tumblr hit counter

4chan Users Organize Surgical Strike Against MPAA

Sep 17

The users at 4chan, a popular image board responsible for many Internet memes such as the Rickroll, lolcats, and the “Anonymous” assault on the Church of Scientology, publicly announced a coordinated DDoS attack against the Motion Picture Association of America in retaliation for the hiring of an Indian based software firm, which carried out similar attacks on The Pirate Bay and other file sharing sites.

Update – 11/28 – 9:50 PM PST – Operation:Payback is now targeting Warner Bros Studios as of 7 PM PST tonight.  Our first recorded downtime took place just 26 seconds after the attack started and we have recorded a total  of 18 service interruptions and 2 hours 18 minutes of downtime.

O:P organizers released the following statement:

Warner Bros, MGM, Universal, and Sony are among the largest organizations represented by the IFPI. These organizations have levied 6.5 million dollars in damages against innocent people. In response, we will cause equivalent losses in downtime, corrupt data and focused disruption of the distribution of their media.

The founders of The Pirate Bay were not pursued because they were guilty but because they made easy targets for these organizations to take money from and to use as scapegoats. They don’t care about art or creativity. They don’t care about artist rights nor do they care about Justice. So we will send them a message in the only language they understand; money. We will hit them in their wallets.

If these organizations are so concerned over the growing and widespread use of their products, then we shall oblige, and if needs be, we shall abstain from and take measures to prevent the legal purchase of what they have to offer. Let it be known that this is only the tip of the iceberg and only the beginning of our statement of displeasure against the actions of these corporations. We are Anonymous, we shall never forgive, we shall never forget. Expect us.

Update – 11/27 7:21 PM PST – Operation:Payback has set their cross-hairs on the IFPI in retaliation for the legal action taken against The Pirate Bay.  According to our statistics, IFPI.org first went down yesterday at 11:15:25AM PST and has experienced 27 hours of ongoing downtime.

The following statement announcing the attack was made via this image:

The creators of The Pirate Bay have recently been sentenced to jail time, and fined $6.5 million US dollars for supposed copyright infringement by the IFPI.  From a legal standpoint, the Pirate Bay is not responsible for what is has been accused of (copyright infringment.)

It has never hosted any copyright infringing content.  Why are they prosecuted because of it?  If we let this go unnoticed, unpunished, what prevents other instances of injustice like this from happening again?

Limewire was recently shut down.  If The Pirate Bay is shut down too, when, and how will this stop?  These cases are setting a frightening precedent for our future.

Should we stand for this injustice?


The time has come to say “F*** you” to those who screw with our culture.  The time has come to act, to join as one and defend our rights to uncensored internet.  The time has come to show these rich corporate IFPI bastards that the Internet should always be an uncontrolled territory.

Update – 11/22 4:00 PM PST – Read our two month recap on the Operation:Payback attack here: http://pandalabs.pandasecurity.com/two-month-recap-on-operationpayback/

Update – 11/10 – 12:25 PM PST – The United States Copyright Office has been targeted and successfully taken down by the attackers.  The attack started yesterday at approximately 12:00AM PST and we recorded the first downtime at 12:39 AM PST.  Copyright.gov sustained 6 service interruptions and 31 minutes of total downtime.

Copyright.gov DDoS Attack Statistics

Update – 11/6 – 11:45 AM PST – The attack on Hadopi.fr is ongoing.  So far we have recorded 167 service outages and 4 hours 22 minutes of downtime.

Update – 11/5 – 1:44 PM  PST – The first recorded downtime for Hadopi.fr occurred at 1:35 PM PST and kept the site down for 2 minutes and 3 seconds before it came back up.

Here is an hourly updated downtime graph:

Update – 11/5 – 10:26 AM PST – The DDoS target has switched to Hadopi.fr. Operation Payback organizers had this to say about the attack:

We are striking because the French government is trying to force through the anthem that is the 3 strikes policy

Your three strikes are up, Hadopi. Now WE’RE going to disconnect you from the internet.

Update – 11/1 – 8:00 AM PST – The attack on RIAA.org/.com started shortly after the planned 9PM take down time, with our first recorded down at 2AM on Friday, the 29th.   We have recorded over 14 hours and 30 minutes of continuous downtime and 565 service interruptions.

