"Operation Payback" Crashes VISA Website In Under One Minute As It Seeks Revenge From Second Credit Card Processor

Tyler Durden's picture

After taking out MasterCard.com earlier, the hacker organization Anonymous Operation, via its WikiLeaks supporting Operation Payback has just launched its attack on visa.com. And, lo and behold, Visa.com is now down.

As of this posting, the operation has succeeded in under one minute: www.visa.com is down.

For those who haven't figure it out yet - mess with hackers at you own peril.

Also, didn't the New York Fed refuse Assange discount window access or something? This New York Fed: www.newyorkfed.org

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
LFMayor's picture

The peacock has flown.  Fan his tail.   Halsey out.

Fish Gone Bad's picture

That is actually quite impressive.  It will be interesting to see how this plays out.

cougar_w's picture

A DDOS is a useful tool to bring attention. BAC probably cannot afford much of that. People may read it as "oh teh noes mai muniez are haxored!" and reduce their confidence in things. It's not much. It's clearly something.

66Sexy's picture

With Visa, WallMart, Newscorp, et. al acting as corporate tools of the government to support a corporate-fascist police state; and oppose the consitution, free speech, and a free alternative media; all those that resist must be considered hero's of the Republic of FREE MEN... and true fighters for the just cause against wrongful authority and tyranny.

AnonymousAnarchist's picture

DDOS Attacks Against Mastercard and VISA Now Effecting Payments Processing

Earlier the BBC was contacted by a payment firm linked to Mastercard that said its customers had "a complete loss of service". In particular, it said that an authentication service for online payments known as Mastercard's SecureCode, had been disrupted.

AnonymousAnarchist's picture

The twitter account was just closed immediately after they posted a link to a list of MasterCard numbers.

revenue_anticipation_believer's picture

PROTECTION DISCUSSION fyi some practical things to know:

i have a COMCAST 20meg connection, as an Internet client who has been repeated attacted, continued DAILY in various configurations of attacker ways/means, and various defensive configurations/operating systems, hardward, and anti-intrusion/anti-virus software...AND HAVE LEARNED A LOT, that i would like to share with ZH readers....

1) yes, i have REALLY been attacked in a manner usually reserved for large companies, government agencies, etc...not for money, not for me being 'important', but probably just because i am 'fun to mess with'...i keep coming back, no matter what...harddrives 'wiped clean' (not merely erased)
and new O/S reloaded (without bothering to 'microsoft-activate' anymore, not when that 'clean load' will be knocked down in 1 hour or less...that includes ESPECIALLY MICROSOFT o/s 7...'THEY get lots of fun showing me how quickly THAT can be taken out...'

2) yes, i have 'implemented' every known 'retail version' of antivirus, including M/S VERY OWN...etc..nothing, NOTHING, ever detected!! nor stopped..

3) yes, i have/had implemented the M/S full-deal Professional Security Regime...REALLY...all the 'services' turned off, via msconfigure utility, for instance...and all the various 'local-security' options, and hiding the root/administrator, using only 'guest' or 'user' permissions

4) yes, i have/had/still do use a hardware firewall at the cable head (i REPLACED the COMCAST UNIT, at my own expense)
and limited the incoming ports to "80" and "443" only...out going ports, you must leave SOME of them open...in the "1024-1048" region for YOUR initiated communications...and of course SHUT DOWN the NETBIOS ms bullshit at the ethernet port, and as a service...theres more..

5) yes, i purchased and studied MANY security books relating to both MS and UNIX/LINUx..and implemented MANy MORE 'security-loophole' closures...

6) yes, i FINALLY did 'sort of' 'overcome' the/these intruders, which is what i would like to convey HERE..

6a) i find that using the UBUNTU in the CD/DVD only memory resident TOTALLY operating system with SOME ADDITIONAL measures taken...ALLOWS ME TO CONNECT , with continuous external interference (bringing some download speeds to less than 50kilobits/sec on a line that will work at 2-20 megabits when nobody is DDServicing me.....HOWEVER I CONTINUE TO BE ABLE TO USE THE INTERNET, WITHOUT THE BASTARD TEACHERS - TEACHING ME SOME LESSONS OF COURSE...the FINAL temporary solution...

