Spread Spectrum Status Updates…

Things all seemed to get a bit silly on the web last night as a bunch of hacktivists apparently used the LOIC system stress testing tool to mount a distributed denial of service attack on Mastercard, Visa and Paypal.


(At the time of writing, it seems that VISA has gone down again. Last night, I saw a few tweets suggesting that their payment services had also gone down, though: a) I couldn’t/didn’t confirm it, b) have no idea if the same is true now?)

Users downloading LOIC could hand control of it over to a remote location; using IRC (Internet Relay Chat, from a time before Twitter, and IM, but much the same sort of thing…), a third party could then tell LOIC what to do and direct the focus of the stress test at the target sites. Which is to say – folk could download LOIC and voluntarily join a botnet….

Watching the tweets fly by felt to me a bit like the night twenty years or so ago when the opening attacks of the Gulf War began, as we watched 24 hr rolling news (a feed was pinched and routed through student TV screens) cover the event. This time of course, realtime tracking was provided via Twitter (Newsnight, though on air at the time, was otherwise engaged…).

At a couple of points during the couple of hours I watched the feed, the Twitter account(s) from members of the group “sponsoring” the attack appeared to be taken down, only to return again. When accounts did go down, new ones appeared to (temporarily) take their place. The situation was therefore one where:

– Twitter could easily take down a user account;
– hacktivists could easily create a new account.

But a question that occurred to me was: how do you know who to follow? When a user account was disabled, it would have been easy for someone else to set up another count and claim it was the replacement, using a hashtag to get the original message out and hope for RTs to broadcast the new username. But how could you distinguish whether the replacement account really was the replacement, and not a spoof?

One way would be to pick up the message from a trusted secondary source RTing the fact, (trusted maybe because they know via another channel the new name to follow). But then, for wider amplification, it’s easy for me to type “RT @example: some message” when @example never did tweet “some message”. (I guess the native Twitter API supported retweets are more trustworthy, because clients tend to include the icon of the user whose message is being retweeted?)

Another might be to look to a third party service (trusted website, IRC channel, etc) to find who to follow.

Anyway, this all got me wondering about “spread spectrum” radio, a technique whereby a radio message is transmitted by splitting it up into several parts that are sent over different frequencies. The approach is good for resilience because it can cope with narrow band jamming, as in the case where an antagonist jams a particular frequency…. or a particular user account is disabled…

In the case of tracking status updates, a corollary might be that a client subscribes to one trusted/secure channel that informs who the trusted source to follow at any one point in time on another channel is. So for example, I might have a column in a Twitter client that subscribes to an IRC channel that tells the column who to follow at any given moment. Of course, an antagonist might also subscribe to the IRC channel so they’d be in a position to take down the trusted parties as soon as they’re announced.

As online social networks grow in scale, it’ll be interesting to see the extent to which formal communications theory inspired models for co-ordinating massive acts of civil disobedience (both online and offline) start to emerge…

Author: Tony Hirst

I'm a Senior Lecturer at The Open University, with an interest in #opendata policy and practice, as well as general web tinkering...

One thought on “Spread Spectrum Status Updates…”

  1. .. or they could move controlling structures to freenet to ensure that they control websites in distributed yet still anonymous matter. This would allow enough people to check ‘official accounts’.

Comments are closed.

%d bloggers like this: