Breach, Data Security, Network Security, Network Security, Threat Management

FBI charges Anonymous members with PayPal DDoS


The FBI on Wednesday charged 14 people, mostly twenty-somethings, for their alleged involvement in an Anonymous-inspired attack on the PayPal website in December.

The hackivist collective Anonymous issued a call to arms last year after a number of corporate websites, including Visa and MasterCard, cut ties with WikiLeaks after the whistleblower group published secret U.S. diplomatic cables, some of which exposed government wrongdoing. In the case of PayPal, the online payment company severed its relationship with WikiLeaks after claiming the organization violated its terms of service.

The defendants, who live in nine states and the District of Columbia, were charged with damaging a protected computer and conspiracy, according to the U.S. Department of Justice.

MORE: View the Department of Justice press release, which includes the names of the defendants
Prosecutors said the defendants, between Dec. 6 and 10, launched distributed denial-of-service (DDoS) attacks against the PayPal site, parts of which became overwhelmed by the rogue traffic.

Interviewed by in the midst of the attacks last year, Panda Labs' threat researcher Sean-Paul Correll explained how simple it was for the perpetrators to participate.

"They [Anonymous] have a specific DDoS tool they developed which allows virtually anyone with no [technical] knowledge to involve themselves in the DDoS attacks," Correll said.

Participants just need to download software, enter the command-and-control information into the program and connect, he said.

The software promoted by Anonymous is the Low Orbit Ion Cannon, which actually is an open-source network stress tool that can double as a program that sends large chunks of traffic to overwhelm web servers.

In addition to the 14 arrests, prosecutors in New Jersey on Tuesday also unsealed a complaint against Lance Moore, 21, of Las Cruces, N.M. He is charged with stealing internal data stored on AT&T's servers and posting it to a file-sharing site. Moore was a customer support contractor who exceeded his authorized privileges to siphon the files, prosecutors said.

They said the documents then were published by Anonymous offshoot LulzSec, one of the final caches dumped by the group before it announced its retirement in late June.

LulzSec, however, appears to have returned, claiming responsibility Monday with defacing the home page of the Rupert Murdoch-owned The Sun newspaper with a story purporting the embattled media mogul had been found dead.

LulzSec also briefly redirected people visiting the newspaper to its Twitter account. The group also said it obtained and planned to soon release emails belonging to employees at The Sun and the now-defunct News of the World, which is also owned by Murdoch.

Also on Tuesday, federal authorities charged a 21-year-old with accessing the Tampa Bay (Fla.) InfraGard Group to upload three malicious files, prosecutors said. The man, Scott Arciszewski, then tweeted instructions on how followers could exploit the InfraGard chapter's website.

But despite all of the arrests, the enforcement actions likely will do little to end what has been a dizzying string of politically motivated breaches, industry observers said.

"It's likely that the people arrested are merely pawns, and while they may be made an example of, their arrests will likely have little-to-no-short term impact on the hacktivist attacks," said Andrew Herlands, who directs security strategy at Application Security Inc.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.