Police in the U.K. arrested five males Jan. 27 in connection with several distributed denial-of-service attacks associated with the group -Anonymous.’
The suspects, ages 15-26, were picked up as part of what U.K. police called an ongoing investigation into DDoS attacks launched against several companies last year. According to police, the investigation is being carried out in conjunction with law enforcement agencies in the United States and Europe.
Though authorities did not say so specifically, the arrests are widely believed to be tied to a series of retaliatory attacks targeting companies and institutions considered hostile to WikiLeaks. Those attacks, known as “Operation Payback,” took place in December and utilized people involved in an opt-in botnet.
Before Operation Payback subsided, a number of companies had been struck, including MasterCard and PayPal. In December, police in the Netherlands arrested two people, a 16-year-old and a 19-year-old, for their involvement in the attacks. For its part, the FBI raided a Dallas-based server farm and seized servers used in the DDoS attack against PayPal.
In a paper, researchers at the University of Twente in the Netherlands reported that the Low Orbit Ion Cannon (LOIC) tool used in Operation Payback failed to protect the Internet Protocol (IP) address of its users, in effect leaving them traceable by authorities.
“Clearly the authorities are not looking sympathetically on those they believe are assisting the denial-of-service attacks,” blogged Graham Cluley, senior technology consultant at Sophos. “And that’s not just true in the UK. For instance, in Holland we have now seen two arrests in connection with the attacks.”
“Clearly computer users should think very carefully before being recruited as a hacktivist to launch attacks on Websites belonging to other people – otherwise it could be that the police are knocking on your door next,” he added.