Copyright ©2010 NPR. For personal, noncommercial use only. See Terms of Use. For other uses, prior permission required.

AUDIE CORNISH, host:

This past week, the websites of Amazon, PayPal, MasterCard and others were hit by what computer experts called denial-of-service attacks. The attackers are anonymous. In fact, they're part of a group called Anonymous, and they're acting in support of WikiLeaks.

The targets of their attacks are huge, multinational corporations. But it turns out the method of attack itself isn't that complicated.

Here to explain is Nicolas Christin. He's associate director of the Information Networking Institute at Carnegie Mellon University in Pittsburgh.

Nicolas Christin, thanks for being here.

Mr. NICOLAS CHRISTIN (Associate Director, Information Networking Institute, Carnegie Mellon University): Thank you for having me.

CORNISH: So a 16-year-old boy in the Netherlands was arrested and charged with launching some of these attacks. I mean, 16 years old - really? How do they work, and is it that simple?

Mr. CHRISTIN: They're not very difficult from a technological standpoint. So essentially, to give you an analogy, it's as if you are trying to call someone, and you have many people trying to call the same person. Well, now when another person is going to try to call, they're going to get a busy signal.

And that's essentially what is happening here. You have many computers that are connecting to one, specific, target website. And because they are doing that simultaneously, somebody else wants to engage in a legitimate transaction with this website - simply doesn't get through; gets a busy signal, if you will.

CORNISH: And what I'm reading, though, is that, I mean, this technique's been around for a while, but that there's something a little bit different going on in the latest attacks.

Mr. CHRISTIN: Yes. Traditionally, what people were doing was to enroll those machines somewhat involuntarily - meaning, a virus or worm would spread, and the attacker would basically be carrying out their attacks without the knowledge or the permission of the machine owners.

What we see here is a little bit different. People actually sign up to lend their machines to the attackers and...

CORNISH: Right. And social media is sort of amplifying this, right? I mean, I'm seeing a lot of this - conversation about this on Twitter.

Mr. CHRISTIN: Absolutely. So what you see is that people are saying on Twitter things like: We want to punish Amazon, or we want to punish PayPal. Just download this program and join the fight. And indeed, this has been made possible by the emergence of social networks, which make it a lot easier than before to have protests of such massive scale be started in just a matter of minutes.

CORNISH: One thing I have to ask, though, is with companies like MasterCard and PayPal, I mean, they're holding on to personal finance information for a tremendous number of people. So again, isn't this also jeopardizing that information, that that could fall into the wrong hands during these attacks -which are really about WikiLeaks; they're about something else?

Mr. CHRISTIN: Well, I think those are actually two different problems. When a site such as MasterCard or PayPal is victim of a denial-of-service attack, the attacker is actually not getting into those computers. They're just calling them.

So getting a busy signal on a phone line doesn't mean that there's a burglar or that he's at the same time entering your house.

CORNISH: Nicolas, taking a step back, what can we learn from this latest round of denial-of-service attacks, as sort of a chapter of computer science history?

Mr. CHRISTIN: I think that what we're seeing right now is the convergence between technological availability and civil disobedience. There's always been protests of people being unhappy about something. But what we realize now is that with the technological means that we have at our disposal, and in particular the social media on the one hand, the easy network access that most people have, participating in acts of electronic civil disobedience is actually relatively easy.

And I think we're going to see, unfortunately, more of these attacks in the future just because they are so easy to carry out, and they are relatively difficult to defend against.

CORNISH: Nicolas Christin - he's associate director of the Information Networking Institute at Carnegie Mellon University, in Pittsburgh. He spoke to us from the studios of WQED.

Nicolas Christin, thanks so much.

Mr. CHRISTIN: Thank you.

Copyright © 2010 NPR. All rights reserved. No quotes from the materials contained herein may be used in any media without attribution to NPR. This transcript is provided for personal, noncommercial use only, pursuant to our Terms of Use. Any other use requires NPR's prior permission. Visit our permissions page for further information.

NPR transcripts are created on a rush deadline by a contractor for NPR, and accuracy and availability may vary. This text may not be in its final form and may be updated or revised in the future. Please be aware that the authoritative record of NPR's programming is the audio.

Comments

 

Please keep your community civil. All comments must follow the NPR.org Community rules and terms of use, and will be moderated prior to posting. NPR reserves the right to use the comments we receive, in whole or in part, and to use the commenter's name and location, in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.