Dutch boy arrested for WikiLeaks-related DDoS attacks on Mastercard and PayPal

Filed Under: Denial of Service, Law & order, Malware

Dutch police carAccording to an announcement by the Dutch Public Prosecution Service, a 16-year-old boy has been arrested in connection with the distributed denial-of-service attacks that have been launched against a number of websites this week, including MasterCard and PayPal.

The attacks, which have made the headlines in the last couple of days, have seemingly been in support of the controversial WikiLeaks whistle-blowing site and its high profile founder Julian Assange.

Details are very sketchy, but it is reported that the unnamed youth is in police custody and is being interrogated by detectives from the Dutch National High-Tech Crime Team. He is said to have confessed to the attacks, and is due to appear in court in Rotterdam on Friday.

Computers have also been seized, and it appears that the authorities are not ruling out further arrests. Last night, Dutch broadcasters reported that the police visited the offices of LeaseWeb and EvoSwitch - two firms, believed to be providing internet services to the Anonymous group who have co-ordinated the attacks.

Of course, it is highly unlikely that the attacks are coming from just one part of the world.

As I said just earlier today, denial-of-service attacks are illegal - and you would be very foolish to participate in them, as the penalties can include lengthy jail sentences.

, , , ,

You might like

63 Responses to Dutch boy arrested for WikiLeaks-related DDoS attacks on Mastercard and PayPal

  1. alexoi · 1765 days ago

    you would be very foolish to stand by when the governments steal people's freedom :-)

    • Anonymous · 1765 days ago

      Uninformed, angsty teenage idiocy. WikiLeaks is the subject of an active State Department investigation. Whether you agree or disagree with that, payment companies have an objective legal obligation to stop giving money to them. It's standard procedure. They're private companies, you don't have a right to either the service or the "money". There's no rights being violated there, nothing being censored, not by any stretch of the definition or your imagination.

      If you want to do something productive, target people who've actively opposed WikiLeaks and pushed for censorship in the first place. Amazon, Palin, Lieberman, the State Department, the Swedish prosecution... these are all much more relevant.

      • Anonymous · 1765 days ago

        You do not have the right. But you have a duty to freedom and to free speech to show the people out there, that you are not going to be gagged. And if it is through DDoSing websites, to show, that you will NOT tolerate some gag orders from the government, its ok.

        Either you're on the side of wikileaks, or on the governments. If you are on the gov side, don't cry if you're attacked.

        Also, "Uninformed, angsty teenage idiocy" was almost everytime in history the way a revolution started. They were not started by some smart people like you, who think they'll be cool if they stay out of everything. This is a cyber war. Casualties will be on both sides as collateral damage will be. But we will not shut up. And we will not have our rights taken away.

        • Anonymous · 1765 days ago

          If you're going to pat yourself on the back for thinking you're taking a stand, just don't try to say "oh, well, it's okay for me to be breaking the law because I think I have a reason to". If you're personally okay with doing it, then more power to you. But don't try to excuse it.

          But no, it's not as simple as "you're on the side of wikileaks, or on the governments". It never is, unless you're talking about Saturday morning cartoons. Leave the black and white morality at the door. There are plenty of us who support WikiLeaks and Assange, but don't agree with some or all of these disorganized, misdirected attacks.

          • Anonymouse · 1765 days ago

            you are such a sheep i just want to shear you bold, you silly little man

          • asdfasdf · 1765 days ago

            You're missing the point of the attacks.

            It's all for publicity, and it has worked very well.

        • Anonymous · 1765 days ago

          "And if it is through DDoSing websites, to show, that you will NOT tolerate some gag orders from the government, its ok. "

          No, it's not "ok". It's still illegal. If you're willing to break the law to fight for something to believe in, and you think that's justified, then that's all you. But you shouldn't delude yourself into thinking that it somehow makes it less of a crime.

          "Either you're on the side of wikileaks, or on the governments. If you are on the gov side, don't cry if you're attacked. "

          This is silly. A lot of people of people who support Wikileaks don't support DDoSing websites in retaliation. There aren't divides like that in real life, "you're with us or you're the enemy" is a childish way to look at the world.

          "Also, 'Uninformed, angsty teenage idiocy' was almost everytime in history the way a revolution started."

          No, not really. "Revolutions" don't start with people who don't know what's going on. You need to be objective and check your facts. Jumping straight to misdirected, disorganized attacks against companies who, for the most part, are guilty of nothing more than staying neutral and not acting in line with your own personal politics is not some kind of revolution for freedom. You're not losing any rights.

          • Anonymous · 1765 days ago

            "No, it's not "ok". It's still illegal. If you're willing to break the law to fight for something to believe in, and you think that's justified, then that's all you. But you shouldn't delude yourself into thinking that it somehow makes it less of a crime."

