How the FBI raided Anonymous

For a law enforcement agency to investigate the Wikileaks would require Wikileaks to turn over their server access logs, including every visitor to the site for the period of time in question. They would be basically finished in terms of getting dissidents to visit the site or hand over information if they're seen as turning over any sort of visitor-identifying info to any sort of law enforcement agency.

Where were Wikileaks' servers hosted at the time? The US cops are going to go after the crimes against US businesses on US soil first.

Oh, please. What exactly are you suggesting? Do you think Wikileaks reported any crimes or turned over firewall logs to the FBI?

Somehow I don't think the protection of Wikileaks' servers figured very high on the priority lists.

Does the FBI even investigate this sort of thing internationally? Does anyone?

I'm not a fan. These are guns we are talking about, not paperwork. Paperwork is the shit that's real, guns are just there to make you feel helpless. And also to kill you.

I find it laughable that the cops felt the need to use real guns against a "Low Orbit Ion Cannon". Guns against unarmed kids (criminal or not) - that's not how jurisdiction should work.

I think you got downvotted my MS-DOS fans. You turned a shell variable into your own regex glob :-/

It's like the war on drugs. It's the small fish that get fried.

But it tends to be the small fry that make up the bulk "opposition"

I thought it was funny that he needed to emphasize or even say "real." You either have a gun pointed at you or you don't. Does the FBI sometimes burst in with water pistols?

Wikipedia suggests 18 U.S.C. § 1030, the Computer Fraud and Abuse Act[0]. Here's the relevant part:

> Whoever ... knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer ... shall be punished as provided in subsection (c) of this section.

> As used in this section ... the term “protected computer” means a computer ... which is used in or affecting interstate or foreign commerce or communication...

By my (not a lawyer) reading, the only real question is whether being overwhelmed with traffic can be called "damage".

[0]: http://www.law.cornell.edu/uscode/18/1030.html

It's silly to pretend that a DDoS attack is the same as a sit-in, such a contention is intellectually and morally bankrupt.

Moreover, sit-ins are not legal either. If you choose to attempt to disrupt a place of business and you refuse to leave private property when asked to do so you can be arrested.

Whole drive encryption. I've seen docu-drama's where they actually break in when they know the suspect has gotten up to go the the bathroom/kitchen so that he can't reboot the computer.

Then, like all things with a shred of reasonableness too them, they become an awesome "check this box every single time" way of doing business for the guys who get their thrills kicking in doors.

The immense likelihood of attempts to quickly destroy evidence.

no-knocks pretty much don't need justification anymore

The laws are so vague and the precedents are so sweeping when it comes to no-knock raids.

Only one of the reports suggests a door 'busted down'; is that nym known to give reliable, non-embellished testimony? (I can believe that some of the searches might be unnecessarily done that way, but also that there could be exaggeration in pseudonymous reports.)

They're DDOSing websites run by big corporations, so they're obviously terrorists, which means you need to arrest them at gunpoint early in the morning so that you can be sure they won't have time to detonate a suitcase nuke before you can cuff them and get them into the back of the cop car.

Thats why taxes like robbery is done by threat of force. Otherwise no one would hand their money over to be wasted.

DDOS attacks are attacks on the very fabric of the internet. If you believe in the internet, you will not support those sorts of activities. This has a very real ramification for much of the subject matter of HN: The investment community needs to know that any iCompany can't be destroyed by some teenagers with a downloaded tool.

Recall that the last freedom exercise was to try to suppress Gene Simmons' right to free speech (however stupid his opinions might be) by a DDOS on his servers, with all of the collateral damage that entails.

One of the first cases in a law school tort class is Katko v Briney (http://en.wikipedia.org/wiki/Katko_v._Briney). Briney was a farmer fed up with a break-ins of an abandoned house that he owned. He set up a shotgun to shoot at an intruder's knees if and when the intruder forced the door. Katko, a trespasser, broke in and was shot and injured, sued and won. The quote I remember is (I had to look it up):

‘The value of human life and limb, not only to the individual concerned but also to society, so outweights the interest of a possessor of land in excluding from it those whom he is not willing to admit thereto that a possessor of land has . . . no privilege to use force intended or likely to cause death or serious harm against another whom the possessor sees about to enter his premises or meddle with his chattel, unless the intrusion threatens death or serious bodily harm to the occupiers or users of the premises.

Of course you couldn't legally set that up, are you insane? On what planet would that be justifiable? Even in Texas, you need to demonstrate a reasonable belief that you were in imminent danger of being robbed or attacked before you are permitted to use deadly force on an intruder in your home.

Booby traps are a definite no, as for what would happen in a plausible scenario, read this:

http://reason.com/archives/2010/08/31/drug-raid-gone-bad

No, you cannot legally create lethal booby traps, in any state in the US.

It seems like it would be trivial to get someone's door busted down by running LOIC aggressively on their computer. I wonder--at what point can the FBI's enthusiastic enforcement be directed, in some sense, as a weapon?

Edit: I've watched Anonymous (insert typical disclaimer about the membership of a heterogenous group of net users) attack more than one of my boxes. DDOS's have been traditionally been the regime of surreptitious botnets, not voluntary ones. I'll bet you some unsuspecting soccer mom (or someone who pisses off Anon) gets nabbed at some point.

You can get people to participate in DDoS attacks with a malicious website though.

Just use some JS to create image elements, script tags, iframes etc all with sources pointing at the target, should be able to do a few hundred a second at least.

Even trivial to get people to participate without using javascript. Just pop in a hidden iframe with a million <img> tags in the source.

As things move on, I don't think individuals who happen to fire off a few hundred requests at a website should be investigated/prosecuted/etc. Website owners just need to get better at protecting their systems.

Come on, quite a few home routers can't even handle an aggressive Bittorrent client. Yes, DDoS can be defended against, and the fact that the LOIC is pretty primitive helps, but it's not that trivial.

What does being a teenager have to do with being liable? If they're criminally liable, they'll be tried by a juvenile court. If they're civilly liable, their parents will face civil suits.

Their goal is to deter the behaviour by making examples of out people.

I think they achieved this.

With it being Anonymous, I wouldn't be surprised that the main demographic were indeed teenagers. At least those of them who didn't cover their tracks.

I would be willing to bet the teenagers are either most of anonymous or anonymous's cannon fodder. I'm leaning towards the second because it's so much cooler. :)