Trump inauguration DDoS protest is 'illegal', warn securobods
A software engineer is calling on netizens opposed to Donald Trump to visit the Whitehouse.gov site and overload it with traffic tomorrow.
The call to mark inauguration day by "occupying" whitehouse.gov as a form of protest against Donald Trump’s presidency is likely to succeed only in getting participants into trouble, security experts warn.
Kyle Wilhoit, senior security researcher at DomainTools, commented: “Protestors across the globe continue to utilize denial of service and DDoS attacks to propagate their viewpoints and spread the concept of civil disobedience. In this situation, the White House likely has protections in place to help prevent simple page refresh denial of service attacks, so in order for this style of attack to succeed, it would require a very large volume of traffic from thousands of personal machines.”
Amichai Shulman, CTO and co-founder of Imperva, compared the protest campaign to similar action by the Anonymous hacker collective in 2010 / 2011.
Anonymous, which declared "total war" on Trump before the US election last November, this week called on supporters to dig up and release any damaging information they could find on the incoming US president, The Daily Telegraph reports.
The separate “call for protestors” to gather at whitehouse.gov is being hosted on a website using the .io domain, which is assigned to the British Indian Ocean Territory. The person behind the protest, who is calling themselves Juan Soberanis, describes it as an act of civil disobedience akin to marching on Washington DC.
Security experts caution that what has been proposed amounts to organising a distributed denial-of-service attack, an illegal act under anti-hacking laws in the US, UK and other countries.
Stephen Gates, chief research intelligence analyst at NSFOCUS IB, warned: “Participating in a DDoS attack is a crime, regardless if you use a tool, a script, a botnet for hire, or a finger and a keyboard. If protesters move forward with this demonstration, they must remember that their source IP addresses in most cases will not be spoofed, meaning law enforcement can easily track those who participate.”
The protester site hosting the action is up and running, even though the whitehouse.gov down campaign itself was unavailable when El Reg checked it on Thursday morning. ®