RIAA DDoS Attack - October 29th - November 1st

Update – 10/28 – 11:45 AM PST  – Attack on Anti-Piracy.fi has ended with 20 hours 13 minutes of recorded downtime and 119 service interruptions.  The next DDoS attack is scheduled against RIAA.ORG on Friday @ 9 PM UTC.

Update – 10/23 – 11:00 PM PST – Attack on hustler.com brought 9 service interruptions and 2 hours 20 minutes of total downtime. Attack on Anti-Piracy.fi immediately followed.

Update – 10/22 – 1:22 PM PST – It took the Operation Payback team just 2 minutes 53 seconds to bring Hustler.com to a screeching halt.  The attack started at 1PM PST and we recorded the first downtime at 1:02:53PM with response times as low as 13,468 ms.

Update – 10/22 – 1:00 PM PST – The DDoS attack against Hustler.com has begun.  We’ll keep you all updated with downtime stats as soon as we see it go down.

Update – 10/22 – 8:00 AM PST – The target is set on Satel Film (satelfilm.at), an Australian film production company.  You can read more about the attack here.  We’ve been monitoring the site and it has been down for the past 14 hours.

Update  – 10/20 – 5:56 AM PST – The attack against ipo.gov.uk has ended with 115 service interruptions and 16 hours 14 minutes of total downtime.  The next target is set on Hustler.com after Operation Payback members became aware of a string of new BitTorrent related piracy lawsuits issued by Hustler owned LFP Internet Group, LLC.

Update – 10/19 – 5:50 AM PST – The target is now ipo.gov.uk.  The site has already sustained 44 service outages with a total of 2 hours 15 minutes of downtime.

Update – 10/19 – 5:00 AM PST – The attack against GeneSimmons.com has concluded with 34 separate service outages and 1 day 14 hours of total downtime.

Update – 10/18 – 11:00 AM PST- New attack targets: www.ipo.gov.uk & www.genesimmons.com.  Operation Payback (Anonymous) has released a new statement about the future of the attack campaign against media authorities.  They discuss the operation splitting into splinter cells, while announcing that DDoS will not be the only method of attack moving forward.  This is evident by the latest hack and defacement of an MPAA related website (see our previous update below for details)

A long time ago, copyright was meant to stimulate creativity. Now, copyright is abused to assure a steady flow of income. Andrew Crossley was one of the lawyers that found a way to turn piracy into money. We pirates, as so dubbed by the media, have been claiming that the entertainment industries have been unable to come up with new business models. We could not have been more wrong. From the leaked ACS:Law emails, we learned that it was not the artists, not the people actually working for their money, but the lawyers that found a way to exploit a lucrative business model based on copyright. Since copyright protects intellectual property for more than 70 years, everything made after 1935 can be exploited by pay-up-or-else letters. Money can be made by exploiting a law to prevent other people from exploiting your work.

The piracy witch-hunt is not to stop piracy. It is not to secure the artist’s income; it is just another business model allowing a group of lawyers to do what they do best: defend their statements with law. They found a way to make it legit to financially rape exploit children. And the entertainment industry associations even openly stated that they don’t intend to share the money from this exploitation with the artists. Instead, they intend to use it to start even more lawsuits. This is the extreme opposite of what copyright was intended for. Judge and jury must be brought to understanding that the entertainment industries are not interested in stopping piracy, but exploiting it. This is what kills creativity. This is what discourages the real artists.

Operation Payback is the protest against these flawed laws, against the lobby that issued the laws in the first place. Documentaries, such as Steal This Film (http://www.stealthisfilm.com) and Rip! A Remix Manifesto (http://www.ripremix.com), were ignored. So we started with Denial of Service attacks; we started the protest of the future by targeting websites of lobbying groups and law firms that abuse copyright law. We simply will no longer be ignored. While the operation moves forward with new actions such as defacing websites, people have realized that defacement is not the only thing that can be done. People started protesting on their own: bomb threats, prank calls, hacking websites, and who knows what else. Several media outlets are reporting about the operation distancing itself from these splinter attacks, like the attack on individual artists who have this “Sue! Sue! Sue some more!” attitude. But protesting is done regardless whether a core group approves what happens or not. Operation Payback is the movement, the protest itself, the moving force that tries, where we uncover how deep the copyright exploitation goes nowadays. That movement cannot be turned away, stopped, concluded. As long as anybody continues to fight for this cause, the operation will exist.

