U.S. arrests 14 for roles in PayPal cyber attack

WASHINGTON Tue Jul 19, 2011 9:37pm EDT

Related Topics

WASHINGTON (Reuters) - U.S. authorities on Tuesday arrested 16 people on charges they participated in major cyber attacks, including an attempt to cripple eBay's PayPal website as retribution for dropping WikiLeaks as a client.

FBI agents arrested 14 people in nine states and Washington, D.C., for the PayPal attack, which occurred last December and was allegedly coordinated by the hacking group Anonymous. It was the biggest response by authorities tied to a recent spate of high-profile cyber attacks.

Financial institutions like PayPal, Visa and MasterCard withdrew services from WikiLeaks last year after the website published thousands of sometimes embarrassing secret U.S. diplomatic reports that have caused strains between Washington and numerous allies.

Hackers responded with so-called distributed denial-of-service attacks that flooded the companies' websites with requests for information and rendered them unavailable to legitimate users, according to the indictment filed in federal court in San Jose, California.

PayPal suffered attacks for several days last December. Company spokesman Anuj Nayar said he could not comment on current legal action.

The 14 individuals were charged with conspiracy, which carries a maximum penalty of five years in prison if convicted, and intentional damage to a protected computer, which carries a maximum sentence of 10 years in prison.

The accused ranged in age from 20 to 42 and lived in Alabama, Arizona, California, Colorado, the District of Columbia, Florida, Massachusetts, Nevada, New Mexico and Ohio.

One of the difficulties authorities have had tracking down hacking attacks is that they can be launched from anywhere and can come from an individual who can mask his location.

Law enforcement authorities believe Anonymous is mostly made up of hackers believed to be in their teens and early 20s. The group has taken credit for numerous attacks, including attacks on Bank of America, Sony and the Malaysian government.

"The fact that they have been tracked back and that some of them have been arrested is a significant development," said Mark Rasch, a former chief of the Justice Department's cyber crimes unit and now director of Cybersecurity and Privacy Consulting for the government technology services firm CSC.

CYBER ATTACK PROBES CONTINUE

In a likely sign investigations are intensifying, U.S. authorities executed more than 35 search warrants around the country in their investigation of coordinated cyber attacks against major companies and organizations, the Justice Department said.

The Justice Department and FBI have been under pressure to crack down on hackers who have stepped up their attacks on corporate and government websites in the past several months in a bid to thwart their activities.

Stewart Baker, a former top official of the Homeland Security Department, said the FBI probably gave the case extra attention because of the public taunting the bureau received from Anonymous and related groups.

"It does look like some of these guys (hackers) were just fools. The PayPal attack in particular," said Baker, now at the law firm Steptoe and Johnson LLP. "It looks like these bozos must have just said 'Cool, an attack on PayPal. You can use my machine.'

"I think it makes it a lot less likely that that people will join the next digital lynch mob," he said.

Another related arrest came in New Mexico where an employee for a contractor for AT&T's wireless service faced charges of accessing a computer without authorization by allegedly downloading thousands of documents related to its 4G data network and LTE mobile broadband network.

The data was subsequently downloaded to a file-sharing web site in April and another one of the loosely organized groups of hackers, Lulz Security, subsequently publicized the data breach, the complaint said. AT&T had no comment on the arrest.

The other man arrested by FBI agents was in Florida, where he was charged with illegally accessing Tampa Bay Infragard's website and uploading three malicious files. The group is an FBI-sponsored organization focused on critical infrastructure.

The Justice Department said British police arrested one person and Dutch authorities arrested four for cyber crimes related to recent attacks on major companies and organizations.

(This story was corrected in the first paragraph to make clear the attack attempted to cripple PayPal but did not cripple the site.)

(Additional reporting by Basil Katz and Christine Kearney in New York, Jim Finkle in Boston, Dan Levine and Alistair Barrin San Francisco; editing by Todd Eastham and Bill Trott)

FILED UNDER:
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (5)
Dave1968 wrote:
Whats criminal is a company paypal,visa,mastercard simply “deciding” they can deny service because it is politicaly unfavorable, especially when those services are core services? Has wikileaks been charged with anything? no- all they did was bring to light information that was the property of the American people me and you. which our government hides from us. I’m sorry the hackers didn’t get away with it.

Jul 19, 2011 10:37pm EDT  --  Report as abuse
Dave1968 wrote:
Whats criminal is a company paypal,visa,mastercard simply “deciding” they can deny service because it is political unfavorable, especially when those services are core services? Has wikileaks been charged with anything? no- all they did was bring to light information that was the property of the American people me and you. which our government hides from us. I’m sorry the hackers didn’t get away with it.

Jul 19, 2011 10:39pm EDT  --  Report as abuse
Chappyy3k wrote:
PayPal, Visa, Mastercard have effectively placed sanctions on individuals unfairly and without justification. They have a responsibility to economic and personal well being and fair trade and they are the ones who should be answering to the authorities. The recent cyber-attacks have all been on companies on immoral grounds, government failing to disclose and hide blunders and on websites that have cut security messages and leave personal details of users at risk negligently. Luckily the hackers are not after financial gain but if Visa etc… pin these guys into a corner and cut off their financial incomes through fair trade.. well, do the math?

Jul 20, 2011 3:02am EDT  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.