Help to setup a communication infrastructure controlled by the movement and not corporations or the government

The question is “who controls the internet?”

My reply would be, “nobody”. Just let everybody determine for and control themselves, not others, not the entire internet. We have a couple of administrating offices/registrars for domain names and IP addresses and that’s it. Corporations and governments do not think like that. Besides all of the bills governments have tried to enforce on the internet to “regulate” netizens, China and Russia tried a grab for power via the UN (ITU). And of course, the covert empire, with its insatiable lust for domination and staying “on top”, opened pandora’s box.

We, the people, are going to have to defend ourselves, individually and as a worldwide community, and without becoming the petty tyrants that we fight. And that means we build our own community owned, individually controlled, communication infrastructure. It also means solidarity.

Getting started

With the rise of crackdowns on hacktivists and with more government-paid hacker teams around, the chances that activists and hacktivists will have to deal with Distributed Denial of Service (DDoS) attacks increases. Just recently, the cyberguerrilla websites were brought down by a DDoS attack. DDoS attacks are increasingly becoming a threat that hacktivists and activists need to be prepared for.

Learn about DDoS

DDoS attacks work by leveraging the power of hijacked computer systems (for example through the use of botnets) to send a huge amount of traffic to a single designated target. DDoS can be effective in bringing down our sites and making us less effective in responding to activist and hacktivist requests and in dissiminating information and researching and relating news. Most DDoS attacks do not prey on a victim’s weaknesses; being cautious and using the right tools and protection, as is the case in hack attacks, is not enough. But we can protect our network against these attacks by making some network design decisions. A DDoS is a never-ending stream of requests from a large number of sources, or uses for example, apache vulnerabilities, as is the case with the use of XerXes.

DIY design choices

Get your own server (with raid if you can). It doesn’t need to be first hand. A second hand will do. Preferably get two so you have a separate backup and can build a mirror of the sites you or someone else in the network hosts in return for them setting up a mirror of sites you host, or make that a three-way trade with a third server in the network we will build.

Configure your server(s) in a by you preferred way and make security tight, but don’t use apache as webserver. Nature teaches diversity to be an excellent defense tactic. Use one of the alternatives for an apache server.

Test for Pingfloods: Set up an IDS and tweak it to not detect false positives. Ask some anonymous to help with testing for the tweaking. Set up a firewall to block by the IDS detected requests.

Test Syn Flood Attacks and Syn Cookies, and for Slow Loris attacks. Use ‘SYN cookies’ to eliminate the use of resources that the server uses for half-open connections and put a reverse proxy in place or use cloudflare or whatever we discover more that will work for defense.

While you are at it, set up a Tor bridge to help your fellow netizens, and perhaps a YaCy server. An I2P server may also be an excellent addition. All three are distributed peer-to-peer without central server, and for all three the  the quantity and quality of the results will depend on the number of peers connected. More ideas? Do share. Suggestions are welcome.

Server location

Even with all that, if the bandwidth is overwhelmed by requests, the sites will still probably be inaccessible.

Another point of concern is the Internet Service Provider (ISP). If the attack is large enough, the ISP can choose to cut the route out of the system to save bandwidth and avoid degrading performance for other customers and servers. That is worse than the actual impact of the DDoS attack itself. It can even take something like two days before the ISP responds to tickets to put it back online.

Place your server with a provider that has some serious bandwith and  a for our purpose fitting policy. Double check by discussing it when you make the deal.

Interested?

Interested in setting up a server in a communication infrastructure controlled by the movement and not corporations or the government? Have experience with one of the above to give those involved a jump start? Let us know. We will keep reporting on our progress and what works and not. For we aren’t the only activists and hacktivists with increased risk of attack. And depending on the funds we gather we may be able to help you with that too.

Funding

For most of us this means monies that we don’t have, so please help by donating a little to our fund for that.


  8 comments for “Help to setup a communication infrastructure controlled by the movement and not corporations or the government

    • lilith
      June 8, 2012 at 12:27 pm

      Thank you very much Odhinn! 🙂

      • kevskewl
        June 8, 2013 at 9:32 pm

        Thank You

    • lilith
      July 10, 2012 at 9:49 am

      Weaponising …

      I am considering reverse engineering XerXes, and launching a counter attack when its signature comes up.

      But with a botnet attack I can not be sure whether it is machines of people consciously participating (like when a tool like loic is used) or whether the machines have been hacked and recruited into a covert botnet.

      When a botnet is covert, attacking the machines taking part in the attack, doesn’t work for me. If I did, these machines got hacked, and then attacked by us, all without their owner’s consent. Even if its just the net, the emotions associated with invasion of privacy and loss of control over ones own machine are. That’s “collateral damage” that I personally don’t want for anyone.

      We could detect loic/hoic/overt tool use, but then I’d rather want to get in touch with some of the people choosing to attack and ask why? Even if overt and by choice, did people really think about it before attacking other hacktivists/activists, or were they recruited by some blackops?

      In short, yes, reverse engineering for finding detectable signatures and then passing it on for a counter attack is an option to explore further, but not blindly. I do not wish to become the petty tyrants we fight.

      • kevskewl
        June 8, 2013 at 9:31 pm

        Yes lets not become that which we propose to despise the most.

  1. BaDiTuP
    June 24, 2013 at 6:43 pm

    This is this week’s project… I’m fucking done with TDS, the NSA, Verizon, etc…

  2. February 8, 2014 at 11:17 pm

    Help me, this is serious, I do not have long, neither do the rest! 300 million, 26 lives, countless risks, help stop corruption. https://twitter.com/OpressedFighter
    These couple of lines are what I’d call last hope, i’m not a child, i’m an adult, i have evidence to put the biggest corrupts on earth behind bars, it will be the new snowden event. I can’t do it alone, and I can’t stand it any longer.
    Help!!!!

    LM

  3. Unknown
    March 19, 2014 at 1:14 am

    We must band together, as one, as legion, as Anonymous
    Undivided and Unbeaten

Leave a Reply

Your email address will not be published. Required fields are marked *