The operation, in the least, is a success. The operation is not lead by a core group anymore. It is decentralizing and spreading. It’s gaining strength and momentum. At this point in time, the future of the operation is unknown. We are still discontent that a student who downloads songs is considered criminally equal (or sometimes even greater) to a terrorist, a child molester, a serial murderer. We are discontent that children who want to share a song with their school friends are being brainwashed that this is wrong. If an artist does not want his or her creations to be shared, then why were they published in the first place? We are discontent that pirates are considered criminals, are considered dangerous to society. We are discontent that the entertainment industries consider their monetary worth more than the livelihood of the artists themselves. And as long as these laws are not changed, as long as lawyers keep suing people, the operation will continue.

DDoSing websites was the first step; hacking and defacing websites were the next. What will tomorrow bring? Would we go on the streets, fighting our ways to the office? Would we have to overthrow the walls of the White House to make our statement? Do we have to fight for a new renaissance? Do we have to start a revolution, to get our freedom to share in this world? Stop this madness. Stop suppressing our needs to share, just to preserve cash money. Teachers pass their knowledge onto others by sharing. But if we are no longer are allowed to share our findings, our knowledge, our emotions, our expressions, our hearts, and then the evolution of mankind stops here.

The government gave the entertainment industry free reign, heard all their wishes. Now do your task and help your citizens. Heat our wish from uncensored internet. Heat our wish to share what we like and make. And trust us that we reward the people whose work we appreciate. Because that’s what it is still about, right?

Update – 10/18 – 5:00 PM PST – After briefly targeting acapor.pt, Operation Payback members were able to hack the website and retrieve an e-mail cache similar to the ACS:Law breach.  The archive has been posted on The Pirate Bay.

Update – 10/15 – 3:00 PM PST - There have been some reports of Operation Payback hacking an MPAA website via DNS Cache Poisoning, which is not completely true.  The website was in fact hacked by Operation Payback (Anonymous), but the attack vector was SQL Injection rather than DNS Cache Poisoning.  The original researcher assumed that the host of the hijacked site was not affiliated with the MPAA website,  but we can see that the reported IP is hosting other MPAA related websites.

passive dns information

passive dns information

Taking a further look, we see that the affected site (copyprotected.com) is in fact vulnerable to SQL injection attack in the most rudimentary way.  The website does not sanitize special characters properly, allowing for malicious SQL statements to be made via the browser.

Here is a screen shot showing the vulnerable site responding to an apostrophe appended to the URL:

SQLi on CopyProtected.com

SQLi on CopyProtected.com

The Operation Payback (Anonymous) team hacked the server by injecting the following content into the website:

SQL Injection on Copyprotected.com

SQL Injection on Copyprotected.com

The attack message reads:

To whom it concerns,

Over the past years, we have borne witness to a technological revolution. The individual has become free, in the most extreme anarchistic sense, to share ideas. Some of these ideas are shared behind proxies, darknets, or similar “closed doors”. Nevertheless, the ideas are out there. There have been similar instances of such revolutions of the mind. Their effects on society are inestimably great. As in past times with the invention of the printing press, so it is today that the people embrace this revolution, this new “anarchy” of freedom to share, while their autocratic rulers seek to crush this freedom.

In spite of censorship in the form of copyright law and other restrictions, the people have succeeded in distributing content to the poor, the underprivileged and the oppressed. The most numerous pirates are Chinese, as content filters restrict a vast amount of information in their country. Pirates are also numerous among the poor, as this demographic cannot afford things like college books or entertainment. Indeed, while often ignored by those interested only in bread and circuses, a vast amount of educational literature is available to the everyday pirate online. Piracy democratizes knowledge and makes education affordable.

History repeats itself. There was a time when powers that be attempted to silence the printing press, the blank cassette and the recordable CD. All of these previous attempts at censorship have failed, and future attempts of this nature are doomed to failure. Indeed, the sequestration of human knowledge for the benefit of extremist capitalism is treason against the whole of humanity. All should have the right to listen to a melody, experience a plot and learn from the aggregate of human knowledge available online.

The man on the street already knows this. He knows it when he illegally [1] gives his unused software to a friend or acquaintance. He knows it when he gives that old college book to a person in need. However, he also knows that something is wrong.

