IE 11 is not supported. For an optimal experience visit our site on another browser.

Hacktivists claim credit for Mastercard.com outage

The website for Mastercard.com was down briefly on Tuesday amid talk on the Internet that "hacktivists" had taken down the credit card processor's site in retaliation for blocking payments to WikiLeaks last September.

The site has since resumed service, but earlier this morning, attempts to access www.mastercard.com were unsuccessful. 

At approximately 7:28 a.m. ET, Ibom Hacktivist (@ibomhacktivist) tweeted, "MasterCard.com DOWN!!!, thatswhat you get when you mess with @wikileaks @Anon_Central and the enter community of lulz loving individuals :D"

MasterCard spokesperson James Issokson would not directly address apparent hacker claims or whether the website experienced a distributed denial of service (DDoS) attack. "We can confirm that MasterCard's corporate, public-facing website experienced intermittent service disruption, due to a telecommunications/Internet Service Provider outage that impacted multiple users," Issokson told msnbc.com.

DDoS attacks are carried out when remote computers overwhelm a site with data, making it unavailable to visitors. Overwhelming a site's capacity often results in little more than an annoyance to customers, but it can be costly to companies not able to conduct business through the flooded website(s) during the downtime.

"It is important to note that no cardholder data has been impacted and that cardholders can continue to use their cards securely," Issokson stated in an earlier communication acknowledging the site's temporary outage. 

On the Internet, others seemed eager to give all glory to Ibom Hactivist.

"Hactivists take down MasterCard in protest over the continuing illegal WikiLeaks fiscal embargo," the official WikiLeaks Twitter account posted at approximately the same time as the original @ibomhacktivists tweet announcing the take down. "The unlawful banking blockade against WikiLeaks in 6th month: The culprits: VISA, MasterCard, PayPal, Bank of America, Western Union." 

Emphasizing that he is in no position to state whether Mastercard.com experienced a DDoS attack today, Graham Cluley, senior technology consultant at Sophos security, told msnbc.com that the financial institution's official statment had his Spidey senses tingling. "They could have easily said 'wasn't a DDoS, it was a common-or-garden non-suspicious screw-up that happens from time to time,' " Cluley pointed out. "Smells a bit fishy to me, but I guess we have to take their word for it unless we see more evidence." 

Speaking of evidence, let's all keep in mind that despite the increase in media coverage (yes, yes including this story) — as well as "hactivists" actively seeking media attention — there is no hard evidence of any real increase in hacking activities on the Internet.

While it may feel like hacking activity is on the uptick, "there's no reliable count of just how many hacks take place," Cluley told msnbc.com. "That's particularly true when you consider that there are probably any number of hacks which are never made public.  What has changed recently is that some of the hackers are getting more effective and keener to publicize their hacks. Of course, the more high-profile hacks there are, the more the news story grows and the greater the press attention."

There are three main types of groups responsible for hacking, Cluley pointed out: 

"Hacktivists: They may be doing it for laughs, or believe they are making a political point, but they don't have a financial motive.  Many of these may have been encouraged to join the denial-of-service attacks against certain Middle Eastern countries, for instance.  An example would be the recent DDoS against the CIA by LulzSec. Criminal hackers:  Your regular identity thieves — interested in stealing identities, credit card detail, because of the money that can be made out of them. Infiltrators:   These are the hackers who appear to be hacking organizations and government bodies with the intention of stealing sensitive information with — perhaps — military or economic motivation.  Recent examples would include the alleged attacks against U.S. military contractors."

"There have been organized hacking gangs for as long as there has been hacking," Cluley said, echoing recent comments made by other Internet security watchers.

"What I find troubling is that we're now seeing Internet onlookers (via systems like Twitter) egging on the hackers, and even encouraging them to commit more crimes. Some of the hackers are now issuing their own press releases, or have 250,000-plus people following them on Twitter.  That's a very weird place for the world to be right now."

Last December, the hacktivist collective Anonymous launched DDoS attacks against MasterCard, Visa, PayPal and other financial institutions for disrupting donations to WikiLeaks and Bradley Manning, the accused document leaker at the center of the WikiLeakscontroversy. Two teenagers in the Netherlands were arrested in connection to the December DDoS attacks.

Though Ibom Hacktivist does not appear directly related to Anonymous, or LulzSec, an Anonymous splinter group believed responsible for a recent series of high-profile attacks, the MasterCard hacker (or hackers) is receiving kudos from @Anon_Central, the "Anonymous Operations" Twitter account: "@ibomhacktivist lol enjoy the show and bring us moar lulz bro." 

Last week, LulzSec and Anonymous announced, "Operation Anti-Security," encouraging the hacker community to infiltrate and publish confidential information from government sites and financial institutions, and post "AntiSec" in the infiltrated sites.

Ibom Hacktivist included the hashtag #AntiSec in follow-up communications with other Anonymous-identified Twitter accounts, including a tweet that seemed to acknowledge that Mastercard.com is again available: "@wikileaks @Anon_Central @AnonymousIRC Welcome to MasterCard Worldwide Thanks To Anonymous We Are Over 3 Hours Late! :D #AntiSec #lulz"

A comparatively new identity in this whole hacking mishegas, Ibom Hacktivist first posted on WordPress.com in May in support of attacks by Nigerian hackers on that country’s government websites in protest of budget appropriations.

Related:

 Helen A.S. Popkin goes blah blah blah about the Internet. Tell her to get a real job on Twitter and/or Facebook