Having been DDOS'd a couple of times ourselves (by Russian criminal gangs), we're not really big fans of DDOS attacks as an instrument of policy. And while Anonymous's collective heart is often in the right place, some of its members seem not to be exactly the quickest little ponies on the track. Point-and-click denial-of-service tools in the hands of the clueless: what could possibly go wrong?

Well, this: someone set up an unofficial 'mirror' of the Wikileaks site at wikileaks.info, a server leased from an outfit called Heihachi Ltd whose main line of business seems to be hosting phishing sites, malware downloads and carder sites. Various security organizations, including Spamhaus and TrendMicro warned against visiting wikileaks.info on the grounds that a netblock entirely run by criminals may not be the best place to go for your political news and that anyone visiting the site could expose themselves to malware or other threats.

The owner of wikileaks.info (who is not a member of Wikileaks: in fact, wikileaks.info is not even listed as an authorized Wikileaks mirror on the actual Wikileaks site at wikileaks.ch) issued a 'press release' using the Wikileaks logo and calling on Wikileaks supporters to 'voice their concern' about the Spamhaus warnings. Someone at AnonOps then decided that the most effective way to express their concern was by turning their DDOS tool, the Low Orbit Ion Cannon (LOIC) on Spamhaus, one of the Internet's most unambiguously white-hat organizations. Spamhaus is now off the Internet, and scammers and criminals everywhere are presumably exchanging high-fives and giggling hysterically.

So, Anonymous, if you're reading this, you've been played. Now turn that shit off and learn to tell the good guys from the bad guys before you pull the trigger again.

CORRECTION - 12/20/2010: It now seems that Spamhaus was not attacked by Anonymous. According to an update put out by Spamhaus, the attack turns out to have originated from a professional botnet, not the LOIC. The finger of suspicion now points at the Heihachi gang themselves. The attack must have been fairly substantial to actually take Spamhaus down, as it's an almost daily target for DDoS attacks, most of which it is able to handle without trouble.

Spamhaus continues to warn against visiting the wikileaks.info site because of its associations with Heihachi Ltd. Suspicions about the wikileaks.info site are in fact increased by the fact that the intense DDoS attack against Spamhaus may be a response to their warning about the site.

Apologies to Anonymous, and thanks to the alert reader who let me know about the update from Spamhaus.