatures delivered by fax, but not high-resolution color scans delivered by e-mail...

      I am also amused that "Anonymous" thinks DDoS'ing a fax number will make companies listen to them.

  • by rminsk ( 831757 ) on Monday December 13, 2010 @06:33PM (#34540862)
    The Telephone Consumer Protection Act (TCPA) and FCC rules generally prohibit most unsolicited fax advertisements. In addition, the Junk Fax Prevention Act, passed by Congress in 2005, directs the FCC to amend its rules adopted pursuant to the TCPA regarding fax advertising.
    • by aBaldrich ( 1692238 ) on Monday December 13, 2010 @06:49PM (#34541056)
      DDoS is against the law too. That doesn't stop them from doing it.
      • by loteck ( 533317 )
        You seem pretty certain about that, considering it's really not an issue with a lot of legal certainty at this point. If it was as simple as saying "DDoS is against the law", slashdot would quickly find itself in a world of painful litigation.
    • So is spam. ("Spam is actually illegal but many people are still receiving messages because people don't care about the laws" -- spamlaws.com)

      So is phishing. (It's considered fraud.)

      So is war dialing (In some places under "placing a call with no intent to communicate" and other laws).

      So is robocalling.

      These people don't fucking care.

      After they outlawed faxing advertisements and junk, only outlaws faxed advertisements and junk.

      • Ah, but they'll actually nail you on junk faxes (it's trivially traced and more easily linked to a direct tangible cost, unlike spam). The only way to do this would be to go to a copy shop and pay in cash, though your face would be on their security cameras (so you're traceable, but it's hard enough that you can probably get away with it). This could also be done with an email-to-fax gateway, of which a few exist, but it would result in shutting down a service that might have more useful applications...
        • Between e-fax and hacked SIP accounts, I think fax spamming would be trivial. Do you think the attackers care if the efax service gets shut down?

          It's not like those spammers are actually using their own computer to send out e-mails, why would fax attackers behave any differently?

    • by vxice ( 1690200 )
      Well if you are looking for 20 informative pages http://www.fas.org/sgp/crs/secrecy/R41404.pdf [fas.org] that is a CRS report on how laws may or may not apply to wikileaks and Assange. I have not read it yet only found it a few min. ago. Important note for those who don't know Congressional research service (CRS) is a research service for Congress and their reports are not distributed to the public. They are not classified and you can receive copies by asking your Congressmen and are often available online. How
    • by Fluffeh ( 1273756 ) on Monday December 13, 2010 @07:13PM (#34541332)

      The Telephone Consumer Protection Act (TCPA) and FCC rules generally prohibit most unsolicited fax advertisements. In addition, the Junk Fax Prevention Act, passed by Congress in 2005, directs the FCC to amend its rules adopted pursuant to the TCPA regarding fax advertising.

      A Black Fax [wikipedia.org] doesn't advertise anything or solicit anything and therefore cannot be realistically prosecuted under either act. I did actually read the Junk Fax Prevention Act in quite a bit of detail. It specifically covers advertising of some sort, no matter how it is passed as "Savings, information, value to the customer etc..." it has to be an ad of some sort.

      So, Junk Fax Advertising is indeed against the law, but it is NOT against the law to send a fax to someone without prior dealings, or without their permission or without an "Opt out" clause.

      • by Planesdragon ( 210349 ) <slashdot&castlesteelstone,us> on Monday December 13, 2010 @08:14PM (#34541896) Homepage Journal

        So, Junk Fax Advertising is indeed against the law, but it is NOT against the law to send a fax to someone without prior dealings, or without their permission or without an "Opt out" clause.

        Bollocks. It may not be against THAT law... but sending faxes with as benign an intent as annoying someone can be criminal. In NYS, for instance, you'd be violating the penal code.

        Aggravated harassment in the second degree.

          A person is guilty of aggravated harassment in the second degree when, with intent to harass, annoy, threaten or alarm another person, he or she:

          1. Either (a) communicates with a person, anonymously or otherwise by telephone, or by telegraph, mail or any other form of written communication, in a manner likely to cause annoyance or alarm; or (b) causes a communication to be initiated by mechanical or electronic means or otherwise, with a person, anonymously or otherwise, by telephone, or by telegraph, mail or any other form of written communication, in a manner likely to cause annoyance or alarm; or

          2. Makes a telephone call, whether or not a conversation ensues, with no purpose of legitimate communication; ....
          Aggravated harassment in the second degree is a class A misdemeanor.

