The FBI raided Dallas-based Tailor Made Services, an Internet hosting company, and seized one of its servers as part of an international criminal investigation into cyber attacks against online payments firm PayPal.
The cyber attacks were part of “Operation Payback,” which organized distributed denial of service (DDoS) attacks in retaliation for their refusal to do business with secrets outlet WikiLeaks. Internet activists associated with the group “Anonymous” attacked PayPal numerous times after the company refused to process donations on WikiLeaks behalf, briefly knocking the company’s blog offline.
According to an FBI affidavit obtained by The Smoking Gun, federal agents launched an investigation into the attacks against PayPal in early December, after the company contacted the agency. PayPal provided the FBI with eight Internet protocol (IP) addresses that were hosting an Internet relay chat (IRC) site used by “Operation Payback” to organize attacks.
One of these IP addresses was traced to Tailor Made Services. Investigators then copied the contents of two company hard drives during a Dec. 16 raid.
A second IP address was traced to a server owned by Fremont, California-based Hurricane Electric, a web-hosting company.
The DDoS attacks against PayPal violated federal laws against “unauthorized and knowing transmission of code or commands resulting in intentional damage to a protected computer system,” according to the FBI.
DDoS attacks flood websites with meaningless web traffic to slow them down and can sometimes knock websites offline entirely.
Using a piece of old server stress-testing software called “Low Orbit Ion Cannon” (or “LOIC,” a name taken from PC strategy game Command and Conquer), participants in “Operation Payback” point their Internet connections at a server and begin sending requests. If enough people join in, the servers can ultimately be overwhelmed by traffic, resulting in a denial of service to other users.
In addition to attacking PayPal, participants in “Operation Payback” have attacked the websites of Mastercard, Visa, Sarah Palin, and the Swiss bank PostFinance.
At least one arrest has been made in a separate investigation of the DDoS attacks.
On December 9th, a 16-year-old boy was arrested by Dutch authorities for his participation in “Operation Payback” and could face up to six years in prison if convicted.
Unconfirmed sources told TorrentFreak that the teenager operated an “Operation Payback” chat room and was known under the nickname “Jeroenz0r.”
“[Attacks] generated by this tool are relatively simple and unveil the identity of the attacker,” they wrote. “If hacktivists use this tool directly from their own machines, instead of via anonymization networks such as Tor, the Internet address of the attacker is included in every Internet message being transmitted.”
Operating the LOIC directly, they said, is akin to “overwhelming someone with letters, but putting your address at the back of the envelope.”
“I don’t think that their attacks are necessarily illegal or immoral,” Evgeny Morozov, a visiting scholar at Stanford University, wrote at Foreign Policy magazine. “As long as they don’t break into other people’s computers, launching DDoS should not be treated as a crime by default; we have to think about the particular circumstances in which such attacks are launched and their targets.”
“I like to think of DDoS as equivalents of sit-ins: both aim at briefly disrupting a service or an institution in order to make a point. As long as we don’t criminalize all sit-ins, I don’t think we should aim at criminalizing all DDoS,” he said.