He knows that something is wrong when the artwork of little girls is raped in the name of copyright [2]. He knows that something is wrong when solicitors use copyright to blackmail thousands of people sharing information [3]. He knows that something is wrong when corrupt organizations seeking to stem the free flow of information lie through their teeth, produce false documents and spread misinformation about their opponents [4].

He knows that it is not right when his leaders inexplicably support massive capitalist enterprises over the majority opinion of their own people [5]. He know they are wrong when they use illegal means to get what they want, while hypocritically deprecating their opponents for doing the same [6].

If one were to pursue the propaganda of various community-reputable organizations such as…

  • The Motion Picture Association of America [MPAA]
  • The Recording Industry Association of America [RIAA]
  • The British Phonographic Industry [BPI]
  • The Australian Federation Against Copyright Theft [AFACT]
  • Stichting Bescherming Rechten Entertainment Industrie Nederland [BREIN]

…They would come across many a morality play suggesting that, if they “pirate” a film or an album, they are depriving a simple artist, actor or crewmember of their rightful wage. This worker won`t be able to break even for their next lot of groceries because the pirate robbed them of their money.

Of course, these organizations carefully omit the fact that only a small percentage of the profits made by big media ever make it to those who actually produce it. Do they ever disclose how small of a percentage most script writers, novelists, etc., actually make? Of course not, and there is a reason why. Do these anti-piracy organizations truthfully disclose how much they receive in donations, and from whom? Of course not, and there is a reason for this also.

In the end, our DDoS efforts have been compared to waiting for a train [7]. What must the people do to be heard? To what lengths must they go to have their pleads taken seriously? Must they to take to the streets with noose and handgun before those in power take notice?

You are forcing our hand by ignoring the voice of the people. In doing so, you bring the destruction of your iron grip of information ever closer. You have ignored the people, attacked the people and lied to the people. For this, you will be held accountable before the people, and you will be punished by them.

                We will not stop.

                        We will not forget.

                                We will prevail.

                                        We are anonymous.
  1. [1] http://www.wired.com/threatlevel/2010/09/first-sale-doctrine/
  2. [2] http://www.techdirt.com/articles/20100722/09434710323.shtml
  3. [3] http://technews.am/conversations/techdirt/acs_law_asks_those_who_deny_infringing_to_incriminate_themselves
  4. [4] We DID NOT attack thepirate party, we ARE NOT affiliated with anti-scientology activism, andThe Pirate Bay has not organized this.
  5. [5] http://www.which.co.uk/news/2010/01/acs-law-letter-writing-continues-197714
  6. [6] http://torrentfreak.com/anti-piracy-boss-denies-dos-attacks-torrent-site-refutes-claim-100912/
  7. [7] http://www.theregister.co.uk/2010/09/22/acs_4chan/

Update – 10/11 – 2:50 AM PST – Anonymous is now targeting Italian sites: fimi.it, ifpi.it & pro-music.it.   The following statement was released on their website:

“The Federazione Industria Musicale Italiana (FIMI) is responsible for getting ThePirateBay blocked in Italy. Censorship is something used by fascists or dictators. Censorship is the opposite of democracy. With this act, the FIMI/IFPI is a threat to freedom. Everybody must realize that people will fight when they are oppressed, they will do whatever it takes to be free.”

Update – 10/7 – 12:28 PM PST – The attack against against SGAE, MCU, and Promusicae is still underway.  Over 100 Spaniards are still involved in the attack.

Update – 10/7 – 10:00 AM PST - The attack against www.sgae.es, www.mcu.es, and promusicae.es is still ongoing.  There have been 742 service interruptions and 537 hours 55 minutes of total downtime since the attacks started 20 days ago.

Site Interruptions Downtime (h.m)
aiplex 313 123.00
ACS:Law 152 179.07
RIAA 104 127.00
AFACT 43 21.43
MPAA 3 23.20
IFPI 3 0.09
BPI 2 0.06
SGAE.ES 22 28.45
MCU.ES 28 20.41
Totals Interruptions Downtime
742 537.55

Latest updates:

Down for 1 day 4 hours and 45 minutes
Service Interruptions:
Longest continuous interruption:
1 day 1 hour 2 minutes

SGAE Downtime

SGAE Downtime

Down for 20 hours 41 minutes
Service Interruptions:
Longest continuous interruption:
6 hours 42 minutes

MCU.ES Downtime

MCU.ES Downtime

Site: promusicae.es
Down for 6 hours 29 minutes
Service Interruptions:
Longest continuous interruption:
1 hour 29 minutes

promusicae.es downtime

promusicae.es downtime

Update – 10/6 – 3:40 PM PST – Added uptime counter for promusicae.es (updated hourly)

Update – 10/6 – 2:00 PM PST – Support from Spanish protesters pouring in with almost 200 Spanish involved in the attack and over 700 protesters in total.   Volunteers are even assisting those with very little technical knowledge on how to initiate the attack with the LOIC DDoS Software (see picture below).

