Hackers Bring Down Mastercard Site

Peter Judge,

Hactivist attack on Mastercard continues reprisals for blocking payments to WikiLeaks

Mastercard’s website was down for a period on Tuesday, in an apparent denial of service attack .

The sporadic loss of service appears to be due to “hacktivists” who previously attacked Mastercard in December, following the finance firm’s refusal to handle donations to the whistleblowing site WikiLeaks. At the time of writing, the site is running again.

Sporadic problems on Mastercard

The attack was from WikiLeaks supporters, according to a tweet claiming responsibility, from @ibomhacktivist:  “MasterCard.com DOWN!!!, thats what you get when you mess with @wikileaks @Anon_Central and the enter community of lulz loving individuals :D”

The hacking group Anonymous led the original strike on Mastercard, directing masses of meaningless traffic to block the site in a “denial of service” attack which also struck at PayPal and the Swiss bank PostFinance for the same reason.

“We’ve seen plenty of headlines over the past couple of months about high profile hacking incidents and unfortunately, the momentum doesn’t seem to be slowing,” said Graham Cluley, senior technology consultant at security firm Sophos.

These attacks are viewed by some as non-violent protests, but are illegal, Cluley said. British police have arrested five  suspects for possible involvement in the earlier attacks.

“This should be a wakeup call for us all when it comes to internet security,” said Cluley. “While there’s obviously a vast contrast between DDoS attacks and the bad guys looking to steal sensitive information for financial gain, the biggest concern is the attitude towards these attacks, with hackers portraying that it’s all a bit of fun.  Companies and computer users mustn’t sit back and laugh along, thinking that these attacks won’t affect them.”

The word “lulz” in @ibomhacktivist’s tweet is reference to the Lulzsec group which disbanded on Saturday, after a 50-day campaign of mischief which included publishing user passwords and personal details online. While some security experts regard Lulzsec’s activity as a useful wake-up call, others believe it overstepped the mark by stealing and exposing personal details.