        There may be a federal equivalent elsewhere in the law. Good rule of thumb: If it interferes with someone else, don't assume you're not violating any laws until you talk to a lawyer.

        (And don't get hang up on that "how could they figure out my intent!" argument. Near every criminal locked up in the state had a jury of their peers infer their intent. [the exceptions being those who pled guilty])

    • by Tanman ( 90298 )

      Are these advertisements? I'm not being sarcastic -- I'm just wondering. I guess the legal definition of advertisement could be different than what I'm thinking an advertisement is, but I don't believe the faxes are selling anything.

  • Is there any proposal of more advanced planned joint actions? I just dont think attacking websites and fax machines is that effective, and from your own home not terribly smart. There has to be some mass coordinated action that is both more efficient, and perhaps less legally punishable.
    • Is there any proposal of more advanced planned joint actions? I just dont think attacking websites and fax machines is that effective, and from your own home not terribly smart. There has to be some mass coordinated action that is both more efficient, and perhaps less legally punishable.

      It certainly does bring attention to their customers about it though. It certainly brings a lot of bad media attention to the companies. Consider it a digital spanking. The idea isn't to knock them off the face of the planet. The idea is to make them think twice about something like this again in the future.

      It is the same concept as taking someone to court. You make it more expensive/difficult to do the wrong thing than it is to do the right thing.

  • I can't quite see their logic here:
    1) DDoS corporate websites
    2) DDoS corporate fax machines.
    3) DDoS corporate record players?
    4) DDoS corporate 8-track machines?

    Reminds me of this Onion [theonion.com] article.

  • This is the 3rd article today mentioning them. Why is anyone even paying attention to them? Give them anonymity with obscurity. If these are just a bunch of rotten 12 year olds, then ignore them and maybe they'll grow up. Assuming Wikileaks is a good cause, was it even worth it to "hit" Amazon, Mastercard, and PayPal? If these kids are even remotely successful, they will come to regret it when they apply for jobs, and these companies make sure they are unemployable. It's like the old song says, don't
    • If you spend six months organizing 10,000 marchers down Times Square in nyc you might get less media attention than these guys. Sad thing is, not only these kids are attracted to violence, the media and the readers are too. Not to mention the establishment. Planning meaningful action that does not involve these things is not easy.
    • by NFN_NLN ( 633283 )

      This is the 3rd article today mentioning them. Why is anyone even paying attention to them? Give them anonymity with obscurity. If these are just a bunch of rotten 12 year olds, then ignore them and maybe they'll grow up. Assuming Wikileaks is a good cause, was it even worth it to "hit" Amazon, Mastercard, and PayPal?

      First they came for our telephone conversations,
      and I didn't speak up because I *had nothing to hide*.

      First they came for liquids over 100mL,
      and I didn't speak up because I could purchase a new bottle inside the terminal for $3.50.

      Then they came for X-Ray pictures,
      and I didn't speak up because X-Ray radiation will only cause cancer in 1 of 30M cases.

      Then they came for leaked transcriptions of their own wrong doings,
      and I didn't speak up... because I am a:

      a) Raging pussy to cowardly to stand up for injustice

    • You would be suprised who makes up anonymous.
      It always reminds me of the following line from fight club.

      Tyler Durden: [to the police chief] Hi. You're going to call off your rigorous investigation. You're going to publicly state that there is no underground group. Or... these guys are going to take your balls. They're going to send one to the New York Times, one to the LA Times press-release style. Look, the people you are after are the people you depend on. We cook your meals, we haul your trash, we connect your calls, we drive your ambulances. We guard you while you sleep. Do not... fuck with us.

      I for think it is funny to see "Project Mayhem" take form.

