The Story Behind the Mastercard and VISA DDoS Attacks

December 8th, 2010 by Barrett Lyon
Right now, as you read this, there is a random group of about 5,000 people talking and plotting on how to exact revenge on various corporations that have been less than helpful with the operations of WikiLeaks. They call this “OperationPayback” and it has been broken down into several specific attacks to corporations like MasterCard, Visa, Amazon, Paypal, Swiss Postal Finance, and more. The group itself is called Anonymous, but they are operating under the online infrastructure called “anonops” (which is a tech term for anonymous operations).

So, what is Anonymous? Well, it could be you. The general concept is simple, there are people that want to send a message that the Internet is a sovereign territory and they are grouping together on a specific cluster of Internet Relay Chat (IRC) servers. The active server right now is When you join the server it suggests several channels for you to join (channels are like chat rooms): #vhost, #target, #WikiLeaks, #propaganda, #recruit, #setup, #lounge, and #anonops

So what you do is join #setup and it tells you to go to a specific URL to get the DDoS attack software. There’s a really nice helpful FAQ and help page, which will show you want to do.

Their DDoS tool is called LOIC or “Low Orbit Ion Cannon”, which was originally a web site load testing utility that was open sourced. These guys hacked in a new feature called HIVEMIND, which allows you to start LOIC and have it connect back to anonops for instructions. Once they get your computer to join their botnet, your computer joins the attack, at your will.


Support page/FAQ on how to attack Anonymous targets

What is amazing is that these people are having success, they are operating a full PR campaign that has created logos, Wikipedia pages, web sites, operations infastructure, and attack software. Now, they are getting angry people all over the world to join in on their cause and start attacking whatever they choose. It’s hacktivism at its best.

Their botnet is also rather unusual. Unlike botnets in the past (which take advantage of holes in operating systems to install the bot software) this botnet is made up of volunteers. It’s opt-in and if you follow their instructions, once it is up and running, you are to, “Sit back and watch the show”.

Right now they are a bit disorganized and they don’t have much polish to what they are doing. For example, their IRC servers are not tuned for high amounts of users and often crash (which is when Mastercard’s web site comes back online). They are also heavily dependent on the domain and so if those sites go down it will take some work to get reorganized. Yet, over time, this could really become something resembling Flight Club where the group creates better attack software, better processes, has heightened security, membership vetting, and eventually their own governmental structure.

Despite all of their rough edges — they do currently have a streaming radio station (which is quite good) and they did take down Mastercard and VISA.

Welcome to the age of the Digital Native

Tags: , , , , ,

30 Responses to “The Story Behind the Mastercard and VISA DDoS Attacks”

  1. Stiennon says:

    Very similar to the initial attacks against various Iranian websites during the “uprising” to protest the election results. It sounds better organised though. Those attacks also pointed to download instructions for LOIC and provided targets such as

    While crowdsourced attacks are temporarily successful most people get tired of clogging their own computers and uplinks with attack traffic. They are also participating in illegal activity and know it. Mastercard has all their IP addresses. Not good for them if legal reprisals are in order.

  2. Anon says:

    The “Anonymous” ass hats are enlisting people to do their dirty work for them.

  3. kyle says:

    I think that 4chan is amazing and the only group of ppl that are trying to get their voices heard. It’s the online version of a formal protest.

  4. dave says:

    Re: #1 – if they are smart they are anonymizing their IP addresses.

  5. Rick Astley says:

    It’s very hard to anonymize a DDoS attack (at least in this form), since you can’t use a normal proxy. If you would, you’d be attacking the proxy, not the target. A complete VPN would be ample protection, but those are either not-so-trustworthy, or cost real-life moneys.
    On the other hand, as the article notes, there are 5000 people plotting and carrying out these attacks. Good luck on the (scanty) cyberpolice-departments to chase all those people down and bring them to court.
    It’s not safety in anonymity anymore, it’s safety in numbers. Perhaps a name-change from Anonymous to The Hive?

  6. Alberto Pereira says:

    It’s irrelevant if the ip is trackable or not. It will not be possible for any police or court differentiate between the users who voluntered to the task and the ones who had their computer hijacked (with a virus). So everybody can join with almost certainty of no prosecution.

  7. techn0scho0lbus says:

    It’s the Internet’s version of an angry mob. It’s not democratic, it’s too sensational and it’s vapid. Their vandalism is closer to a lynching than it is to a referendum call. The power of Internet crowds should be taken seriously but kids dressed up claiming to be card-carrying members of a hacker organization should not be taken seriously, just punished for whatever damage they personally conduct.

  8. CW says:

    I’m starting to wonder if I need to cancel my credit cards?

