FBI Nabs 14 in 'Anonymous' Hack35 Search Warrants Executed; Records, Computers Seized
The FBI said the suspects hacked the website of payment service PayPal, an intrusion claimed by Anonymous for halting payments to WikiLeaks, which had leaked some quarter-million diplomatic cables (see WikiLeaks' Defense: The DDoS Attack).
Law enforcement authorities also arrested two individuals for other cybercrimes, including one tied to the hacking of an FBI affiliate claimed by another hacking group, LulzSec (see LulzSec: Senate, Sony Hackers Profiled).
The FBI also said Britain's Metropolitan Police Service arrested one person and the Dutch National Police Agency arrested four individuals Tuesday for related cybercrimes. Last month, British police charged an alleged member of LulzSec for instituting a distributed denial of service attack against a London police agency (see Arrested UK Teen Tied to Hacker Groups).
The arrest of the 14 suspects in nine states and the District of Columbia came as law enforcement authorities intensified their investigations into coordinated cyberattacks against major companies and organizations, executing more than 35 search warrants.
According to a federal indictment handed up in San Jose, Calif., PayPal suspended payment services to WikiLeaks after the diplomatic cable leaks. WikiLeaks used the PayPal transactions to receive donations from supporters. WikiLeaks contended suspension of the payment service was a move by PayPal "to economically strangle WikiLeaks," the indictment says.
In retribution, the indictment reads, Anonymous coordinated and executed distributed denial of service attacks against PayPal's computer servers using an open source computer program the group makes available for free download on the Internet. DDoS attacks flood targeted computers and networks with millions of messages, denying service to other users. According to the indictment, Anonymous referred to the DDoS attacks on PayPal as "Operation Avenge Assange." Julian Assange is WikiLeaks' founder.
Prosecutors allege the defendants conspired with others to intentionally damage protected computers at PayPal from Dec. 6 to Dec. 10, 2010. The defendants are charged with various counts of conspiracy and intentional damage to a protected computer.
Named in the indictment are Christopher Wayne Cooper, 23, also known as "Anthrophobic;" Joshua John Covelli, 26, aka "Absolem" and "Toxic;" Keith Wilson Downey, 26; Mercedes Renee Haefer, 20, aka "No" and "MMMM;" Donald Husband, 29, aka "Ananon;" Vincent Charles Kershaw, 27, aka "Trivette," "Triv" and "Reaper;" Ethan Miles, 33; James C. Murphy, 36; Drew Alan Phillips, 26, aka "Drew010;" Jeffrey Puglisi, 28, aka "Jeffer," "Jefferp" and "Ji;" Daniel Sullivan, 22; Tracy Ann Valenzuela, 42; and Christopher Quang Vo, 22. Authorities say one individual's name has been withheld by the court.
Infragard IncidentAgents arrested Scott Matthew Arciszewski, 21, Tuesday on charges of intentional damage to a protected computer in relation to the InfraGard incident. According to a complaint, Arciszewski accessed without authorization the Tampa Bay, Fla., website and uploaded three files on June 21. Arciszewski then tweeted about the intrusion and directed visitors to a separate website containing links with instructions on how to exploit the Tampa InfraGard website. InfraGard is a public-private partnership for critical infrastructure protection sponsored by the FBI with chapters in all 50 states.
In a related complaint unsealed in New Jersey, authorities charged Lance Moore, 21, of Las Cruces, N.M., with stealing confidential business information stored on AT&T's servers and posting it on a public file sharing site. Moore is charged in with one count of accessing a protected computer without authorization.
According to the New Jersey complaint, Moore, a customer support contractor, exceeded his authorized access to AT&T's servers and downloaded thousands of documents, applications and other files that, on the same day, he posted on a public file-hosting site that promises user anonymity. According to the complaint, on June 25, LulzSec publicized that it had obtained confidential AT&T documents and made them publicly available on the Internet. The documents were the ones Moore had previously uploaded.
A charge of intentional damage to a protected computer carries a maximum penalty of 10 years in prison and a $250,000 fine. Each count of conspiracy carries a maximum penalty of five years in prison and a $250,000 fine.
The FBI says more than 75 searches have taken place in the United States as part of the continuing investigations into these attacks. Among the incidents the FBI is investigating is the July 11 breach of the network of the management concern Booz Allen Hamilton, a major Defense Department contractor, in which Anonymous claimed it had pilfered a list of some 90,000 military e-mail addresses and password hashes (see 90K Military E-mail Addresses Said to Be Pilfered). Booz Allen later confirmed the intrusion. Anonymous also has claimed responsibility for intrusions on other websites, including those of MasterCard and Visa.