            Tell that to Martin Luther King Jr, Rosa Parks or anyone else in the civil rights movement you spineless coward.

            • Anonymous · 1765 days ago

              ... You missed the point entirely. It doesn't matter if you're justified or not, it doesn't matter if it's for a good reason or not, it's still illegal and you shouldn't kid yourself it isn't. Just because you think it's the right thing to do doesn't change that. Nice strawman, though.

              • Do you think one of you could call yourself "Anonymous #1" and the other one "Anonymous #2"? Would make this so much easier to follow... :)

            • Cobalt · 1765 days ago

              hello, that example is IRRELEVANT! first off when did mr king break the law? Rosa Parks sort of did but thats kind of debatable. in any case please realize that these companies are obligated to stop allowing those people to use their services under law. not everything is a government conspiracy.

  2. Agreed. What this boy did was merely an act of flooding the site with requests, causing it to slow and eventually shut down. He is one of thousands around the world helping to protest via the internet. Even now, there is a JS LOIC page where all people have to do is press a button to be a part of the DDOS attacks. They want to give people the power to protest via the internet.

    Unfortunately this young boy's love for freedom and the truth has landed him in trouble. I take my hat off to this lad who stands up for his rights and the right for the public to know what their government is doing.

  3. Ericz · 1765 days ago

    Foolish to participate my ass, most countries pretty much never had anyone convicted for it.

    • Anonymous · 1765 days ago

      When you're targeting something as big as MasterCard, that's a different story.

  4. Anonymous · 1765 days ago

    Is it illegal to reload a website 20.000 times a second? Don't think so.

    • Anonymous · 1765 days ago

      This goes for both you and @VNimara_Consort.

      Don't be pedantic. It's pathetic to see people try and excuse DDoS attacks by trying to understate them. You're not fooling anybody who actually knows what kind of effect that amount of traffic can have en masse, and it's disappointing to see people claiming that they're standing up for something while trying to deny that it is what it is and that it is illegal.

    • Arco · 1765 days ago

      In the Netherlands it's illegal since 2006 yes.

  5. Rollinsolo · 1765 days ago

    they can take time to arrest people for fighting for there freedom but mean while the goverments around the world are murdering innocent civilens and nothing is do about that. they just lie about it and try to cover it up. The people are speaking out its time the goverments step up and take responsibility for all the wrongs they have done. Thank you anonomous for giveing us hope that all the lies will not be hidden for ever.
    We are One,
    We are everywhere,
    We are taking a stand.

  6. anonymous · 1765 days ago

    ironic that the person posting under anonymous is posting against anonymous. just saying.

  7. witiza · 1765 days ago

    It's great to see16 years old boys fighting for free speech, that makes me belief there is some hope again.

  8. Do you understand what DDOS entails? It means hijacking of thousand of innocent people's computers via malware or virus to add it to a Botnet which can then be used for many things besides DDOS. Spam comes to mind. Don't get "holier than thou" protesting for the "right of free speech" when you first hijack other people's computers without their consent. That's a pretty basic right, too.

    • Anonymous · 1765 days ago

      The recent attacks have, notably, not been based on zombie networks. While most DDOS attacks are conducted by hijacking computers, this attack was voluntary. Participants directed their own computers to connect to the targets and spam them. While this has nothing to do with whether or not the attacks were appropriate, which I shall not comment on, they were (oddly enough) voluntary.

    • Gaz · 1765 days ago

      Actually Thomas, DDoS doesn't mean hijacking thousands of people's computers through the use of Malware. In fact, DDoS simply means a denial of service on a distributed scale; ie: not from one target.

      Not to mention that the Anonymous group are asking that people opt-in, giving them the choice to take part, the choice to install LOIC, I'm not seeing any hijacking any where in that statement.

      Shame that your point is fundamentally flawed. Maybe you should lose *your* holier than thou attitude.

      • Anonymous · 1765 days ago

        Gaz, look above you.

        There are implications that there was a botnet involved, in addition to the voluntary LOIC users.

        And while I'll agree that was phrased pretty badly, it's true that DDoS attacks ordinarily make use of botnets and not voluntary users.

  9. tanne · 1765 days ago

    So it's ok to attack MasterCard and other companies for upholding their policies under the view that it's taking a stand for freedom of speech? What about the companies freedom? They choose who they will do business with - it's just as much their right to decide they no longer wish to do business with that person. I find it interesting that people think it's ok to fight for some type of freedom by surpressing others.

