I was able to find one without too much difficulty (not linking to it though). Pastebin and the like seem to be removing the links almost as quickly as they show up though.
As with everything I've seen from "Anonymous" so far, it's a completely unsophisticated attack. All it does is create an image object in JS and set the src of the image object to the URL to be attacked, with some random garbage appended to confuse naive caching systems. It initially attempts to do this about once every millisecond, but it looks like it will shut itself down if there are too many failed requests.
It's pretty lame. I mean, they're not targeting an especially bandwidth-heavy thing. They're not submitting forms to flood a database or crash an email server. They're not attempting to exploit any vulnerabilities at all. They're literally just trying to spam it for as long as their attention span lasts.
The only thing a network monkey needs to do to mitigate an attack like this one is mount a few nginx proxies to handle anything with the garbage URL attached and then immediately close the connection while letting everything else through.
edit: Hah! The biggest single element on the justice.gov home page is the jquery script it includes, which is almost twice the size of the index page. Anon could have doubled their effectiveness just by sending requests for jquery instead. :-)
There was a similar project a while ago called Lad Vampire (by a group called Artists Against 419) that used to do the same thing to fake baking sites. It was pretty effective and to be honest, it was kind of cool seeing the sites being listed as going down over time.
The advantage of their "unsophisticated" attack is that it works on any website. jquery is often served off CDN, so it might not be a reliable target (for a site-independent attack).
I'm not going to look for the real page because I don't want to take part in the DOS, but simply writing a loop that inserts an img or script tag into a document pointing at the target is all you'd need. Get 1000 people to click your link on Twitter and you have 1000 people making X requests per second... more traffic than the average site can handle.
You might be able to get a thousand clicks, but I can't imagine that a random visitor would keep the page open for very long. But there's no reason for it to look like a hacking tool. By embedding some sticky content, such as a html5/flash game, with the DDOS script running in the background, you'll quickly multiply the impact.
I haven't seen the code in question, but realistically just having lots of people loading a website can act to ddos it, if its servers aren't made to take the load.
As with everything I've seen from "Anonymous" so far, it's a completely unsophisticated attack. All it does is create an image object in JS and set the src of the image object to the URL to be attacked, with some random garbage appended to confuse naive caching systems. It initially attempts to do this about once every millisecond, but it looks like it will shut itself down if there are too many failed requests.
It's pretty lame. I mean, they're not targeting an especially bandwidth-heavy thing. They're not submitting forms to flood a database or crash an email server. They're not attempting to exploit any vulnerabilities at all. They're literally just trying to spam it for as long as their attention span lasts.
The only thing a network monkey needs to do to mitigate an attack like this one is mount a few nginx proxies to handle anything with the garbage URL attached and then immediately close the connection while letting everything else through.
edit: Hah! The biggest single element on the justice.gov home page is the jquery script it includes, which is almost twice the size of the index page. Anon could have doubled their effectiveness just by sending requests for jquery instead. :-)