6b) when UBUNTU is memory loaded/resident, usually there is NO security...its a 'demo' after all...however, you MUST CREATE a SECURE USER, protect the UBUNTU user (with near-root privileges), and protect the 'hidden' root users TOO

HOW TO DO: use 'passwd' to create the default 'Ubuntu' user password...it must be STRONG = 14 characters or more, with the entire ensemble of IBM character-set (256 possibles, printable/not printable)...the only 'practical' non-printable is THE SPACE BAR...so use numbers, symbols upper/lower case..use letters upper/lowercase..use about 25% of each 'set' = say 4 space bars randomly, 2 lowercase letters, 2 uppercase letters, 4 numbers, 4 symbols from set of upper/lower case...DO NOT USE ANY MECHANICAL SEQUENCE such as all the symbols from left to right, or any other easy to remember QUERTY physical pattern..it must be HARD, and forget your "easy to remember" THATs from pre-year 2000 advise...

HOW TO DO: use 'sudo passwd root' from the Ubuntu terminal command line... and create the 'root' password...make it one character DIFFERENT from the Ubuntus passwd, so that the "hash" of that 'root password' is different...

HOW TO DO: Create a USER could be named 'USR' under system/ administration/users and groups...give this USER 'no privileges' and provide a different (shorter password, maybe just trunkate the 'root' by a few characters)..

HOW TO DO: then create a SOFTWARE FIREWARE within the Ubuntu
...from the command line, as user = Ubuntu "sudo ufw enable' (the ufw firewall enable)..."sudo ufw logging full" (ENABLES the ufw firewall log with FULL LOGGING TRACE), "sudo ufw default deny incoming" (the basic default will be to block all tcp/ip 'uninvited' incoming packets on ports 1-65435 ...more commands are available here FYI)

HOW TO DO: finally, NOW, YOU CAN CONNECT TO THE INTERNET, BUT NOT QUITE FINISHED..set your hardware firewall to packet size '256' bytes (seems radical, but slows unhindered thruput to about 50%, not bad)...AND set your 'edit connections ethernet/radio to '256' bytes, and no DHCP, burt rather MANUAL TCP/IP like 192.168.0.11 on YOUR COMPUTER, and leave default hardware firewall at like, 192.168.0.1..and manually set you DNS at both firewall/computer..

NOW WITH ALL THIS DONE, you will not STOP the intruders if they are interested (want to play, 'teach you some more lessons') BUT THEY mostly mostly will NOT be able to disrupt your 'on-line-communications' to a 100%, just to 80% slowing of thru put, mostly DENIAL OF SERVICE PACKET FLOODING ATHT THE FIREWALL/COMCAST INTERFACE....which they will stop, once they see you've got the rest handled properly..

HOWEVER, sometimes, depending on THEIR interest, challenge level, a REAL INDUSTRIAL/NATIONAL INTELLIGENCE AGENCY capable hacker/intruder will STILL get in...you find 'locked processes, finally forcing you to reboot AND OF COURSE RELOAD THE ENTIRE OPERATING SYSTEM BACK INTO MEMORY...just about 3-5 minute however, so not bad..

YOU WILL NOT BE ABLE TO TRACE THE ACTUAL sucessful ATTACKING PACKET, THE REAL ONE...it will be ONCE and not more than 100 bytes long..SO FORGET YOUR "snort" software..it needs to be be, apparently, literally inside the hardware firewall, ath the first stages of decoding from COMCAST..

NO, COMCAST hasn't the slightest idea, what i am talking about, nor can i demonstrate it, nor have, apparently anyt others in my TCP/IP area complained...

