In a tear across the Internet, Anonymous unleashed its fury in retaliation for the shuttering of Megaupload, using the unwitting public to take part in massive distributed denial of service (DDoS) attacks against US government sites and entertainment industry sites. The group is using a modified version of their Low Orbit Ion Canon (LOIC) botnet as part of their OpMegaUpload retaliation campaign. But some who simply want information about the campaign, such as bloggers and curious others, are tricked into participating in the DDoS attack by clicking on one of several links that appear on social media--a link that immediately triggers a Javascript-enabled LOIC attack, according to an article on CNET.

This type of attack throws a serious obstacle in the way of IT departments and "old school" methods of dealing with DDoS attacks. The cyber-assailant is no longer a singular entity, but hundreds and thousands of individuals--some of whom may be unwitting accomplices--as well as one or more loosely defined groups; the attack means and methods are seemingly chameleon-like in their ability to adapt and do so quickly; and managing and defending the enterprise may need to include the scenario that sees the company as inadvertently caught in the middle when an employee's innocuous Internet activity snares them into being part of the cyber attack. Even though an unsuspecting employee or his company will likely not face legal problems by clicking on a link that triggers an attack, the exposure in being part of a cyber-attack - even unwittingly - is simply not in the best interest of business, and is in IT's purview to protect.

For small and midsize businesses (SMBs) with limited staff and other resources, preparing for or getting caught up in a massive-scale DDoS attack may mean upgrading software and services to defend themselves or hiring consultants to aid in recovery. IT methods that worked in earlier DDoS attacks, such as trying to track attackers, is fruitless when dealing with a massive-scale attack, and trying to rate-limit traffic is not beneficial when attacks are prolonged and multifaceted, shown by way of example in the OpMegaUpload retaliatory attacks.

The global effect of the Anonymous attack is nothing short of stunning. Real-time Web Monitor shows global attacks up by 24 percent, and Gawker blogger Adrian Chen, who innocently clicked a link that set off an attack on an entertainment industry site, reports that the link is being shared four times per minute on Twitter, and likely tricking unsuspecting others into participating in DDoS attacks on Anonymous' behalf. It seems, then, that the group has discovered a way to coerce the public in supporting their cause whether they want to or not.