LOIC Spanish Instructions

LOIC Spanish Instructions

Update – 10/6 – 1:13 PM PST – New target set on promusicae.es

Update – 10/6 – 12:40 PM PST – Over 160 people from Spain have joined in on the attack against SGAE. Anonymous organizers dedicated a special chat room (#TBPSPAIN) for all Spanish participants.

Update – 10/6 – 12:00 PM PST - Added uptime ticker for mcu.es (updated hourly)

Update – 10/6 – 10:00 AM PST – Anonymous “Operation Payback” just released the following statement regarding the attacks on SGAE.

Paying the government for digital media is ridiculous. The artist who makes music wants to be paid. Music labels want their fair share for producing, watchdogs want their share and thanks to the Spanish Ministry of Culture, the government assumes an additional profit. The result is an extraordinary high price for music, or a minimal fee for the artist (the one that should be rewarded instead!). The SGAE has as slogan “Believe in culture”, while they restrict new creativity by preventing that creativity is shared. They lobbied this Canon Law, which states that suspected piracy websites can be taken down without a court order. This is a danger to freedom of speech, since any site can just be taken down with the excuse that intellectual property is hosted. The “Ministerio of Cultura” should get a message that their current course will only lead to more controversy and protest.

Update – 10/6 – 8:00 AM PST – SGAE has already experienced 20 service interruptions and 3 hours 15 minutes of total downtime.  In addition to SGAE, a new target has been announced by Annonymous: www.mcu.es.  Stay tuned for updates.

SGAE downtime counter

SGAE downtime counter

Update – 10/6 – 1:20 AM PST – Added uptime counter for www.sgae.es

Uptime counter for www.sgae.es (updated hourly)

Uptime counter for www.sgae.es (updated hourly)

Update – 10/6 – 12:00 AM PST – Attack on MinistryofSound.com concluded. 71 service interruptions and 5 hours and 3 minutes of total downtime.  New target set on SGAE.ES (Sociedad General de Autores y Editores).

SGAE Attack Announcement

SGAE Attack Announcement

Update – 10/5 – 8:00 AM PST – Attack on MinistryofSound.com ongoing.  67 services interruptions and 3 hours 52 minutes of total downtime.

Update – 10/4 – 9:00 PM PST – MinistryofSound.com experienced 42 service interruptions and 2 hours and 47 minutes of total downtime since we started monitoring the domain today at 10 AM PST. The attack is ongoing.

Ministry of Sound Uptime Graph

Ministry of Sound Uptime Graph

Update – 10/4 – 1:36 PM PST – MinistryofSound.com experienced its first downtime (1 minute 22 seconds) at 1:22 PM PST.  Added hourly updated uptime banner:

Update – 10/4 – 10:50 AM PST – Targets have switched to MinistryofSound.com. The site has been taken down and replaced with the text, “Sorry! The Ministry of Sound website is currently unavailable.”

Update – 10/3 – 11:00 PM PST - Websheriff.com experienced 1 day 1 hour and 15 minutes of total downtime.

Websheriff downtime

Websheriff downtime

Update – 9/29 – 5:45 PM PST – We have released our Q&A with the Anonymous organizers.  You can read it here: http://bit.ly/cqGq1U

Update – 9/29 – 4:00 PM PST – Target has now shifted to websheriff.com and dglegal.com

Update – 9/27 – 7:20 PM PST – The ongoing attack against afact.org.au has lead to 3 service interruptions and 4 hours 27 minutes of  total downtime.

downtime graph

The following uptime/response tickers will refresh every 1 hour:

Uptime for afact.org.au: Last 30 days

Response time for afact.org.au: Last 30 days

Update – 9/27 – 1:45 PM PST – Anonymous chat servers are currently under DDoS and chat flooding assault.  The following picture shows several botnet controlled users joining the chat session with Pokemon nick names.  It’s not possible for us to tell who exactly is behind the attack, but we thought it was useful to note that some of the bots joined the room with the nick name “AIPLEX_HAS_YOU”


