Federal agents seized two hard drives from a server in a Texas company believed to have been used to launch the DDoS attack against PayPal as part of a pro-WikiLeaks protest.
The
FBI raided a Dallas-based server farm and seized servers used in the
distributed denial-of-service attack against PayPal earlier this month,
according to an affidavit obtained by the
Smoking
Gun Website.
Federal
agents are looking for clues as to the identity of the hackers who orchestrated
the DDoS attack on
PayPal,
according to the affidavit. It is unclear whether the raids were successful in
that regard.
The
FBI began its investigation shortly after the Anonymous group of Internet
activists launched DDoS attacks against PayPal and other financial and
technical service companies for cutting off support to the WikiLeaks site after
it published thousands of secret U.S.
state department cables.
The
PayPal blog was offline for a few hours as part of the DDoS campaign the
Anonymous group called "Operation Payback." Volunteers were
encouraged to download a
point-and-click
DDoS tool to attack PayPal and other targets, including Visa, MasterCard,
Bank of America (earlier this week) and a Swiss bank that froze WikiLeaks
founder Julian Assange's accounts.
FBI
investigators believe that some volunteers used botnets of compromised machines
to launch a more potent assault, according to the affidavit.
"Vigilante
DDoS, a bunch of kids getting together and running a software," is not a
particularly powerful attack because there is not enough volume, Jason Hoffman,
of Joyent, told eWEEK. Attackers would have needed 5 million to 15 million
people all on high broadband connections to "be effective," he said.
PayPal
provided FBI agents with eight IP addresses of servers that were used to run
IRC chat servers associated with planning the Operation Payback attacks,
according to the affidavit. Investigators believed the same systems were used
as command and control hubs for botnets used during the DDoS attacks.
According
to the affidavit, "multiple, severe DDoS attacks" had been launched
against PayPal, which amount to felony violations of a federal law covering the
"unauthorized and knowing transmission of code or commands resulting in
intentional damage to a protected computer system."
One
IP address was traced to Host Europe, a Germany-based Internet service
provider. The server in question turned out to belong to a man from Herrlisheim,
France, but the root-level
access to the machine appeared to be from a remote user with administrator
access, said the affidavit. The log files indicate the commands to execute
the attack came from a remote address, which led investigators to hosting firm
Tailor Made Services in Dallas.
Investigators
believe the command to launch the attack was made on Tailor Made Services
systems and relayed to a server in Germany to hide its origin.
A
pair of log entries on the compromised Host Europe machine contained the same
message: "Good_night,_paypal_Sweet_dreams_from_AnonOPs," according to
a sworn statement from FBI agent Allyn Lynd.
Agents
raided Tailor Made Services on Dec. 16 after getting a search warrant based on
the affidavit. Agents copied two hard drives from the targeted server during
this raid, according to Smoking Gun. There is currently no information
available about what was found on the drives.
Another
IP address associated with the attacks was traced to a Canadian ISP in British
Columbia, which was actually a virtual server physically hosted at
California-based "co-location" firm Hurricane Electric. There is no
information as to whether the company had been raided by agents at this time.
Email
Print
