Tech | December 29, 2010 | 13 comments

Affidavit Details FBI "Operation Payback" FBI Probe: 4chan, "Anon" targeted DDoS attacks on PayPal

source: http://www.thesmokinggun.com/documents/internet/affidavit-details-fbi-operation-payback-probe

Image
gerardange
DECEMBER 29--As part of an international criminal probe into computer attacks launched this month against perceived corporate enemies of WikiLeaks, the FBI has raided a Texas business and seized a computer server that investigators believe was used to launch a massive electronic attack on PayPal, The Smoking Gun has learned.

The FBI investigation began earlier this month after PayPal officials contacted agents and “reported that an Internet activist group using the names ‘4chan’ and “Anonymous” appeared to be organizing a distributed denial of service (“DDoS”) attack against the company,” according to an FBI affidavit excerpted here.

The PayPal assault was part of “Operation Payback,” an organized effort to attack firms that suspended or froze WikiLeaks’s accounts in the wake of the group’s publication of thousands of sensitive Department of State cables. As noted by the FBI, other targets of this “Anonymous” effort included Visa, Mastercard, Sarah Palin’s web site, and the Swedish prosecutor pursuing sex assault charges against Julian Assange, the WikiLeaks founder.

On December 9, PayPal investigators provided FBI agents with eight IP addresses that were hosting an “Anonymous” Internet Relay Chat (IRC) site that was being used to organize denial of service attacks. The unidentified administrators of this IRC “then acted as the command and control” of a botnet army of computers that was used to attack target web sites.

Federal investigators noted that “multiple, severe DDos attacks” had been launched against PayPal, and that the company’s blog had been knocked offline for several hours. These coordinated attacks, investigators allege, amount to felony violations of a federal law covering the “unauthorized and knowing transmission of code or commands resulting in intentional damage to a protected computer system.”

The nascent FBI probe, launched from the bureau’s San Francisco field office, has targeted at least two of those IP addresses, according to the affidavit sworn by Agent Allyn Lynd.

One IP address was initially traced to Host Europe, a Germany-based Internet service provider. A search warrant executed by the German Federal Criminal Police revealed that the “server at issue” belonged to a man from Herrlisheim, France. However, an analysis of the server showed that “root-level access” to the machine “appeared to come from an administrator logging in from” another IP address.

“Log files showed that the commands to execute the DDoS on PayPal actually came from” this IP, Agent Lynd reported. Two log entries cited in the affidavit include an identical message: “Good_night,_paypal_Sweet_dreams_from_AnonOPs.”

Investigators traced the IP address to Tailor Made Services, a Dallas firm providing “dedicated server hosting.” During a December 16 raid, agents copied two hard drives inside the targeted server. Court records do not detail what was found on those drives, nor whether the information led to a suspect or, perhaps, a continuing electronic trail. In a brief phone conversation, Lynd declined to answer questions about the ongoing denial of service probe.

Search warrant records indicate that agents were authorized to seize records and material relating to the DDoS attacks “or other illegal activities pertaining to the organization “Anonymous” or “4chan.”

A second IP address used by “Anonymous” was traced to an Internet service provider in British Columbia, Canada. Investigators with the Royal Canadian Mounted Police determined that the Canadian firm’s “virtual” server was actually housed at Hurricane Electric, a California firm offering “colocation, web hosting, dedicated servers, and Internet connections,” according to its web site.

FBI Agent Christopher Calderon, an expert on malicious botnets who works from the bureau’s San Jose office, is leading the probe of the second IP (and presumably has seized a server from Hurricane Electric). Hurricane’s president, Mike Leber, did not respond to a message left for him at the firm’s office in Fremont, which is about 20 miles from PayPal’s San Jose headquarters. (5 pages)
  1. groups:
    Community,   News and Politics,   Tech,   Collective Journalism,   2 more
  2. tags:
    Internet Hackers Internet Security DoS 1 more
  3.     
    |

13 comments // Affidavit Details FBI "Operation Payback" FBI Probe: 4chan, "Anon" targeted DDoS attacks on PayPal

  • gerardange
    • +1
      gerardange  

    • QUESTION: Which is Worse???

      A "Temporary DDoS Attack". Or.... Ongoing corrupt corporations have taken over all branches of our government? Corporate corruption so deeply embedded into our government that they now openly conspire against it's own citizens.

      As they allow Monsanto to conspire against our safety and our right to choose content and ingredients of genetically modified food now hidden on labeling that we are all now forced to eat it. Conspiring against it's own citizens with the Installation of the Patriot Act 1 & 2... and with the removal of the right of Habeas Corpus.

      Allowing Corporations like MORGAN STANLEY & BANK OF AMERICA and others whose leaders live like royalty on billions of profits from all our dollars and even more Billions from Bailout Bonuses... As they continue to foreclose on our homes, forcing good hard working families out on to the streets!