  9. […] Barrett Lyon blogs on the nuts and bolts behind Operation Payback, which he likens to the movie Fight Club: [Operation Payback's] botnet is also rather unusual. […]

  10. […] Can be found here: Verbophobia | The Story Behind the Mastercard and VISA DDoS Attacks […]

  11. Tobias says:

    Agree or Disagree with it – safe or unsafe, it’s happening. Popcorn anyone?

  12. […] WikiLeaks: Who are the hackers behind Operation Payback? See Also: The Story Behind the Mastercard and VISA DDoS Attacks. […]

  13. Eitan says:

    Consumers involvement and legit protest/actions are very important. However DDos and other forms of online vandalism are not legit in my view

  14. […] and Visa – were chucked off both FB and Twitter yesterday. There’s an excellent article here on the group behind #payback. […]

  15. Ever says:

    the Fight Club aspect you speak of has already happened when chanology started. This is merely an extension of the same thing. Unfortunately with each cause you get a new batch of people and though the tools might be the same the organizational techniques need to be ironed out all over again. hopefully they’ll learn from chanology and rely less on centralized hubs and branch out into cells that self-operate and trade information with each other.

  16. Computer Scientist says:

    Yes. Mastercard has all the IP addresses of these computers. 99 percent of them are computers which have not been maintained or configured properly by their owners and therefore could be (ab)used in the attacks. 0.5 percent of them belong to users wanting to read Mastercard’s homepage.

    Yes. DDOS attacks are illegal. Terrorist attacks are illegal. But you do not get a peaceful world by ignoring and criminalizing the stakes of groups, be they Internet activists fighting for freedom of expression or be they islamic people fighting for their non-american way of life.

  17. Eitan Sayswhat says:

    Good for them. 100% support from me. Keep up the attacks.

  18. […] “The general concept is simple, there are people that want to send a message that the Internet is a sovereign territory” – Barrett Lyon […]

  19. JustJenna says:

    This is a very immature and ineffective way to get the credit card companies to listen. It makes those people who are siding with WikiLeaks look like juvenile brats throwing a temper tantrum. The best way to get their attention is through the court system. If Visa and Mastercard fear that a massive lawsuit could cripple their company THEN they will remove their ridiculous block. Since they have broken the law, there is no way a lawsuit can fail – unless of course, the case is presided over by a corrupt judge. And considering our current state of affairs, it really wouldn’t surprise me if it was.

  20. There are other, leagal ways you can cause inconvenience for Mastercard and Visa. “Oops, I misplaced my credit card. Can you send me a new one?” If a million people do this….?

  21. The credit card companies, like banks, depend on trust. Anything we can do to erode that trust will harm them. They spent years gradually getting public acceptance. Once people thought they needed the card companies, then the companies started to abuse the public. It may even be possible to create a “run” on card companies, like a run on banks. I found this idea on the web: If WikiLeaks were somehow to get milllions of credit card numbers, and then publicize them (with no profit motive), imagine what would happen? That would make a DDoS look puny.

  22. Stephen says:

    Dave, their probably using your computer to anonymize their IP address. Hackers usually use a few other computers they’ve hacked to do so. Otherwise, it’s like being a sniper dressed in black sitting on a snow hill. Kind of stupid.

  23. […] Assange a martyr — a “warrior for openness” — in the new age now beginning. A legion of hackers are fingering their Send buttons in response, and who can say what flood they may release? The […]

  24. […] Assange a martyr — a “warrior for openness” — in the new age now beginning. A legion of hackers are fingering their Send buttons in response, and who can say what flood they may release? The […]

  25. Wiki console says:

    Support Wiki we need urgent you
    Thank you to all people

    via paypal short until december 20

  26. anon says:

    What surprises me is that some people here attack ANONYMOUS’ way of fighting.
    What about the US government’s way of fighting – which involved bullying companies into shutting down Wikileaks’ information, which was highly embarrassingabout them, sperading lies about Wikileaks, and fabricating fasle evidence to frame Assange?
    The US government, along with its corporate partners, has shown that it has no regard for free speech – ironically, a freedom that Americans pride themselves on representing to the world.

    For an excellent interview with Assange, see this:;contentBody

    Assange is a defender of the American spirit – a spirit of freedom. To label him as anti-American is the greatest of ironies. He deserves to be listened to. As for ANONYMOUS, I believe their goal is to draw public attention to this issue – a very important issue.

  27. […] cables, a loose network of activists calling themselves “Anonymous” launched “Operation Payback,” an attack on the companies’ servers which rendered them inaccessible for up to an […]

  28. […] US diplomatic cables, a loose network of activists calling themselves “Anonymous” launched “Operation Payback,” an attack on the companies’ servers which rendered them inaccessible for up to an entire day. […]

Leave a Reply