Our Bandwidth Tools Are Not a Denial of Services Attack
A lot of people have contacted the Artists in the past, wanting to know whether the our bandwidth tools are a form of distributed denial of services attack. This is a confusing point, and a number of individuals have wrongly accused us of masterminding an illegal electronic offensive. There are definitely some similarities between the use of the Muguito (or, equivalently, the Lad Vampire) and a distributed denial of service attacks. However, these similarities are fairly superficial. In fact, in terms of the technicalities of its operation, either of these tools (including the discontinued Mugu Marauder) bear little resemblence to a denial of service attack.
The target of a denial of service attack is not a specific web site but an entire server. SearchSecurity.com gives this description of a distributed denial of service attacks in their article What is distributed denial-of-service attack?:
- On the Internet, a distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users.
- A hacker (or, if you prefer, cracker) begins a DDoS attack by exploiting a vulnerability in one computer system and making it the DDoS "master." It is from the master system that the intruder identifies and communicates with other systems that can be compromised. The intruder loads cracking tools available on the Internet on multiple – sometimes thousands of – compromised systems. With a single command, the intruder instructs the controlled machines to launch one of many flood attacks against a specified target. The inundation of packets to the target causes a denial of service.
- While the press tends to focus on the target of DDoS attacks as the victim, in reality there are many victims in a DDoS attack – the final target and as well the systems controlled by the intruder.
Attacks such as these are illegal in much of the world. So, while they might be effective in bringing down fake banks, we neither endorse nor condone their use. A denial of service attack against a web server would interfere with the operation of all the sites hosted there, the vast majority of which are presumably legitimate. Our goal is only to take down sites that are part of ongoing criminal operations and as such, intrinsically illegitime both in their intended use as in their sheer existence.
We do this not by overloading the server (flooding the target with corrupt packets), so that other users' requests cannot be processed, but by expending all the bandwidth that is allocated to a fraudulent site. Internet scammers typically set up their phony banks, lotteries, and security companies using inexpensive web hosting plans. These plans always have a monthly limit on how much data a site can send out. If this limit is exceeded, the web site will be effectively deactivated for the rest of the month. Moreover, the huge increase in traffic to these sites draws the web host's attention to them, and they may decide to shut down these fraudulent operations permanently.
To use up this bandwidth allocation, we simply reload an image on the site again and again. There is nothing at all illegal about this. A publicly viewable web site provides a free service, available to anyone with an Internet connection. That service is the ability to download files via http connections. The web site's provider can have no expectation about how these free services are used; they only have the expectation that they will be able to serve requests, up to some bandwidth limit. A user can download data from a site as many times as he wants and do whatever he wants with it, so long as what he chooses to do doesn't break any other laws.
An apt analogy for this situation would be one in which five hundred candy bars were left in a public place, with a sign that says, "Help yourself to free candy." Any person who came upon this display would be perfectly free to take every single bar. With candy bars, this would be extremely rude, since that person would be depriving everyone else of a chance to share in the bounty. However, when our bandwidth tools use up all the bandwidth allocated to a site, the only thing other people lose is the opportunity to be taken in and swindled by criminals.
If reloading the images on a web site unnecessarily constituted a denial of service attack and a crime, then virtually everyone who uses the web would be guilty – everyone who has ever needlessly clicked the "Reload" button on their browser's taskbar. However, this kind of activity is clearly not illegal; in fact, there are browser add-ons specifically designed to reload web images frequently. What our bandwidth tools do is really no different. If it were illegal for an organization to encourage so many users to load a web page that the bandwidth limit is exceeded, then Slashdot would be guilty. The Slashdot effect has shut down numerous sites this way, but nobody would ever consider Slashdot to be the originator of a denial or service attack.
Another frequently voiced argument against our bandwidth tools is that they use sites' resources in a fashion that is not in accordance with the purposes of the web sites in question. However, even if this were a valid argument generally (which it is not; to wit, a person can certainly link to somebody else's images on his web page, without the image hoster's permission), since the purpose of any site our tools attack is in furtherance of a criminal enterprise, it certainly does not make sense in this instance. The owner of an illegal site is does not have the right to prevent his bandwidth from being used for purposes other than his own scamming.
Denial or service attacks are perpetrated by stealth, usually using hijacked computers. Our activities are out in the open, and participation is strictly voluntary. We don't leech bandwidth from any sites whose hosters have not been warned that they are hosting illegal material and that their customers in question are in violation of the hoster's own Terms Of Services. When the offending sites are taken down, our bandwidth tools move on to other targets immediately.
These are some of the most important the differences between our tools and a denial of service attack.