  • by unity100 ( 970058 ) on Monday December 13, 2010 @06:45PM (#34541002) Homepage Journal
    for all the business/revenue lost by amazon, paypal, visa, mc. After all, he was the one calling around and pressurizing them to cut a client off, totally against the concepts of free speech, journalism, and fair business. politically censoring a journalistic outlet, for publishing detrimental information.

    in case some of you havent kept up, here is how we know it was sen. joe liebermann :

    day 1 : amazon cuts wikileaks from their cloud. it is rumored that liebermann pressurized them personally, but amazon does not comment. cites tos violation on balooney terms.

    day 2 : everydns cuts wikileaks.org domain. they are not as secretive as amazon. they directly and openly state that joe liebermann called them, and threatened them. towards the evening, they mysteriously retract their statement.

    a few days later : paypal cuts wikileaks donations and holds their funds. they cite tos violation, inquiry, and so on.

    in the meantime : visa, mc do the same.

    a week later : anonymous constantly attacks paypal since a week, keeping api.paypal.down and causing them millions in business. paypal comes around, and admits that they have suspended wikileaks due to political pressure.

    a few days more with anonymous : paypal releases wikileaks funds that were being held.

    today : anonymous starts attacking corporate fax machines.

    count the times how many times word 'liebermann' passes in the above chronology.

    after pressurizing the PRIVATE companies to cut down a perfectly legitimate customer, while in the meantime totally violating first amendment, modern principle of freedom of speech even outside us constitution, intervening and pressurizing private companies, going against journalistic freedoms, it is only natural that he would come up and pay for the business he cost all those companies. of course, not even counting the clients that started to bail out of american providers. not only payment like paypal etc, but a lot of small to medium size businesses are bailing out of u.s. based web hosting companies, datacenters, and content delivery providers.

    surely, joe liebermann has the funds to make up for that business lost. else, he wouldnt be going around violating civil liberties, constitutions, and intervening in business for censorship ....

    right ?
  • by retech ( 1228598 ) on Monday December 13, 2010 @06:47PM (#34541026)
    Are they going to start using carrier pigeons to send harshly worded ankle notes to the CEOs?
  • ... how important fax numbers are to companies like Paypal and Mastercard and Amazon.

    Like it or not, a faxed document with a signature is still much more legally recognized as valid than a scanned email, even if said email has been digitally signed. As such, companies like Mastercard/Paypal/Amazon *ROUTINELY* rely on fax to send and receive legal documents, both among other businesses and their own customers.

    Cutting off faxes would be a BIG BIG deal to a financial company like Paypal/Mastercard, and likely Amazon as well.

    • It is very likely some script kiddies are going to wind up in jail. If this is provably costing them money and having an impact on their business, that makes it a much larger crime and one the feds care about more. It also makes it one they'll complain about and demand action. Next part of that is that phone calls are completely traceable. The nature of the phone system makes it so that it is always known what number is calling. It has to to be able to switch the call. While caller ID can be messed with, th

    • Comment removed based on user account deletion
  • they will be after the telex machines next what will Joan at SCDP say when the Telex girls say they cant Telex that important client :-)
  • Why attack Twitter? (Score:5, Informative)

    by TimFreeman ( 466789 ) <tim@fungible.com> on Monday December 13, 2010 @07:13PM (#34541328) Homepage
    Why attack twitter? http://www.twitter.com/wikileaks [twitter.com] seems to be working fine, and the explanation at http://www.boingboing.net/2010/12/06/why-wont-wikileaks-t.html#comment-958285 [boingboing.net] for why Wikileaks didn't appear in trending topics makes sense to me. Everyone seems to agree that #cablegate did trend. The issue of why Twitter should be attacked is not mentioned at all in the original article.
  • didn't twitter come out and say that thanks to Justin Bieber, the trends tracker tracked sudden spikes in activity rather than gross aggregate tweets?

  • Yes, being able to receive faxes is vital to a business. It's a pity, but that's the way it is.

    But I doubt that those large companies have actual faxes. They will simply feed all faxes into a web front-end or email gateway directly. A secretary will then sort through them. And you can't even block lines as even the most ancient phone systems support multiple connections behind a single number. Higher-volume fax numbers will be load balanced, anyway.

    tl;dr: I don't get it.

Almost anything derogatory you could say about today's software design would be accurate. -- K.E. Iverson

Working...