Following the arrest in the Netherlands of two teenagers involved in last week's distributed denial of service attacks against MasterCard, lawyers tell young hackers to be aware of the law.
Online vigilantes have taken to their keyboards
On Saturday, a second Dutch teenager, 19, was arrested for having been part of a cyberattack that targeted the Dutch Public Prosecutor's website.
The prosecutor's site became a target after the Dutch prosecutor arrested another Dutch teenager, 16, who had joined an online "hacktivist" attack in the name of WikiLeaks.
This is just the latest in a series of attacks against perceived enemies of WikiLeaks largely by a group of its supporters, a shadowy online vigilante group that calls itself Anonymous.
"Any individual, organization, corporation, and/or government entity which supports Freedom of Speech and a Free Internet is an ally of Anonymous," the organization said on its website. "If you work to suppress Freedom of Expression and a Free Internet your efforts will be halted."
The group is more like a semi-controlled herd rather than a traditional heirarchical organization - it does not have clear leadership or direction. Previously, it targeted the Church of Scientology and the website of the Recording Industry Association of America.
But now that some have been caught for their alleged crimes, it may serve as a legal warning shot to those who feel that they can hide in this hacktivist huddle.
This time around, in response to the WikiLeaks case, Anonymous followers have been using a computer application known as Low Orbit Ion Canon (LOIC). Using this software, these hacktivists, managed to temporarily disable a number of major financial companý websites, including MasterCard's.
The software used in the attacks was originally designed to help protect websites by testing their penetrability, but when pointed at an unsuspecting site it has the reverse effect.
When used en masse, it is a crude but simple way to create a DDOS, or distributed denial of service attack, which floods websites with high level of artificial traffic, making them temporarily slow or more often, unusable.
WikiLeaks founder Julian Assange, has neither condoned nor condemned the denial of service attacks
Eddy Willems, the spokesperson for tthe European Expert Group for IT Security told Deutsche Welle that there isn't much to the application, which he describes as a "pretty screen" with some buttons to press.
Yet the flood module, which crafts packets to send to the target to deal with, can be quite debilitating.
"When you get enough people doing this," he said, "something has to give. In this case it's the targets' websites."
The war is not over
If Anonymous is to be believed, they will keep on bringing these kinds of online attacks as long as there are enough WikiLeaks supporters on board to bring it about. As far as they are concerned, it is a matter of principle.
But legal experts are now warning hot-blooded young activists to be aware of where their principle might land them, for to use LOIC to launch an attack is to misuse it, and that can have very serious consequences.
"Users are putting themselves at risk," Willems continued. "They are not real cyber criminals and they don't realize that they could be sent to prison for this kind of thing."
This is the same type of attack that was used against Estonia in 2007, although the Estonian one did not involve the use of a software application, but rather through more organized botnets.
Estonian government officials suspected that the Russian government was somehow involved in attacking Estonian financial and political websites, but in the end, only one Estonian citizen was punished, who had to pay a relatively small fine.
MasterCard was one of the hacktivists' targets
In some cases, finding users is not difficult as was the case of the 19-year-old Dutch teenager who was arrested on Saturday - as he had neglected to mask his IP address, making it relatively simple for law enforcement to find him.
Depending on the protective measures users take, its perpetrators can be easily traced within the space of a day or even just a couple of hours, something which begs the question as to why Anonymous has chosen the approach it has.
One suggestion is that the LOIC application is easy to come by and easy to use, while another is simply that hacktivists are naive.
While the first Dutch teenager was released, the younger boy remains in detention over what a spokesman for the Dutch prosecutors described as potentially more serious violations.
Some observers believe the two boys will be among a handful likely to be singled out and held up as a deterrent to more DDOS attacks of this nature.
However, Izaz Ali, a British attorney specializing in Internet law, told Deutsche Welle that in the case of Britain there could be more wide-spread arrests.
"We're talking here about the Computer Misuse Act," he said. "The government will be forcing the police to look into this."
Using LOIC in a similar fashion may also violate similar statutes in Germany and the Netherlands.
The future for blue-eyed hackers?
Contrary to some reports, Ali says it is not illegal to download the software, as long as it is not used for anything other than it was originally intended.
"It is no different from using Microsoft Word to write something that causes damage to someone else, a computer virus for example."
Damage is the main issue here - if these attacks were simply a case of tit-for-tat that did not affect the possibility to legitimately use affected sites, the lawyer says it would be a different story.
In other words, Ali advocates actual old-fashioned street protests to protest their cause in time-honored style.
"Do it the old way," he said, adding that these kinds of modern cyber attacks are harmful to people who might even share the same views.
"They see they are showing people that the leaks are a good thing, but they are going to cause problems for a lot of people, and this is a bad thing."
Reporter: Tamsin Walker
Editor: Cyrus Farivar