US indicts 13 suspected Anonymous members for Operation Payback

Filed Under: Botnet, Denial of Service, Featured, Law & order, Security threats

Anonymous two faces. Image from ShutterstockThirteen alleged hackers labeling themselves with the Anonymous brand were indicted on Thursday on charges that they conspired to coordinate distributed denial of service (DDoS) attacks against websites that included the Recording Industry Association of America (RIAA), Visa, MasterCard, and The Motion Picture Association of America (MPAA).

The indictment, handed down by a grand jury, was filed in US district court in Alexandria, Virginia, and charged the 13 with conspiracy to intentionally cause damage to protected computers by launching the attacks.

As the indictment describes, the attacks were part of Operation Payback (aka Operation: Payback is a Bitch) - an orchestrated series of attacks that targeted victims worldwide.

As The Register's John Leyden reported after the initial attacks in September 2010, Operation Payback actually started out, as its name implies, as a tit-for-tat move.

Anonymous initially launched the operation in retaliation against DDoS attacks unleashed by Aiplex Software - a firm hired by several Bollywood companies to launch DDoS attacks on sites hosting BitTorrent trackers that had failed to respond to takedown notices.

The attacks, which were carried out from September 2010 to January 2011, started as an effort to support such file-sharing sites.

They then evolved to back WikiLeaks and its founder, Julian Assange, and to take down the financial sites such as MasterCard that had cut off WikiLeaks' funding.

The hackers' tool of choice, Low Orbit Ion Cannon (LOIC), is apparently a favorite among those who label themselves Anonymous.

Sophos's Vanja Svajcer wrote up this detailed analysis of LOIC back in December 2010.

In the indictment, prosecutors outlined how simple it was for the hackers organizing the operation to launch one such attack, against the MPAA.

On or about September 16, 2010, a member of the conspiracy posted a flier advertising the MPAA attack on a web bulletin board.

The flier announced:

We target the b*stard group that has thus far led this charge against our websites, like The Pirate Bay. We target MPAA.ORG! The IP is designated at [IP address], and our firing time remains THE SAME.

The flier provided the location at which co-conspirators could download the LOIC tool, and gave instructions so as to unleash the attack as "a calm, coordinated display of blood."

The indictment names 13 hackers, but thousands more participated in the attack by simply clicking on Web links that downloaded LOIC and temporarily turned their computers into what the New York Times called "a digital fire hose aimed at each victim," which, in this case, were the targeted websites, including Visa.com and MasterCard.com.

The 13 people charged range in age from 21 to 65 and hail from 13 different US states.

As Svajcer pointed out, participation in DDoS attacks is illegal in many countries, and anybody who accepts an invitation to partake in one runs a serious risk of having the law come down on them hard and fast.

As arrests and indictments such as this most recent one show, attackers' source IP addresses inevitably end up in a targeted site's log files.

After that, all that law enforcement requires is the cooperation of an internet service provider (ISP) to track down willing participants in a DDoS.

It only takes a moment to click on a link, but the payback for Operation Payback is promising to be far more onerous for those 13 and for whomever else prosecutors drag into court.

Image of Anonymous masks courtesy of Shutterstock.

, , , , , , , , , , ,

You might like

2 Responses to US indicts 13 suspected Anonymous members for Operation Payback

  1. Defense: My client is a victim. He had computer malware on his system. All activity was the result of a botnet, and without my client's knowledge or consent.

  2. Anonymous · 293 days ago

    I hope the crime was worth it for them. Given the internet there are 100s of legal ways to protest.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.