Update – 9/27 – 11:57 AM PST – Anonymous communication servers are under DDoS attack. New target set on afact.org.au at for 19:00 UTC

Update – 9/27 – 11:00 AM PST - ACS:Law faces legal action over data breach:  http://www.zdnet.co.uk/news/security-threats/2010/09/27/privacy-group-takes-on-acslaw-over-porn-data-breach-40090288/

Update – 9/24 – 1:35 PM PST – Anonymous has uncovered a backup of ACS-Law Email’s and have made them publicly available for download at The Pirate Bay.

Anonymous leaders had this to say regarding the incident,

“We’re still sorting through it. There’s a lot of stuff here to go through. But, basically, we were told we were less important than a 10 minute late train, or a queue for coffee by Andrew. Payback is a bitch, isn’t it Andrew?”

Update – 9/24 – 8:51 AM PST - Target set on AIPLEX (

Update – 9/24 – 8:00 AM PST - The Anonymous team has modified the Low Orbit Ion Cannon DDoS tool to include a new “hive mind” feature, which allows anyone using the software to turn their computer into a voluntary bot simply by inputting the correct IRC C&C server into the program.  Once the C&C is set, the software will then automatically connect to the channel, receive commands (What URL/IP to attack), and start attacking automatically.

Update – 9/23 – 3:40 PM PST – Anonymous now targeting a new Davenport Lyons IP (

Update – 9/23 – 1:26 PM PST – Some claims have been made that Anonymous is somehow involved in taking down Facebook.  They have expressed that they are not responsible for the attack, as it has nothing to do with their mission.

Update – 9/23 12:01 PM PST- 1 minute into the attack and Davenport Lyons is already down.

Update – 9/23 11:30 AM PST – In addition to the planned DDoS in 20 minutes, Anonymous hackers are attempting to hack and deface the Davenport Lyons website. Here is part of the chat log where a user shares the results of his vulnerability scan on the Davenport Lyons web server.


Followed by some take down/hacking suggestions from Anonymous users:

hack_suggestion 2

And finally, the attacker asks the Anonymous community for a deface page:


Update – 9/23 11:00 AM – Target set on Davenport Lyons ( for 12:00 PM PST (1 hour).

Hourly updated uptime graph for DAVENPORT LYONS:

Uptime for DAVENPORT LYONS: Last 30 days

Update: 9/22 – 5:30 PM PST – New target set on http://tmg.eu and DAVENPORT LYONS (

New uptime graphs which display hourly updated information for each network under attack:

Uptime for aiplex: Last 30 days

Response time for aiplex: Last 30 days

Uptime for acs-law.org.uk: Last 30 days

Uptime for MPAA: Last 30 days

Uptime for RIAA: Last 30 days

Update: 9/21 – 1:00 PM PST – New targets have been set on ACS:LAW @ and anti-piracy.nl

Update: 9/21 – 12:00 PM PST – Cyber criminals are attempting to profit off of the news by poisoning search results for Aiplex, DDoS, The Pirate Bay, and 4chan.  The following link appeared in the first 5 search results for Aiplex DDoS.

Blackhat SEO Poisoned Aiplex Search Results

Rogueware Infection Site - Aiplex

After clicking the link, we’re quickly redirected to the typical Rogueware infection site:

Rogueware Infection Site - Aiplex

Aiplex Uptime Graph

Update: 9/20 7:30 AM PST –

The MPAA has released a statement announcing the “COMBATING ONLINE INFRINGEMENT AND COUNTERFEITS ACT”

Here is a brief summary of the document, which can be downloaded here (PDF).

The Combating Online Infringement and Counterfeits Act will provide the Department of Justice with tools to track and shut down websites devoted to providing access to unauthorized downloads, streaming, or sale of copyrighted content and counterfeit goods. It will:

  • Give the Department of Justice an expedited process for cracking down on websites that are dedicated to making infringing goods and services available;
  • Authorize the Department of Justice to file an in rem civil action against a domain name, and seek a preliminary order from the court that the domain name is being used to traffic infringing material. The Department must publish notice of the action promptly after filing, and it would have to meet clear criteria that focus on the sites’ substantial and repeated role in online piracy or counterfeiting;
  • Provide safeguards allowing the domain name owner or site operator to petition the court to lift the order;

The attack is still focused on Aiplex.com, which has now experienced 198 service interruptions and 25 hours 17 minutes of total downtime.

