Christian Huitema's blog

Cloudy sky, waves on the sea, the sun is
shining

Your IP Address is not anonymous!

15 Dec 2011

There was a thread on Slashdot today about an "Anonymous hacker" who got caught by the FBI after launching a Denial of Service attack. As explained in this news report, this young man downloaded the "Low Orbit Ion Cannon" tool favored by the "Anonymous" hackers, and targeted it at www.genesimmons.com. He wanted to sanction Gene Simmons' statements about the punishment of P2P music downloaders. I may have my own opinion about music downloads, but mostly I am puzzled by the naivety of the attacker. He seems to have used is own computer for launching the attack!

Using your own computer for launching a DOS attack with the LOIC tool should really mark you as a newbie.

The LIOC tool works by issuing a large number of HTTP queries to the target site. That can be quite efficient. The Distributed Denial of Service attack triggered by the Blaster worm against the Microsoft web site used exactly that. Each infected computer was launching hundreds of HTTP queries towards the site, there were thousands of infected computers, and the total load arriving at the site was really large. But the attack against Gene Simmons involved far fewer computers – at most a few hundreds if we believe the analysis of "Anonymous" attacks by Craig Labovitz. And since Craig has a really good reputation, I would rather believe him.

The source IP addresses of incoming HTTP queries are routinely logged by the web sites. If someone launches hundreds of queries, the address will be quite visible in the logs. It will probably take the FBI no more than a couple minutes to associate the IP address with an ISP, and obtain the name and address of the person who is paying for the subscription. Even tracking a hundreds of addresses will not be too difficult. That's probably how the young man in the story got caught, and he really should have known better.

Before someone asks, no, you cannot really hide behind dynamic IP addresses or NAT. The ISP who allocate dynamic IP addresses keep their own logs of which subscriber got what address at what time, and will of course politely answer the FBI requests. There may be multiple computers in your house behind the home router, but there may well be enough cues in the HTTP headers to identify a specific computer. Failing that, a police investigation will probably easily find out who did it among the people with access to the home router. You may try to argue that some random stranger somehow got access to your wireless network, or that the attack was due to a virus on your computer, but that won't work too well if the police also finds some copies of the Anonymous manifesto lying around…

Your IP address is really easy to track. But when we think about privacy, we have better accept that as a reality. Any system that exposes our IP address to random third parties can get us tracked!