The hacker collective Anonymous struck again Thursday, launching its largest attack to date that temporarily brought down the websites of the Department of Justice and organizations that represent the movie and music industries.
But not everyone who helped with the attack was a willing participant. Many Internet users may have inadvertently contributed to the so-called "denial of service attack," which floods a website with traffic until it crashes, simply by clicking on a malicious link that circulated widely on Twitter, experts said.
In an interview, Graham Cluley, a senior technology consultant at Sophos, called the latest technique by Anonymous "devilishly sneaky." In previous attacks, Anonymous enlisted supporters on a volunteer basis by calling on them to download a "low orbit ion cannon" -- a piece of software that launches large packets of data that overwhelm websites of organizations as a means of protest. Distributed Denial of Service attacks, known as DDoS for short, were responsible for helping Anonymous bring down the websites of Visa and Mastercard in 2010 in retaliation for their decision to cut ties with Wikileaks.
Cluley said Anonymous supporters have grown accustomed to clicking on links posted on the group's Twitter accounts, some of which have more than 200,000 followers, to read press releases about their latest exploits. But this time, he said, Anonymous supporters who clicked on the malicious link joined the attack and may have accidentally broken the law.
"If you participate in such an attack, you could find yourself receiving a lengthy jail sentences," Cluley wrote in a blog post.
Law enforcement has cracked down on participants in such attacks. Last July, the FBI announced charges against 14 people dating back to December 2010, when Anonymous members temporarily brought down PayPal's website in retaliation for the company suspending payments to the whistle-blower site Wikileaks.
Last fall, the FBI charged Christopher Doyon, 47, of Mountain View, Calif., and Joshua John Covelli, 26, of Fairborn, Ohio, with bringing down the website of Santa Cruz County in a denial of service attack. The charges carry a sentence of up to 15 years in prison.
Thursday's attack coordinated by Anonymous came in response to news that the Justice Department had shut down massive file-sharing site Megaupload. In addition to temporarily taking the Department of Justice website offline, the attack also crashed sites belonging to the Recording Industry Association of America, the Motion Picture Association of America and Universal Music, among others, who have all been supporters of controversial antipiracy legislation in Congress known as SOPA and PIPA.
The malicious link that circulated pointed to a page on the pastetml.com website. On Thursday and Friday, hundreds of Twitter users posted the link in various languages. Some issued warnings. One Twitter user wrote: "Anonymous crowdsources a DDoS attack with this link," noting the link "may be illegal to click." Another Twitter user warned: "Clicking on this link can get you arrested...This is the dDOS used in the Megaupload revenge attacks."
But others were vague or gave instructions on what to do after clicking. One posted the link and wrote "Pls support Anonymous." Another Twitter user posted the link and wrote, "change the http://justice.gov url to http://whitehouse.gov and hit the button to the right of it twice. plz n thnx :)"
The cyber weapon used Thursday -- a low orbit ion cannon -- does not require much hacking experience, security experts said. (See this helpful explainer from Gizmodo on how they work.) But while Low orbit ion cannons may be effective at crashing websites, they are not very good at disguising the identity of those who use them, leading to the arrests of Anonymous supporters, Cluley said.
A spokesman for the FBI declined to comment on whether accidental participants in Thursday's attacks could be arrested.
But E.J. Hilbert, a former FBI agent in the cybercrime division, said Internet users who mistakenly clicked on the link faced little chance of being arrested. He said it would be difficult to prosecute anyone who contributed to the attack because "you have to prove intent to cause harm."
According to Hilbert, Anonymous has long enlisted Internet users in their attacks without their knowledge by roping their PCs into botnets, or thousands of interconnected zombie computers. For botnets to work, the users' computers need to be infected by a virus, he said. But the malicious link that circulated Thursday did not appear to infect a user's computer, Hilbert said.
Hilbert, who said he clicked on the link himself, called the person who began circulating the link "original" and "very ingenious."
"The trick is to make sure [the attack] doesn't get back to them," he said. "This muddies the water. You can't tell who was ultimately responsible."