Spanish police have detained three men they believe to be members of the hackers collective “Anonymous,” according to news reports.
Authorities believe the trio took part in a number of DDoS (distributed denial-of-service) attacks against Sony PlayStation Network and government Websites in Algeria, Chile, Colombia, Egypt, Iran, Libya and New Zealand, Spain’s national police said in a statement June 10. The three men also allegedly attacked Spanish government, law enforcement, banking and media sites.
It’s unclear from the police statement whether they are suspected of having taken part in the attack on Sony’s PlayStation Network in April that compromised over 101 million user accounts or in the DDoS attacks that preceded the massive data breach. Anonymous denied involvement, but acknowledged that individual members could have been involved on their own.
“Police arrested 3 #Anonymous leaders in Barcelona, Alicante & Almeria. They attacked governments of Egypt, Algeria, Libya, Colombia,” Spanish authorities posted on Twitter.
Spanish law enforcement launched an investigation in October after the Spanish Ministry of Culture’s Website was hit by a DDoS attack in protest of a Spanish law on illegal downloads. The Technological Investigation Brigade, part of the National Police, analyzed more than 2 million lines of chat logs as well as Web pages to track the suspects.
Police also posted a screen capture of an online chat room the suspects frequented.
In the Almeria raid, police confiscated a server owned by one of the suspects. Luis Corrons, technical director at PandaLabs, the research arm of Panda Security, speculated the information on the server could lead law enforcement to other Anonymous members. Police uncovered software used to make malware and sophisticated encryption tools as well as the Low Orbit Ion Cannon software Anonymous uses to carry out its DDoS attacks.
The police’s claim of “dismantling” Anonymous in Spain may be premature since it is actually just a loosely knit group of individuals who band together to participate in various online activities. Anonymous is a “highly anarchic” organization with no strict hierarchy, Corrons wrote in a PandaLabs blog post. Anonymous members make decisions collectively and figure out their plans through forums and general voting. Not everyone participates, or even supports, all “operations,” so it’s difficult to tell who is involved and at what level.
“I am very much afraid that the fact that the ‘main leaders of the Anonymous group’ in Spain are now under arrest does not mean the group will cease its activities,” Corrons wrote.
While it’s possible the suspects took part in some of the attacks, there is no evidence they have any kind of leadership role, Corrons said.
All three men were Spanish and in their 30s, Reuters reported. One worked in the merchant navy. They are accused of coordinating computer hacking attacks from a server set up in a house in Gijon, a northern port city in Spain. The statement did not specify when the men had been taken into custody.
They are expected to be charged with forming an illegal association to attack public and corporate Websites, a charge that faces a potential sentence of up to three years in prison, The New York Times reported.
Anonymous had threatened NATO with potential attacks after a recent NATO report condemned the group. “Do not make the mistake of challenging Anonymous…If you cut down one Anon, 10 more will join us purely out of anger at your trampling of dissent,” the group warned.
“We are very likely to see some kind of retaliation actions from Anonymous over the next few hours, as they are used to getting away with their actions,” Corrons said.
However, shortly after the police made their announcement, it appeared that AnonNews, the site commonly used by Anonymous to issue press releases, was unavailable. AnonNews was “currently experiencing heavy DDoS attacks combined with a spike in legitimate traffic,” read a message on the site.