YES, THEY CAN FIND you, by scanning the TCP/IP addresses in your area, they are all, by geographic area, and then finding your typical 'assigned IP'...and then finding your specific computer ID, used EVERYDAY BY ALL INTERNET CONNECTSS...http is not 'connectionless' but reiterates your address/computer ID for every screenfull...

YES, they can find you, even easier, with insertintg a 'cookie' on port '80/443' along with the http, etc..your computer will THEN DIAL BACK, as a kind of 'beacon' MAKING IT EVEN EASIER TO FIND YOU, but only if you are interesting enought to be worth 'hacking'...otherwise you are safe, security in anonyminity....millions of 'on line' computers, ll standard...

YES, they use 'ready made scripts', yes they find out your computer configuration ACPI/+startup ROM/flash...and then fetch from their existing databases, all they need to formulate on the spot the ideal 'single packet' intrusion...

NO, Microsoft is TOTALLY useless, and unfixable..UNIX is better, but only if you use its security, SELINUX and firewalls..AND BECAUSE IT IS NON-STANDARD, more difficult..but not for long...

So, for those interested...some ideas regarding REAL rather than 'pretend' computer security...all of those Microsoft antivirus systems, are TOTALLY USELESS, all the security features in MICROSOFT WINDOWS 7 PROFESSIONAL are totally useless...oh yah, the Cisco low-end firewall retail grade, for $200 is totally useless, i bought THREE of them and THEY BLEW OUT THE FLASHED PROGRAM ha ha aha...good thing there was a store warrantee...i returned each within ONE DAY...ha ha,

clymer's picture

*yawn* ..post a link to your own blog dude. Most of us are well aware of how the technology works

snowball777's picture

Have you tried...NOT ANNOYING THE SHIT OUT OF PEOPLE SMARTER THAN YOU?

Max Hunter's picture

Maybe.. Maybe not... Already saw an interview on Dylan Ratigan show with a talking head that is saying we have to restrict the internet... I will reserve judgement..

StychoKiller's picture

Woulda been more useful if "they" had posted a manifesto or something, stating the rationale for their actions.

1100-TACTICAL-12's picture

All this wiki shit is just an excuse to shut down the web....stand down wiki/stand down....

prophet's picture

operation backfire, DDOS should only be used as cover fire

Ripped Chunk's picture

Snowball effect. More Hackers jumping in.  

CPL's picture

There were 45,000 LOIC bots yesterday, there are roughly 300,000 of them right now.  Top end was 1.2 million earlier today.

LOIC (Low Orbit Ion Canon) is one awesome tool in the power of herds.  http://sourceforge.net/projects/loic/

Closest i could ever describe it is being kissed to death by butterflys.  It starts as a single "kiss", plink!, it falls off. Then two more kisses, plink plink!  Until you notice that all those tiny little "kisses" are now making off with bits of your body just from the sheer volume of butterflys.  After a while nothing is left but a big, gaping hole and the butterflys won't stop coming ad infinitum, each butterfly carrying away a microscopic piece of the whole.  After a while leaving nothing.

That's how modern DDOS works, it just hits the system in question in a tiny way, 6 billion times a second.  In, currently, 300,000 directions.  Destroys any ability to log, track, keep DNS running. 

Now you might think that turning it off would fix it.  It doesn't.  It gets worse, the servers and services backlog themselves and buffer all this crap into cache and dumps.  When the coast is clear, all the servers start back up, all at once.  Then like all the traffic lights turning green at a four way stop, total fucking bedlam.

 

Worse yet if the servers and services are in the middle of a backup window.  Nothing is the same after that, easier to shut it all down and restore from the day before and start again.

That is the true power of DDOS using LOIC.

digitalhermit's picture

Where it gets really interesting is if the hackers decide to target the actual public payment endpoints/APIs (webservices etc...) rather than just the public website. Could they P()wn all credit card processing on the web? I think the answer is a tentative... yes.

That will not be good for online commerce.

Yonatan's picture

The bigger question is, after this is all said and done, are they just handing more control to the Gov for doing it? And if so, who is really driving it?

