(Ping! Zine) – The United States Federal Bureau of Investigation is taking a proactive approach towards recent hijackings from the 4chan Anonymous group: “Operation Payback” DDoS attack on PayPal.
“As part of the process of identifying the computer system that I seek to search, I may be forced to check each system belonging to the target customer until I have determined that it is the computer to be searched,” states the author of the FBI’s Affidavit in Support of a Search Warrant.
The DDoS attacks on PayPal came after they refused service to Wikileaks, who used this website service to receive donations that supported the site. The attackers, who have named themselves “Anonymous” and “4chan”, stated their “motivation is a collective sense of being fed up with all minor and major injustices we witness every day,” stated in the FBI affidavit.
PayPal immediately informed the FBI on December 6th, 2010 of the group’s intent. Later that same day the attack began and since that time multiple DDoS attacks against the Paypal website. Even further into the day the Paypal blog was attacked and offline for period of time. Two days later Paypal was attacked again through a large scaled effort, coordinated through several servers belonging to the group “Anonymous.”
Other targets of the group ranged among Visa, Mastercard, Sarah Palin’s web site, and the Swedish prosecutor currently heading the charges against Julian Assange, founder of Wikileaks. “Operation Payback” was an organized effort to attack firms that suspended or even froze Wikileaks’ accounts in the midst of website publication of thousands of sensitive Department of State cables.
On December 9th, Paypal investigators gave FBI agents eight IP addresses that were hosting an “Anonymous” internet relay chat (IRC) site that was used to organize the DDoS attacks. The administrators of the IRC acted as a command center for the group of botnet computers that were used to attack target sites.
The FBI probe, that launched from the field office in San Francisco, and has targeted at least two of those IP addresses, as stated by the affidavit sworn by Agent Allyn Lynd. These attacks could amount to felony violations of Federal Law covering the “unauthorized and knowing transmission of code or commands resulting in intentional damage to a protected computer system.”
One of the IP addresses was traced to Host Europe, a German based ISP, whose server in question belonged to a man from Herrlisheim, France. After analysis of the server it showed a “root-level access” to the server that appeared to be logging in from another server. Two log entries in the affidavit include an identical message: “Good_night,_paypal_Sweet_dream_from_AnnonOPs.”
After investigation, the IP addresses were traced to Tailor Made Services, a Dallas firm that provides dedicated server hosting. During the December 16th raid, agents copied two hard drives inside the target server. The court records have not detailed what was found or is the information led to a suspect or continuing electronic trail.
Another IP address was recently associated with the attacks and traced to a Canadian ISP in British Columbia, and was a virtual server physically hosted through co-location firm Hurricane Electric in their California Data Center. At this time no statements have been made regarding to a raid on this facility.