Aiplex Uptime Graph

Aiplex.com downtime

Update: 9/20 1:40 PM PST – The attack is  now squarely focused on Aiplex.com.   Aiplex experienced 117 service interruptions and  14 hours 58 minutes of downtime from 9/18 – 9/20 at 4:20PM PST. In addition, Anonymous released a statement, which can be read here:  http://www.scribd.com/doc/37746686/An-Open-Letter-from-Anonymous

Aiplex.com downtime

Anonymous against BPI

Update: 9/20 10:30 AM PST – The attack on the British Phonographic Industry either did not happen or was unsuccessful.  The BPI website has maintained 100% uptime since we started monitoring it yesterday.  I have a feeling that the attack wasn’t launched because their (Anonymous) communication channels were disrupted by an undisclosed hacker just moments before the attack on BPI was supposed to start.

The next target is set back on the MPAA and is set for 12:00PM PST tomorrow.

Update: 9/19 8:30 PM PST – The attack on RIAA servers concluded after 37 service interruptions and 1 hour and 37 minutes of downtime.  Anonymous has now set their sights on the British Phonographic Industry. The attack is set for 9/20 4 PM GMT.

Anonymous against BPI

RIAA Downtime Graph

Update: 9/19 3:30 PM PST – The team behind the assault switched targets to RIAA as of 12:00 PM PST on 9/19 and the RIAA website has experienced 24 downtimes since the attack started.  In addition to attacking the RIAA website, Anonymous/4chan members also attempted to Google bomb the phrase “ROBERT PISANO MPAA CEO ARRESTED FOR CHILD MOLESTATION!”

RIAA Downtime Graph

RIAA Downtime Graph

Total MPAA Dowtime

Update: 9/18 4:00 PM PST – MPAA.org is back up after 21h  49m of downtime.  The attack has now switched focus to Indian software firm, Aiplex.com.  Another attack on RIAA is planned to go live in 19 hours: http://bit.ly/aSVEKG

Total MPAA Dowtime

MPAA DDoS Attack

Update: 9/18 – 9:25 AM PST – The attack against the MPAA and others is still underway.  MPAA total downtime: 16h 11m.  ifpi.org downtime: 14h 20m

Update: The attack against MPAA.org started shortly after 8:00 PM EST and took only 8 minutes to bring the entire site to a screeching halt.

MPAA DDoS Attack

4chan DDoS against MPAA

The following image was released to the Internet, instructing users on exactly what needs to be done to carry out the attack on 9/17 @ 9PM EST:

How fast you are in such a short time!  Aiplex, the bastard hired gun that DDoS’d TPB (The Pirate Bay), is already down!  Rejoice, /b/rothers, even if it was at the hands of a single anon that it was done, even if ahead of schedule.  now we have our lasers primed, but what do we target now?  We target the bastard group that has thus far led this charge against our websites, like The Pirate Bay.  We target MPAA.ORG!  The IP is designated at “″, and our firing time remains THE SAME.  All details are just as before, but we have reaimed our crosshairs on this much larger target.  We have the manpower, we have the botnets, it’s time we do to them what they keep doing to us.


4chan DDoS against MPAANot only do they have the collective man power, but according to the image, they will also be using botnet’s to assist in the attack against the MPAA.

How do you stop the collective man power of an entire Internet community?  You can seize equipment, hunt down the originators of the attack, but this is a group who has prided themselves in remaining anonymous, and have done so very well through the power of the Internet.    This is the future of cyber protests.

Note: Initiating a DDoS attack is illegal in many countries and we do not recommend that you participate in this or future campaigns.

h 52m 23s

Post to Twitter

  • (147) Comments


  1. anonymous says:

    Ebaums must be hard at work again!

  2. Joe says:

    Hey Sean so if the attack began at 9pm Eastern that would be 6pm Pacific but your image shows that it was down as much as an hour before that. Did you consider that perhaps that MPAA were informed of this and just took their cosmetic site down and went home to have a nice weekend?