Pladizow's picture

These "Hack-tivists" are doing God's work!

russki standart's picture

I smell another false flag, and excuse to extend censorship to the internet. Just watch that swine Lieberman use this to promote his shabby fascist agenda.

UpShotKnotHoleGrable's picture

I just just keep hitting visa.com with new tabs/requests over and over. fun. nothing illegal there, lieberman can move back home.

I am more equal than others's picture

If that is the case, how about taking down all the sites that either support him and his campaign sites that solicit donations.

 

cougar_w's picture

Relax. It's not the NSA it's just anon from 4chan. Been there, done that. They have a huge laugh and then chat each other up.

pan-the-ist's picture

The only thing I know about 4chan is that you're not supposed to talk about... never mind.

 

http://encyclopediadramatica.com/Rules_of_the_Internet

High Plains Drifter's picture

Yeh and unless you are clever, your ip will be noted in this operation and nothing will happen for now, but this is for later.  I would be very careful doing this stuff very careful. I think it is some kind of honeypot operation.  Operation payback is a interesting terminology. The last time I heard that was when Israel named its northern operations this in its 2006 war in Lebanon.  Gee and I wonder what country is home to stuxnet?  I  sincerely hope I am wrong however. But this whole thing to me is highly suspicious.

Cleanclog's picture

They just got Sarah Palin's website and her credit card info

johan404's picture

Oh noes, they gonna shut down the interwebs, it's a false fag!!!!

*facepalm*

Consider this: if the government shuts down the internet, or restricts it in any meaningful way, the government will overplay it's hand and show it's weakness as more subtle methods of control are apparently no longer working. In addition to that, they will alienate and piss off a ton of people who enjoy the internet, and even earn their income through it. They'd be shooting themselves in the foot.

prophet's picture

They are, after all, very good at it.

dark pools of soros's picture

really? shut down the internet??  for what, so the people get bored and actually DO something???

Drachma's picture

Really? I don't see it that way at all. This plays right into the feds next move to shut down the internet. We can't have internet terrorists like Assange's hacker cult now can we. Here comes Internet 2.0. Say bye-bye to the web as you know it. It's a whole new paradigm shift coming fast.

cougar_w's picture

1) the web is not the internet. the internet is a bunch of protocols, the web is a service.

2) nobody can shut down the internet

3) internet 2.0 (whatever the actual fuck that is) will run over the same wire as internet 1.0, and 1.0 will still be there. nobody can actually prevent that AFAIK. not without issuing an ass load of router patches. good luck with that one.

4) and seriously, nobody can shut down the internet.

Arkadaba's picture

yep - we are connected

MayIMommaDogFace2theBananaPatch's picture

nobody can actually prevent that AFAIK

You will certainly benefit from additional research on this topic.  Your assumptions are incorrect.

2) nobody can shut down the internet

They don't need to 'shut down' the internet.  They just need to prevent a large class of individuals from using it for a while...Probably 4 months or less.

would give the president "emergency authority to shut down private sector or government networks in the event of a cyber attack capable of causing massive damage or loss of life." The original bill granted the president the authority to "indefinitely" shut down networks, but an amendment to the PCNAA, approved yesterday, mandates that the president "get Congressional approval after controlling a network for 120 days.

http://www.huffingtonpost.com/2010/06/25/internet-kill-switch-appr_n_625856.html

faustian bargain's picture

'Authority' is not the same as 'ability'...how exactly are they going to shut down large swaths of networks? I mean, without causing massive economic disruption and concomitant public outcry/protest/rioting. In other words, without looking like the terrorists they are claiming to protect the country from.

jakethesnake76's picture

its all conditioning if the can feel up women at the airport and make a show of it and play with your Junk , and disrobe your Autistic kid then they own you ...

