Real-time updates can be obtained at our original blog post: http://bit.ly/azgKeG
After two months of constant attacks against various media authorities around the world, the United States Pirate Party has stepped in to ask the attackers to stop and focus their time on productive (and legal) ways to protest for copyright reform. The chats between the Pirate Party and the Operation:Payback organizers began after the group started to indicate that they would like to end the DDoS attacks in favor for a legal grassroots campaign to help inform the public about copyright reform. Steve Ragan from The Tech Herald and myself reached out to the Pirate Party U.S. and Canada to start a Q&A dialog between the Operation:Payback organizers and the representatives from the Pirate Party. You can read the full unedited interview (PDF) here: https://www.pandasecurity.com/wp-content/uploads/2010/11/InterviewOP.pdf. The Q&A session later lead to Andrew Norton from the U.S. Pirate Party issuing an open letter to Operation:Payback(Google cache), which has now been removed from the party website after not being fully endorsed by party members.
2 Month Recap of Operation:Payback
We have been extensively covering the anonymous Denial Of Service attacks since they started on September 17th. The very first attacks were launched against the Motion Picture Association of America (MPAA) and Recording Industry Association of America (RIAA) in retaliation for the hiring of an Indian based firm tasked with launching Denial of Service attacks against file sharing sites who did not comply with take-down requests. The attacks against the MPAA brought over 21 hours of downtime and the RIAA website was taken offline for over 7 days with a total of 948 service outages.
Operation:Payback is orchestrated by a group of dedicated organizers who each had their own assigned tasks. Most organizers would deliberate on future attacks, but some focused on their specialties, such as locating and exploiting security vulnerabilities on target websites, developing software to help automate the attacks, or setting up the IRC and network infrastructure needed to keep the campaign alive. Others were assigned to more menial tasks, such as creating propaganda fliers, recruiting on social networks, or updating the campaign website with the latest relevant information about the attacks.
The campaign started to get interesting when it focused on ACS:Law, a U.K. based law firm specializing in taking legal action against file-sharers. The attackers were highly disgusted with this law firm because according to them, “they were taking legal action against people for file sharing, but not giving a dime of that money over to the actual artists who produced the content.” The attackers began attacking ACS:Law on September 21st, and, as a result, were able to download an e-mail backup stored in the public section of the ACS:Law website. The attackers immediately uploaded the backup to The Pirate Bay. To our surprise, the backup contained personally identifiable information on suspects who allegedly downloaded copyrighted material. This landed ACS:Law in some hot water after privacy concerns were raised in the U.K.
How much damage was done by Operation:Payback?
- 2 data leaks (ACS:Law and Acapor)
- 2 websites defaced
- 28 DDoS Targets
- 2761 website service interruptions
- 903 hours (37.62 days) of downtime
| Site | Interruptions | Downtime (h.m) |
| aiplex | 313 | 123 |
| ACS:Law | 152 | 179.07 |
| RIAA | 104 | 127 |
| AFACT | 43 | 21.43 |
| MPAA | 3 | 23.2 |
| DAVENPORT LYONS | 7 | 9.55 |
| IFPI | 11 | 1.12 |
| BPI | 5 | 0.12 |
| SGAE.ES | 162 | 52.05 |
| MCU.ES | 28 | 20.41 |
| PROMUSICAE.ES | 69 | 6.29 |
| Genesimmons.com | 95 | 40.29 |
| Copyright.gov | 15 | 4.33 |
| Hadopi.fr | 167 | 4.22 |
| anti-piracy.fi | 873 | 20.49 |
| hustler.com | 241 | 7.56 |
| satelfilm.at | 7 | 130.11 |
| ipo.gov.uk | 254 | 95.2 |
| fimi.it | 15 | 1.7 |
| MinistryofSound.com | 143 | 7.1 |
| dglegal.com | 49 | 3.34 |
| Websheriff.com | 5 | 25.15 |
| TOTAL | 2761 | 903 Hours (37.62 days) |
What is the future of Operation:Payback?
The Operation Payback organizers feel that the attacks should be stopped in favor of public awareness campaigns to assist existing political campaigns, but some many campaign participants feel that the attacks must go on as long as the political parties responsible for copyright reform “do nothing.” The operation participants went as far as releasing their own response to the Pirate Party letter without the help or support of the existing organizers. You can read that response here: https://www.pandasecurity.com/wp-content/uploads/2010/11/opopenlettertopp.pdf
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
8 comments
The target list misses a number of hits but is broadly correct.
I think this campaign of disobedience will be looked back upon as the first, purely web based, instance of protest.
It is important to understand why this happened.
It wasn’t a case of skiddies running rampage, despite what some people may think.
It was born from a frustration at seeing our nets being packaged and comodified.
There has been way more downtime that that… For example the hadopi attack got Hadopi 14 hours of downtime, not 4.
Please check all sources, double check, and check again, then come up with a larger downtime count.
@anon
there have been many instances of web protest before this using ddos methods check out what happened over the etoy domain dispute a few years ago