[thaumaturgy]

I was able to find one without too much difficulty (not linking to it though). Pastebin and the like seem to be removing the links almost as quickly as they show up though.

As with everything I've seen from "Anonymous" so far, it's a completely unsophisticated attack. All it does is create an image object in JS and set the src of the image object to the URL to be attacked, with some random garbage appended to confuse naive caching systems. It initially attempts to do this about once every millisecond, but it looks like it will shut itself down if there are too many failed requests.

It's pretty lame. I mean, they're not targeting an especially bandwidth-heavy thing. They're not submitting forms to flood a database or crash an email server. They're not attempting to exploit any vulnerabilities at all. They're literally just trying to spam it for as long as their attention span lasts.

The only thing a network monkey needs to do to mitigate an attack like this one is mount a few nginx proxies to handle anything with the garbage URL attached and then immediately close the connection while letting everything else through.

edit: Hah! The biggest single element on the justice.gov home page is the jquery script it includes, which is almost twice the size of the index page. Anon could have doubled their effectiveness just by sending requests for jquery instead. :-)

[narcissus]

There was a similar project a while ago called Lad Vampire (by a group called Artists Against 419) that used to do the same thing to fake baking sites. It was pretty effective and to be honest, it was kind of cool seeing the sites being listed as going down over time.

[thyrsus]

"fake banking". The trip to urban dictionary for "fake baking" didn't turn up anything plausible.

[cpeterso]

The advantage of their "unsophisticated" attack is that it works on any website. jquery is often served off CDN, so it might not be a reliable target (for a site-independent attack).