      Watch as our US Military serves only one master = The "Military Industrial Arms Complex". The MIAC is now what dictates our Foreign Policy. As its enormous thirst for wealth, sucks the money out of all our pockets... and every penny from our schools & hospitals. The MIAC and, its government counter-part "Project For a new American Century" PNAC along with Corporations like Halliburton and bankers working together have all hijacked our country and our Government and have locked all it's citizens in the trunk.

      Corporations whose leaders... DEMAND our Austerity, DEMANDING that we all live with LESS.... So that they all can continue to live with MORE!

      -------------------- OUR RIGHT TO PROTEST ---------------------
      We are all living in historic times... Times when, "we all" need to do historic things.

      (1) When citizens need to exercise their right to protest, and to sit in the streets and voice their "OBJECTION and DEMAND that their voices BE HEARD. As in all marches and protests street traffic "always is temporarily impeded " ... So stopping traffic is nothing new?

      (2) We live in the age of the internet, where today.... with technology that is as common place with many people to protest on the internet as it is to protest in the street! Surfing the internet to a websites to voice your objection is also a matter of free speech. As just as valid of method of protesting on the streets of the internet ~ Temporally stopping cyber-traffic with temporary DDoS protests. This is also a valid act of protest by organized citizens in mass clicking all targeted websites on buttons and opening and closing all pages... causing an overload and crashing the system. ~ So there is no difference... Internet Traffic or street traffic... The results are both the same.= A temporary disruption in the flow of daily traffic. These are both valid forms of civil protest.

      So which is more important... Our Freedoms & Our Rights or, Fascism ?

      "The elimination of the so-called subversive elements. [...] They were elements of disorder and subversion." [end quote] Benito Mussolini ~

      If you want to live in a world like Benito Mussolini~ Then, the "Iron Fist - would be your solution of choice! = To Arrest and to Prosecute.

      Fascism & Acts of Oppression have no place in our society ...

      IF IT TAKES BLOCKING THE TRAFFIC IN THE STREETS... AND/OR.... TEMPORALLY BLOCKING THE TRAFFIC ON THE INTERNET ~ TO STOP FASCISM THEN... SO BE IT!

      You are either part of the solution... or, part of the problem. That is also your choice.

      Paisano1@ { All this "CRAP" that you are posting all over the internet....
      [quote] "Anonymous Movement is Fueled by Cowardice" [end quote]
      ~ Those are words you are using are all rooted in Fascism !

      Calling someone Cowardice as you have done...as you sit with Friends at
      "HomeLand Security. I would guess these guys you are talking about have got much bigger balls than you do !

      We elect Governments, not to dictate our freedoms, but to support our liberty. They serve us, we do not serve them.

    • 1 year ago
  • JaneBond007
    • 0
      JaneBond007  

    • Ahm... does that group is the same group who sabotage my email ad jzbond007@yahoo.com? I mean, are they the one who stole my identity? There are plenty of computer hackers who stole transactions even in Money Bank Wire Transfer.

    • 1 year ago
  • Paisano1
  • Reanimated_Residue_Mediagrouptm
    • 0
      Reanimated_Residue_Mediagrouptm  

    • Dumb ass corporate pigs, they are rounding up the kiddies to smack their little bottoms.

      Like this is going to be good image boosting for those who were ass raped by anon's operation.

      The coppers are paid by the corporation's now but are licensed by the people. Time we with draw the social contract as copper are operating under a breeched contract.

      Power to the people.

    • 1 year ago
  • good_stuff
    • +1
      good_stuff  

    • I have a feeling that it will be very hard to convict any of the individuals involved even if they find out who they are. The attacks didn't cause any permanent damage, but are simply akin to a peaceful protest/sit-in, which may have inconvienenced companies/individuals but didn't hurt anything.

      Jury's are typcially composed of really stupid people, so unless somebody confesses the Jury will never be able to understand the link to individuals. They may convict based on "beleiving the prosecuter", but that is not beyond a reasonable doubt in my mind.

      The bigger question is, who launched the DDOS attacks on Wikileaks before all this happened? I take it there won't be an investigation into that.

    • 1 year ago
  • adamvelvetu
  • gerardange
  • PressCore
    • +1
      PressCore  
    • gerardange:

      Your posts give new meaning to the phrase, read the fine print. I had to
      zoom it to a 200% magnification to read it. But then, being a sleuth, I
      always keep my meershaum & 30 power magnifying lens handy so that
      I won't miss anything.

    • 1 year ago
  • gerardange
    • +1
      gerardange  
    • PressCore:

      Sorry about that... No meershaum & 30 power magnifying glass needed. Try clicking on the image. You can also go to the link and print all of them..

      VERY ODD: MISSING PAGES?

      There are only 5 pages it is odd why the rest of the documents are not here? Why are they not shown?

    • 1 year ago
  • gerardange
  • gerardange
  • gerardange
  • gerardange
more from Tech:
from the community

top videos