Yesterday, authorities announced a raid on Megaupload—a now popular Hong Kong-based file sharing site locked in a dramatic legal spat with Universal—a mere day after the highly publicized web-wide SOPA blackout date. The action brought the hactivist collective Anonymous buzzing down from the Internet as if the movie and music industry and the US government had struck a tree and had a hive fall on their heads. In perhaps one of the broadest directed DDoS attacks successfully organized by the collective, numerous sites suffered and buckled.

Time.com has published an article listing the sites taken offline and that Anonymous is thought to be using a distributed version of the LOIC (Low Orbit Ion Cannon) a diagnostic tool used to stress-test Internet websites with tremendous amounts of bandwidth. We’ve seen it used by LulzSec to take out websites as well as others while committing global Internet mischief; but it’s also a weapon of mass distraction and attention grabbing.

The DDoS spree has been dubbed #OpMegaupload on Twitter and other social media outlets by the collective and they’ve claimed to have successfully sunk: usdoj.gov and justice.gov (the U.S. Department of Justice), universalmusic.com (Universal Music Group), RIAA.org (the Recording Industry Association of America), MPAA.org (the Motion Picture Association of America), copyright.gov (the U.S. Copyright Office), hadopi.fr (France’s copyright-enforcement agency), wmg.com (Warner Music Group), bmi.com (Broadcast Music, Inc.) and fbi.gov (the Federal Bureau of Investigation).

The numbers are still coming in, but this is the largest single-day DDoS attack carried out by the collective. Twitter accounts linked to Anonymous have announced that “5,635 people [were] confirmed using #LOIC to bring down sites” at its peak, and “largest attack ever crippling government and music industry sites.”

Out of Many, Done For: Distributing DDoS via Social Media

During this even the Anonymous collective sought to bolster their numbers via the unsuspecting by distributing their LOIC tool through social media. Adrian Chen at Gawker.com has stumbled upon a brilliant distributed democratization technique used in this attack that ropes in extra firepower through getting people to click links from Twitter.com and Facebook.

What Chen doesn’t know is that this is already a common tactic, it just became more effective this round because of the proximity to the SOPA blackout. The general public had already been primed to look for social media messages about government censorship so when Megaupload.com suffered under the heel of government, tweets claiming to contain links supporting #OpMegaupload became interesting and anyone clicking those links became (however briefly) part of the DDoS attack. Many unsuspecting users have zombie malware infecting their computers that can be used as part of DDoS attacks—a website version is far more benign.

This tactic being used by Anonymous is one that’s become well-known as a highly effective nuisance that takes advantage of the limited resource that bandwidth is. If too many people are accessing a site at one time it will crumble under the effort of trying to serve all comers and sites are unable to tell the difference between a legitimate request for information and one that only wants to take up a spot. Overall, DDoS causes no long-term damage and is only dramatically effective for websites that make money.

Otherwise knocking out high profile PR websites is in of itself a PR move.

What we’ve seen yesterday is Anonymous lashing out with ranging fire and not focused attempts to damage or destroy these websites. The short-notice DDoS attack was designed to show the popular reaction of the constituent parts of Anonymous (and perhaps the mood of the portions of the Internet) in regards to the US government and the MPAA and RIAA taking an action against Megaupload.

The Second Wave: “We Are Anonymous. We are Legion. Expect Us”

Expect them indeed.

If dissent and animosity continues to brew among the cells of Anonymous, we will see much more high profile activity from the collective will emerge. Instead of just social-media amplified DDoS attacks there will be retaliation by the group against low-hanging fruit, probably hacks that pilfer databases of company websites connected to US authorities, MPAA, RIAA, and especially Universal.

Chances are very good we will see the same breach and leak hit-and-run tactics we’ve seen used by LulzSec against Sony and authorities coming to the foreground again. Except that this time it won’t be under the guise of the lulz or educating the public that their records are not safe with these companies.

It will be full on attempts to inflict injury against these media giants and governments by exposing their secrets and their clients to the Internet.