It's how bullies work they assault you till you stop them ,then tell you your mistaken they were just there to HELP. Every time you let them go further they own you MORE. Otherwise known as intimidation, if you did the same thing to an american 100 years ago they would have hit you in the mouth whether they were a man or woman, but we won't standup like we should, See what Judge Nepolitano said he said stand up to them.

Max Hunter's picture

Great comment.!!  We need a "thumbs up" button.. Hear that Tyler??.. :)... I mean.. master Tyler 

cranky-old-geezer's picture

I pointed this out a few days back.  This latest TSA escalation is the ultimate invasion of personal privacy.  When govt goons start feeling around in people's underwear, what's left?  If Americans don't revolt over it, what will they in revolt over? Anything? 

Why is anyone still flying commercial?  Why haven't the airlines been boycotted into bankruptcy?  I WILL NOT fly commercial anymore UNTIL this crap STOPS.

 

Blankman's picture

I don't see whay anyone flies at all.  I haven't flown in 7 years and haven't found a real need to.  Ok sure there are some business guys who feel it is a notch on the bedpost to tell people how much they fly, but aside from them.  Fuck it.  Don't do it.  When we go on trips we rent a nice car from a car rental facility and take our time to get there.  Obviously a problem if you want to go out of the country. 

 

You want to change the system don't fly at all, boycott the bastards and watch the airlines go running to congress to get them to lighten up on their clients.  Drive baby, even Fred Flintstone had a car.

Arkadaba's picture

missing the point. Even if gov shut down the "official" web, computers still could be connected via wireless on p2p connections. And there has been a lot of work in setting up  "alternate" webs. Might not be for masses (right away) but there would be communication.

cougar_w's picture

You can run the Internet on a primitive level as store-and-forward over phone lines. The old style bulletin boards were (and are) that way.

Plain old telephone service.

The internet is not "the web" and it is not a destination. The internet is transfer protocols. All you need is a switched fabric and you are there.

jakethesnake76's picture

Keep talking :) if we have to go back to those ways we can and will do it. :)

hftsystem's picture

can you say F.  This Bill is Currently U  trying to be pushed S through H during the lame duck session. The 1st amendment is dead as this is the I beginning of the end o for the N internet. Center

PenGun's picture

 Da Da da Dum. I chose 'bloodymess' for my perk.

MaxVernon's picture

Twitter is clearly preventing "wikileaks" from trending.  A search for the term "wikileaks" is streaming around 10 times more tweets than the lowest trending topic, presently "David Lynch".

 

Predict Twitter is next for the DDoS treatment.

GoldenEye's picture

Too late maybe they are fighting fire with fire. The anonops website is now down!

http://anonops.net/cgi-sys/defaultwebpage.cgi

CPL's picture

the .cgi is the program that handles the serving of the default webpage.

 

It's more secure than using a flat html, htm, cfm, php or asp page.  the CGI script generates the .htm and drops it in a public location with is handled by the web server and directed properly by ip address translated by the DNS entry (CNAME and A reference).

The cgi binary isn't the website.  it's the engine and is dependent on server end permissions to run.  While we can see it, the only agent acutally using it is the webserver or the root.

The thing is the entry for anonops is only for LOIC bots and IRC.  There is no "website", closest that comes to is 4chan/b/.  To get into irc, you only have to get an irc channel and connect.  There is also gopher and a couple of other old school tools that by their generic, ancient simplicity are next to impossible to DDOS or hack because they are wide open.  There are no locked doors, just services people don't know how to use.  It would like giving an 18 year old kid 29 disks to install windows 95 on a desktop nowadays and expect them to know wha tthe hell they were looking at.  Or get the same kid to use a timex sinclair ZX81 with a cassette tape drive and telling them to load a program.

Sometimes old is better in terms of security, mainly because it was all so poorly documented and implimented, it required someone else to show you.  Since most of the oldfags are dead or retired and there are only a few of us left, we reserve the right to be crotchetty online.

BTW, what you are seeing there is the Apache/cPanel default page telling you there is no page.

Chump's picture

Thanks for the re-education.  I forget how much I forgot.  +1