DDOS Attack Tool

After a frustrating and fruitless attempt to obtain customer support from Sony, I’ve come to the conclusion that the average consumer is powerless in modern society; contrary to what the marketing literature says, the customer is always last. To solve this problem, I propose a tool to allow the average consumer to strike back at the corporations who ignore them, and use their own tools of communication against them. And here’s how it might work:

In an event in June 1999, the Electronic Disturbance Theatre successfully held an electronic sit-in, protesting against the Mexican government. The EDT distributed a Java applet via their web site that automated the process of requesting documents from the Mexican government’s web site several times a minute. With an estimated ten thousand users requesting documents from the Mexican government’s web server using the Java applet, the server was soon overwhelmed. While successful, the attack methodology was fairly simple; a newer port scanning tool distributed by the group enables more advanced attacks. However, I have a different tactic in mind to enable more coordinated, and therefore effective acts of electronic civil disobedience.

Just over a year ago, several high-profile sites were reeling from a series of coordinated distributed denial of service attacks; those hit included EBay, and Yahoo. The perpetrator of the attack used a large network of compromised computers to launch the attack over the Internet; these computers had been compromised by a variety of Trojan programs and were required to achieve the density of requests required to overload the victims’ servers.

The tool I’m proposing would work on the same principle, with the exception that the computers involved in the attacks would be involved with the full knowledge of their owners, just like the EDT’s Java applet. Using a similar system to Gnutella, users would be able to enter the location of targets into the client software, and the tool would coordinate with other users’ client software to conduct the attack; in the ultimate form of democracy, the density and ultimate success of the attack would depend on the number of users who allowed their computer to participate.

The software would have a number of unique features, to enable users to fully realize the democratic power of the tool:

  • Configurable Attack Objects: Users should be able to extend the system to enable various modes of attack, from continuous hits, to pulses of activity designed to create the greatest impact on the target system.
  • Configurable Communication Objects: Because so much of a corporation’s ability to succeed depends on resources other than web sites, the client software should be configurable to include addition communications modules. These modules would enhance the range of protocols understood by the clients; potential additional protocols might include LDAP, DNS, HTTPS, and SMTP.
  • Automated Exchange of Configurable Components: If the attack involves a protocol or strategy that your client doesn’t possess, the client software should be capable of finding the necessary resource on the network and installing it.

Other features could include the ability to put the client software into “drone” mode, where it attacks the most popular targets; this would be useful for allowing a user’s machine to be useful when the machine isn’t being used. Finally, the software should allow clients to exchange attack targets, to enable the attack network to outwit attempts by the victim to filter by IP address.

A Message From Hedy Fry

In the midst of all the recent BC Liberal cuts and the federal budget, I received a Christmas update from my local MP, Hedy Fry.

Oh. My. God.

What are the things that piss me off? Let me count the ways.

1) Communication from a representative that doesn’t actually communicate anything of importance: the entire booklet consists of a Christmas greeting from Hedy, a Christmas greeting from the Prime Minister, and a half dozen or so pages consisting of a calender for the year (annotated not with political events, just ordinary holidays), and trivia factoids (again, little or no useful information).

What I want to know is what specific issues is Hedy addressing? What are the upcoming votes/bills/etc I should know about? I don’t need my MP to hold my hand on the political issues of the day, but if they’re going to send out mail under the guise of “connecting with the constituents” it better have some meat to it.

2) Paying for it: Does Hedy Fry, or any of the other MPs who send out these things, pay for the cost of printing, and distribution? Anyone know for sure? I’m guessing no. How many people out there got something similar from their own MP?? Anyone care to do the math? I’d like to think that the government is spending money wisely, but they keep proving me wrong. Sure, these kind of things are only small expenditures, but with 301 representatives for 10 million households, the costs add up quickly. If every MP sends one of these, and it costs fifty cents (probably closer to a dollar, really), that’s 5 million dollars! And for what it is, that isn’t really much value for the money.

3) Wasted paper: I hate junkmail in general…it’s a waste of paper, and again, I end up paying for it. My tax dollars are spent on recycling and waste disposal programs by the city. The more junk mail I get, the more tax money has to be spent on picking it up and disposing of it. Grrr. Oh, and of course, there are the added environmental repercussions. Double grrr.

Meanwhile, Hedy’s web site (www.hedyfry.com) is still under construction (“should be fully operational by the end of September”) and provides no information on what my representative is doing these days. Does anyone in government know the meaning of the word blog? I’m guessing no.

With all the money being spent on “connecting everyone”, you’d hope they be focusing some money on some real applications of the technology to lower costs and improve government. Nope. Welcome to Canada! You can’t e-mail your representative and expect a response, or conduct business with the government online, but at least you can surf for porn real quick. Yippee!