16

6 comments

[–] hypatia 3 points (+3|-0)

hope it does ok, but Anonymous has been defanged for years. They had an internal snitch who brought down a lot of operations in 2012. This is a really interesting AMA with the founder of 420chan if you are in the mood to read about Anonymous history: link

[–] TallAdultFemale 3 points (+3|-0)

I hope they've learned better ways to stay anonymous from each other while still being able to communicate.

[–] lucrecia 2 points (+2|-0) Edited

In a linked article, they interviewed a guy who made a bot. I was curious about how he'd got around the captcha but I'm skeptical that he actually did. "We're beta testing it now"; hrm; if it worked he'd have known instantly.

Edit:

They mention he generated "realistic" reports but they don't say how he made the text, so I'm also skeptical of that. The script would run from a fixed IP, but he disseminated it well so that lots of people could run it. I suspect it only worked until the captcha went up, which I think was about half a day? On the texas side, I think they'd see the 300 reports from his IP, and then a high number of reports from another, and another, etc. So my guess is the results it generated would have been very easy to filter out, though it was nice of him to try, and the number of requests probably tied up their servers, if nothing else.

[–] TallAdultFemale 1 points (+1|-0)

If he was a good enough hacker the bot would generate ones use spoofed mac addresses and after each report it would switch back and forth through at least a couple of different VPNs, to get different IP addresses assigned for each record. There's many available lists of common first and last names, which can be mixed and matched, and real addresses, so as long as the name doesn't match the name of the person living at the address, the record will be clearly invalid upon human inspection but will look real because it uses a real address and plausible, but fake, name.

The hacker I saw talking about his bot online said it was taking like half a minute to generate each fake report. To me that says they weren't being done in an obvious batch method. All of the things I mentioned were probably incorporated so that's why it would take so long.

If a CAPTCHA becomes a problem they can resort to DDOS attacks instead. It's unlikely the best programmers will be working for these bounty sites, which is obvious if they didn't even start the sites with CAPTCHAs from the beginning.

I wish I had the skills to help but I only have passed programming 101, and that was many years ago.

[–] lucrecia 1 points (+1|-0)

I mentioned the fixed IP because that's how he said he was doing things; I don't think there was any IP spoofing. Or at least the way the papers described it, they acted like his IP being blocked stopped him from running the script successfully. The bit of the report that I doubt was realistic was the text body, ie: the bit where people had to describe what had taken place. I doubt there was a sufficiently trained AI ready to go to generate the text, and I doubt they had a high enough volume of handwritten reports. I've been casually trying to work out how much successful disruption there was from scripting attempts and so far it looks like none, if this is all they had to report.