DOCUMENT: Internet, Crime

Affidavit Details FBI "Operation Payback" Probe

4chan, "Anonymous" targeted over attacks on PayPal

Operation Payback

View Document

PayPal DDoS Attack

DECEMBER 29--As part of an international criminal probe into computer attacks launched this month against perceived corporate enemies of WikiLeaks, the FBI has raided a Texas business and seized a computer server that investigators believe was used to launch a massive electronic attack on PayPal, The Smoking Gun has learned.

The FBI investigation began earlier this month after PayPal officials contacted agents and “reported that an Internet activist group using the names ‘4chan’ and “Anonymous” appeared to be organizing a distributed denial of service (“DDoS”) attack against the company,” according to an FBI affidavit excerpted here.

The PayPal assault was part of “Operation Payback,” an organized effort to attack firms that suspended or froze WikiLeaks’s accounts in the wake of the group’s publication of thousands of sensitive Department of State cables. As noted by the FBI, other targets of this “Anonymous” effort included Visa, Mastercard, Sarah Palin’s web site, and the Swedish prosecutor pursuing sex assault charges against Julian Assange, the WikiLeaks founder.

On December 9, PayPal investigators provided FBI agents with eight IP addresses that were hosting an “Anonymous” Internet Relay Chat (IRC) site that was being used to organize denial of service attacks. The unidentified administrators of this IRC “then acted as the command and control” of a botnet army of computers that was used to attack target web sites.

Federal investigators noted that “multiple, severe DDos attacks” had been launched against PayPal, and that the company’s blog had been knocked offline for several hours. These coordinated attacks, investigators allege, amount to felony violations of a federal law covering the “unauthorized and knowing transmission of code or commands resulting in intentional damage to a protected computer system.”

The nascent FBI probe, launched from the bureau’s San Francisco field office, has targeted at least two of those IP addresses, according to the affidavit sworn by Agent Allyn Lynd.

One IP address was initially traced to Host Europe, a Germany-based Internet service provider. A search warrant executed by the German Federal Criminal Police revealed that the “server at issue” belonged to a man from Herrlisheim, France. However, an analysis of the server showed that “root-level access” to the machine “appeared to come from an administrator logging in from” another IP address.

“Log files showed that the commands to execute the DDoS on PayPal actually came from” this IP, Agent Lynd reported. Two log entries cited in the affidavit include an identical message: “Good_night,_paypal_Sweet_dreams_from_AnonOPs.”

Investigators traced the IP address to Tailor Made Services, a Dallas firm providing “dedicated server hosting.” During a December 16 raid, agents copied two hard drives inside the targeted server. Court records do not detail what was found on those drives, nor whether the information led to a suspect or, perhaps, a continuing electronic trail. In a brief phone conversation, Lynd declined to answer questions about the ongoing denial of service probe.

Search warrant records indicate that agents were authorized to seize records and material relating to the DDoS attacks “or other illegal activities pertaining to the organization “Anonymous” or “4chan.”

A second IP address used by “Anonymous” was traced to an Internet service provider in British Columbia, Canada. Investigators with the Royal Canadian Mounted Police determined that the Canadian firm’s “virtual” server was actually housed at Hurricane Electric, a California firm offering “colocation, web hosting, dedicated servers, and Internet connections,” according to its web site.

FBI Agent Christopher Calderon, an expert on malicious botnets who works from the bureau’s San Jose office, is leading the probe of the second IP (and presumably has seized a server from Hurricane Electric). Hurricane’s president, Mike Leber, did not respond to a message left for him at the firm’s office in Fremont, which is about 20 miles from PayPal’s San Jose headquarters. (5 pages)

Comments (12)

If these Wikileaks are really so bad, you would think that someone in the intelligence community would just go out and smoke these people. One has to wonder if someone inside the administration is behind all of these leaks simply because most occurred during the Bush years?
ejodee, part 2: So, yes, ejodee, we already have google (googag? gooogulag?) creating the search engines for the so-called Homeland Security Apparatus.. which is really scary when you think about how much these companies know about us and don't think anything about violating our right to privacy. Google thinks it owns all the data known to man and has only to finish collecting it and Facebook does stuff that most of it's users have no idea of... we may have won the military side of wwii but I'm afraid we lost to the fascists by joining them to fight their enemy the communists.... it's a brave new world out there!
to: ejodee you are so right! and this is the real face of neo-fascism, it's not just the skinhead militia types, in my old webster's collegiate dictionary from 1978 it defined fascism as a highly nationalistic govt. with a close co-operation between govt. and corporations, a stratifed society, intense repression and retaliation to dissent, etc.. Todays dictionaries have all spun that bit about govt. and corporations to something softer like, " a regulated economy". And our american highschool fairy tale history books don't seem to point out that just before www11 there was a lot of repect for the fascist system among politicians and beaureucrats world wide (though, to be fair, most of them probably didn't lnow about the genocidal aspect- though some may still have applauded that if they had known as human rights have always seemed to take a back seat to power seekers). Remember, it was Thysson Industries that 1st bankrolled Hitler in the beerhall days (and Prescott Bush at Union Bank was indicted for laundering it's money here in the US-that's why the family packed up and left Wall St./DC to hide in the backwaters of Midland, Texas), and Krupp and IG Farben weren't far behind in working with the Nazi's to illegally rebuild the german war machine using the forced slave labor of jews, blacks, gypsies, and other 'non-ayrian types'. I still have to gag bag bile and rage when I see vehicles with the Krupp-Thysson logo on them driving on american highways- I want to ram them off the road, how can anyone worek for such a company unless it's in total ignorance of the background they have!?!? end of part 1
I am tired of corporations deciding what should be legal and what should not. It wouldn't surprise me to see FBIG one day or PCIA. (FBI Google or PayPal CIA)
Wow guys really? Botnets? Do you even know what a botnet is? There were NO botnets involved in the DDoS "attacks"; which also weren't attacks and were not intended to "intentional[ly] damage ... a protected computer system", the only kind of a computer system a DDoS *could* damage is an unprotected one (unless perhaps you have incompetent IT staff, then maybe, but still probably not.) Ugh, why bother the press will learn IT right after Hollywood. >.<
go figure... the federal bureau of idiots use all their man power to go after some teenage emo kids who decide to protest using DDos attacks against sites that are tied into the government. But if it happened to anyone else do you really think they would lift a finger? They are just trying to keep with their corporate agenda: save paypal, screw wikileaks..
Any news on an investigation into the DDoS attacks that were targeting Wikileaks?
Something goes wrong on teh internet, and Anonymous is blamed straight away... find someone else to target.
Thank you Kirby, These people reek of fail.
My computer at work was hit by that 4chan name. It sent me literally hundreds of junk email. Whenever i mark it as spam, it just sends more by another name. I hope they shut them down cause it's a bitch
4Chan is a forum. Not some mailing site. If Anon did hit your email you probably deserved it.
Several Zimbabwe gov websites taken down by Anonymous as raction to lawsuit against newspaper publishing WikiLeaks Cables. Also Webpage of Ministry of finance in Zimbabwe was hacked.