The hacktivist collective Anonymous is in the middle of a huge revenge spree after the Feds shut down popular filesharing site Megaupload today. But they're using an evil new tactic that tricks people into helping their attack if they click an innocuous link.
The Department of Justice, MPAA and Universal Music websites have all been taken down in the past hour as part of Operation Megaupload, which is shaping up to be the biggest Anonymous campaign in months.
Here's one reason they've been able to muster so much firepower: Anonymous members are distributing a link that ropes internet users into an illegal DDoS attack against these websites simply by clicking it. The link is being shared widely on Twitter and in Anonymous chat rooms, often with no context except that it relates to Operation Megaload. I clicked it a few minutes ago because it was being spammed in an Anonymous chatroom and found myself instantly DDoSing Universalmusic.com, my computer rapidly pinging the page with no way to stop except quickly closing the window.
The link is a page on the anonymous web hosting site pastehtml. It link loads a web-based version of the program Anonymous has used for years to DDoS websites: Low Orbit Ion Cannon. (LOIC). When activated, LOIC rapidly reloads a target website, and if enough users point LOIC at a site at once, it can crash from the traffic. Judging from a Twitter search, the link is being shared at a rate of about 4 times a minute, mostly by Spanish-speaking users, for some reason. (Here's a link to the Twitter search, just don't click the PasteHTML link.)
The thing is, DDoSing is a criminal offense that could earn you 10 years in prison, if you do it intentionally. With previous versions of LOIC, participants had to acknowledge this risk and press a button labeled "fire." But now, it appears some enterprising anonymous member has retooled it so that it automatically fires if you click an unassuming link and leave a window open.
This is completely evil and could lead to huge numbers of witless internet users inadvertently attacking, say, the Department of Justice by clicking a random link they stumble across on Twitter. It may greatly increase the effectiveness of today's attacks, but it also renders them largely meaningless. Anonymous' previous attacks had what political power they had because they were acts of conscious protest; participants knew what they were getting into. This recent round seems to be not much better than a Facebook worm. The safest thing now would be to avoid clicking anything to do with operation megaupload or Anonymous—especially if it's a mysterious Pastehtml link.
Friday Morning Update: Ten websites were taken down in all, including FBI.gov, according to TIME. Anonymous also boasts that "5,635 people [were] confirmed using #LOIC to bring down sites" during the attack—no word on how many of those were unwilling participants.