denial of service
In the early hours of this morning, the FBI executed search warrants at to gather evidence at the homes of alleged members of the Anonymous hacktivist group.
According to a Fox News report, two homes in Long Island, New York, and one in Brooklyn, were searched by FBI agents looking for evidence that computers at the addresses had been used in distributed denial-of-service (DDoS) attacks against a number of websites.
Computer equipment is said to have been removed from the home of Giordani Jordan in Baldwin, Long Island by FBI agents.
In recent months, a number of high profile websites (including those belonging to Mastercard, Visa and the Recording Industry Association of America) were blasted off the internet in a series of DDoS attacks, with different computers scattered across the world deployed to bombard targeted sites with traffic using a tool called LOIC.
However, the Low Orbit Ion Cannon (LOIC) tool doesn’t do a very good job of covering the tracks of attackers – making it potentially easy for computer crime authorities to track those behind the attacks.
The raids in New York followed just hours after hackers launched an attack against The Sun newspaper, redirecting visitors to a false news story that News Corporation CEO Rupert Murdoch had been found dead.
Facilitating or conducting a DDoS attack is illegal in many countries around the world, and in the United States is punishable by up to 10 years in prison and considerable fines.
15 people, suspected of involvement in the Anonymous hacktivism movement which has launched a series of internet attacks, were arrested earlier this week following raids in Italy and Switzerland.
According to media reports, a 26-year-old Swiss-Italian called “Phre”, based in Canton Ticino, was amongst those detained and charged. It is alleged that “Phre” was a senior member of the group, who approved companies for the hackers to target.
The Italian branch of Anonymous is suspected of bombarding government, business and media websites with denial-of-service attacks, with victims including the Italian senate, energy firm ENI, defence firm Finmeccanica, and financial institution UniCredit.
A total of 32 homes in Italy and Switzerland were searched by police as part of the investigation, with those detained aged between 15 and 28 years of age. Dozens more people are believed to still be being investigated.
A statement published on an Anonymous website, however, played down the significance of the arrests.
The “press release” underlined the lack of structure inside Anonymous, and denied reports that the entire Italian Anonymous network had been dismantled:
Those arrested are not "dangerous hackers" as the media calls them, but people like you. They have been arrested while peacefully protesting for there and your rights. Our protest will continue louder than ever.
The Italian Anonymous have not fallen because of this cowardly attempt to dismantle them and announce consequences for there actions taken by the police, to demonstrate that anonymous is present and fights on, like it did in the past and will in the future, for the freedom of the internet.
I’m not sure those words will be much comfort to those who have been arrested by the Italian authorities. Right now, they may well be reflecting on whether participating in a denial-of-service attack is illegal or not.
The international investigation into the notorious LulzSec hacking gang continues, with news that FBI agents have searched a house in Hamilton, Ohio.
According to local media reports, federal agents are said to have searched a teenager’s home in Jackson Road, Hamilton, although no-one was charged after the search warrant was served.
Whether the FBI was acting upon information gleaned from Ryan Cleary, the British teenager who was charged last week in relation to a series of denial-of-service attacks, is unclear.
However, there is speculation that US law enforcement officers may have been acting in part based upon information released by the LulzSec group earlier this group, outing members believed to have leaked the group’s private online chat logs.
A June 21st posting by LulzSec on PasteBin claimed to reveal the true identities of members who called themselves “m_nerva” and “hann”. Apparent real names and addresses were given for both individuals by LulzSec who said:
"These goons begged us for mercy after they apologized to us all night for leaking some of our affiliates' logs. There is no mercy on The Lulz Boat."
In m_nerva’s case, his address was listed by LulzSec as being in Hamilton, Ohio.
A tweet published at the same time as the information was posted indicated that there was little love between LulzSec members and the member they believed had snitched on them.
Hackers, eh? You just can’t trust ‘em..
With rival hackers apparently turning on each other, and with law enforcement agencies around the world on their tail, it certainly feels as if those who sailed on the Lulz Boat may not be quite so merry as they once were.
FOR LATEST NEWS ON SCAM, SPAM ALERTS, HACKING, TECHNOLOGY NEWS. PLEASE
The British 19-year-old arrested on Monday nightin connection with a series of internet attacks has been formally charged and is scheduled to appear in court tomorrow.
Ryan Cleary, of Wickford, Essex, has been charged with offences under the Criminal Law Act and Computer Misuse Act by PCeU officers (Police Central e-Crime Unit).
The charges claim that he built a botnet to launch distributed denial-of-service attacks against the likes of the Serious Organised Crime Agency, the International Federation of the Phonographic Industry (IFPI) and the British Phonographic Industry (BPI).
There has been speculation in the media that Cleary might also have been involved in internet attacks by the LulzSec group against websites belonging to Sony and the CIA, but at the moment it appears he is being called to answer questions against British websites.
Cleary is is due to appear at City of Westminster Magistrates Court on Thursday. More details about the charges against him are available in apress release issued by the Metropolitan Police.
You may also wish to read a report from The Daily Telegraph, which contains some suggestions that Cleary has lead a troubled life.
Finding himself at the centre of a high profile cybercrime case is probably the last thing that he needed.
A court in Düsseldorf, Germany, has convicted a man who extorted money out of online gambling websites in the run-up to the 2010 Football World Cup in South Africa.
The Frankfurt man, who has not been identified, successfully blackmailed three online betting sites (and attempted to extort money from three others) by threatening them with distributed denial-of-service (DDoS) attacks which could have blasted them off the internet.
According to German media reports, the blackmailer hired a botnet for $65 per day and told the betting firms that he would make their websites unavailable during July 2010 – the month of the World Cup – if they did not pay him 2,500 Euros ($3,700).
When three of the sites refused to pay any money, the man reduced the ransom to 1,000 Euros.
This isn’t the first time, by any means, that denial-of-service attacks have been used to blackmail online gambling websites in the run-up to a major sporting event. For instance, in 2006 a Russian gang who were said to haveextorted $4 million from British bookmakers were sentenced to jail.
As more and more firms rely on internet visitors for their revenue, so the potential impact that can be caused by a denial-of-service attack increases. It’s sadly no surprise, therefore, that some cybercriminals will see it as a way to make money.
The German authorities should be congratulated on their successful conclusion to this investigation. The man has now been sentenced to two years and 10 months in prison, and was ordered to pay up to 350,000 Euros ($504,000) in damages to the affected firms.
My guess is that he’s unlikely to be sending significant traffic to any websites anytime soon.