    • Joe, you’re right about the time confusion (I updated the blog post to reflect that), but I witnessed the attack before and after the site was taken offline. Response times went from 80ms to about 1300 ms before it completely died in true DDoS fashion.

  3. SlR says:

    Finally some actions against corporate evil! Id like to thank all of you who participated in these attacks!!!DI3 EVil !!!

  4. anonymous says:

    all ebaums, not 4chan

  5. anonymous says:

    That ebaum’s world. Always causing trouble

  6. One day its birthday cards to an oldman, the next day its making animal abusers wish they were never born. You can never hope to defeat an enemy this seemingly insane yet completely calm and collected. when will the jerkoffs of the world learn that these here internets belong to us, the rest of you are just visiting.

    All glory to ebaumsworld
    We do not forgive
    We do not forget
    Expect us

  7. Thaddyboy says:

    Why don’t they do something productive like attack Glen Beck and Fox News? Feh. The MPAA is sooooo 2005

  8. Joe says:

    I’m guessing the MPAA guys had a nice dinner and a couple of glasses of wine last night while watching this joke unfold. The site is still down because they don’t need to keep it up while a bunch of children pat each other on the back for a DDoS attack that was pointed at a site that doesn’t currently exist. It’s kinda like shooting at a deer that ran out of view an hour earlier.

    • Joe, mpaa.org is still mapped to the IP being attacked, so the attack is happening whether or not the MPAA “takes the site down”. I can assume that you work for the MPAA, so let me add that this strategy is analogous to kneeling to take a down in football… if that’s your only strategy, you still end up losing and giving the attackers exactly what they want.

      • joe says:

        I understand your point but they cannot claim credit for taking the site down and anyone supporting that claim is misinformed. This is a fair strategy for a company that is unprepared to fend off an attack – take the site off-line until you can bring it up again with appropriate protection in place. I do not work for them but am informed about the situation.

        At the end of the day who cares if a bunch of loosers succceed in taking down a website the company feels fine taking down themselves. All of this was a waste of time for everyone involved. With the world as it is today, how about we all do something good, pick your charity or cause and donate some time, food or money.

  9. Justin M says:

    What site or application did that image showing the uptime and response time logs for MPAA.ORG in this article come from? It looks like a really handy tool, where can I find it?



  1. [...] from those claiming to verbalise for Anonymous, a organisation pronounced it is encouraged by protecting a giveaway upsurge of information as good as which copyright is a form of censorship. Copyright owners disagree which these groups [...]

  2. [...] slash-and-burn litigation wrought by the RIAA and MPAA, and has launched DDoS attacks against the MPAA for its anti-piracy tactics.  While not condoning these actions, we certainly understand them – everyone is pissed about [...]

  3. [...] slash-and-burn litigation wrought by the RIAA and MPAA, and has launched DDoS attacks against the MPAA for its anti-piracy tactics.  While not condoning these actions, we certainly understand them – everyone is pissed about [...]

  4. [...] can read about it here and here and here is their page. In short it started in September 2010 as reaction and counterattack against [...]

  5. [...] or offensive to file sharing services or their users, such as those made by Gene Simmons.  It was reported that by October 7, the total downtime for websites targeted by Operation Payback was 537 hours and [...]

  6. [...] ‘anarchist’ world, where movies and music belonged to everyone. They responded with a number of DDoS attacks on studios like Warner [...]

  7. [...] Gene Simmons (advocated suing filesharing individuals into poverty) Downtime: 1 day, 14 hours [...]

  8. [...] Earlier in the year we saw attacks against the RIAA and MPAA by a group known as ’4chan’ for attempting to take down a number of file sharing sites [...]

  9. [...] díky WikiLeaks hodně mluvi o (D)DoS. To, že Operetion Payback byl původně namířen uplně na jiný cíle a v době největšího zajmu o WikiLeaks už běžela skoro čtvrt roku teď vynechme. Objevily se [...]

  10. [...] Panda is tracking the progress of the attacks, as well as the amount of downtime of targeted sites, via its corporate blog here. [...]

  11. [...] original article quoted Panda Security Labs and Torrent Freak, both of which are well respected and widely read, with an awesome reputation for [...]

  12. [...] original article quoted Panda Security Labs and Torrent Freak, both of which are well respected and widely read, with an awesome reputation for [...]

Leave a Reply

You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

  • Become a fan!

    Panda Security on Facebook
  • Blogroll

  • Categories