The opening salvo in a war between the FBI and a computer hacking group titled “Anonymous” has been fired. Fourteen individuals were arrested by agents on charges related to their alleged involvement in a cyber attack on PayPal’s website.
The alleged cyber attacks were conducted against Paypal for blocking donations to WikiLeaks, a whistleblower website headed by Julian Assange. People with documents outlining government or business corruption are invited to submit information for anonymous publication.
Paypal blocked donations to Wikileaks after U.S. government secrets, including U.S. State Department cables, were exposed on the site.
Arrested On July 19, by the FBI are: Christopher Wayne Cooper, 23, aka “Anthrophobic;” Joshua John Covelli, 26, aka “Absolem” and “Toxic;” Keith Wilson Downey, 26; Mercedes Renee Haefer, 20, aka “No” and “MMMM;” Donald Husband, 29, aka “Ananon;” Vincent Charles Kershaw, 27, aka “Trivette,” “Triv” and “Reaper;” Ethan Miles, 33; James C. Murphy, 36; Drew Alan Phillips, 26, aka “Drew010;” Jeffrey Puglisi, 28, aka “Jeffer,” “Jefferp” and “Ji;” Daniel Sullivan, 22; Tracy Ann Valenzuela, 42; and Christopher Quang Vo, 22. One individual’s name has been withheld by the court, according to the FBI.
The governments in Great Britain and the Netherlands arrested four individuals for alleged related cyber crimes.
According to the FBI and the San Jose indictment, in late November 2010, WikiLeaks released a large amount of classified U.S. State Department cables on its website. Citing violations of the PayPal terms of service, and in response to WikiLeaks’ release of the classified cables, PayPal suspended WikiLeaks’ accounts so that WikiLeaks could no longer receive donations via PayPal. WikiLeaks’ website declared that PayPal’s action “tried to economically strangle WikiLeaks.”
The San Jose indictment alleges that in retribution for PayPal’s termination of WikiLeaks’ donation account, a group calling itself Anonymous coordinated and executed distributed denial of service (DDoS) attacks against PayPal’s computer servers using an open source computer program the group makes available for free download on the Internet. DDoS attacks are attempts to render computers unavailable to users through a variety of means, including saturating the target computers or networks with external communications requests, thereby denying service to legitimate users. According to the indictment, Anonymous referred to the DDoS attacks on PayPal as “Operation Avenge Assange,” according to the FBI.
In addition to the activities in San Jose, Scott Matthew Arciszewski, 21, was arrested today by FBI agents on charges of intentional damage to a protected computer. Arciszewski is charged in a complaint filed in the Middle District of Florida and made his initial appearance this afternoon in federal court in Orlando, Fla.
According to the complaint, on June 21, 2011, Arciszewski allegedly accessed without authorization the Tampa Bay InfraGard website and uploaded three files. The complaint alleges that Arciszewski then tweeted about the intrusion and directed visitors to a separate website containing links with instructions on how to exploit the Tampa InfraGard website. InfraGard is a public-private partnership for critical infrastructure protection sponsored by the FBI with chapters in all 50 states.
Also today, a related complaint unsealed in the District of New Jersey charges Lance Moore, 21, of Las Cruces, N.M., with allegedly stealing confidential business information stored on AT&T’s servers and posting it on a public file sharing site. Moore was arrested this morning at his residence by FBI agents and is expected to make an initial appearance this afternoon in Las Cruces federal court. Moore is charged in with one count of accessing a protected computer without authorization.
According to the New Jersey complaint, Moore, a customer support contractor, exceeded his authorized access to AT&T’s servers and downloaded thousands of documents, applications and other files that, on the same day, he allegedly posted on a public file-hosting site that promises user anonymity. According to the complaint, on June 25, 2011, the computer hacking group LulzSec publicized that they had obtained confidential AT&T documents and made them publicly available on the Internet. The documents were the ones Moore had previously uploaded.
The charge of intentional damage to a protected computer carries a maximum penalty of 10 years in prison and a $250,000 fine. Each count of conspiracy carries a maximum penalty of five years in prison and a $250,000 fine.