    The person who took the documents in the first place is most to blame... WikiLeaks is to blame for the ones which do not stand for what they argue is what they're all about... I'm sorry but posting a document about key buildings/locations/etc has nothing to do with bringing something shady to light - it's done to weaken them, with the intent for harm. Some of the documents posted I think needed to be, all of them - no. It's not black and white, people need to wake up and realize that there is a lot more to it than just posting stuff that proves wrong doing on the part of governments.

    • Anonymous · 1765 days ago

      It is worth asking whether or not we would trust the data if only a bit had been released. By releasing it all, some degree of bias was eliminated. Also, while a list might be more blatant, nearly every one of those site can be found on Google.

      • tanne · 1765 days ago

        Every story from WikiLeaks does not need a huge amount of extra files as proof. By releasing it all, they're not doing what they say they stand for as far as exposing corruption - they're releasing info that has nothing to do with corruption. And if all the detail can be found on Google - why then is it needed to be posed by WikiLeaks to eliminate a bias in the first place?

    • Gaz · 1765 days ago

      It's also worth baring in mind that the people donating to Wikileaks are losing their freedom of speech, since they're unable to donate due to the stubbornness of a company hypocritically applying it's policies to individual recipients.

      • Anonymous · 1765 days ago

        Gaz, none of that makes any sense.

        The freedom of speech does not in any way cover your ability to pay somebody money. Especially through a private company.

        There's nothing stubborn or hypocritical about the actions of PayPal, MasterCard and Visa. If they get any kind of report or indication that a client is implicated in or associated in any way with something that may be legally questionable, they're obligated to hold the account immediately. This is nothing new. This isn't something that's never happened before. This is industry standard procedure and common-sense business ethics. Holding the account until the government investigation is closed is the neutral and responsible thing to do.

    • KRC · 1761 days ago

      Wikileaks is a terrorist organization. We should freeze their assets and send their leaders to Guantanamo.

  10. dom · 1765 days ago

    Were the DDoS attacks against wikileaks pursued with the same sort of priority?

    Or does the site itself have to have to make a complaint to the relevant authorities to get the incident investigated, and traced, and pursued?

    • Gaz · 1765 days ago

      Doesn't work like that unfortunately, it's "legal" for people to do it against entities the government doesn't like ;)

      • Anonymous · 1765 days ago

        No, it works exactly like that. The government is not pressing the charges for you, the site/company has to pursue them.

    • AnAnonAMoose · 1764 days ago

      Well it depends who you have on your payroll, err I mean gave campaing contributions too. Want results? Pay the right people.

  11. dom · 1765 days ago

    Do these attacks against the infrastructure of banking and making payments increase the likelihood of computers having to meet a standard of compliance to be certified as "malware free" before the computer is allowed to connect to the internet?

    I suspect that some people are looking at an excuse to enforce this. Spam and botnets have only been a nuisance up until now (to windows users, and everyone with an email address, of course) but now this is an "attack" against the movement of money. Mostly by computers running MS Windows.

    Are Microsoft going to be forced to secure their OS?


    Are end users going to be forced to prove that their computer is malware free?


  12. Darrello · 1765 days ago

    No one has commented on how easy it was to take down a global commercial site. It was the comment from an emminent IT security expert on BBC Radio 4, which made me laugh, "Surpringly, the visa payment system was brought down via a single IP address on the corporate website". DDoS attacks on firewalls are common place, it was the back-end security verification systems which collapased. That is some Visa & Paypal should be looking at. Could get busy before xmas with all the on-line shopping.....

    • Anonymous · 1765 days ago

      The Visa payment system wasn't brought down. The only thing interrupted, besides the homepage itself, was the Verified by Visa function. Same goes for MasterCard and their equivalent of that.

    • Anonymous · 1765 days ago

      You're talking about Verified By Visa. That's just a secondary, optional web verification tool hosted on the site. It isn't some kind of "back-end security verification system", and the only people who would have been effected by it were people who have opted into using the service and were trying to use the card online at the time. That's not the same thing as interrupting actual transaction verification or processing.

    • Anonymous · 1765 days ago

      No one commented on it because either you misunderstood was what going on, or your "emminent [sic] IT security expert" did. Transaction processing was not taken down. Verified by Visa is an optional service for web transaction security. It's not a back-end security system.

  13. not naive · 1765 days ago

    Sobering reality: we don't know the plan behind what's happening. For example, it could be one strategic move in an Earth shattering, well orchestrated war, or a trial run. And no, insurgents (spread all over the planet or otherwise) are never the brains and force behind wars. They are just one tool used by war machines. War machines enforce order, secrecy, and obedience, NOT freedom.

  14. anonymouseasfg · 1765 days ago

    yea he had a big botnet ya know....

  15. anonymous · 1765 days ago

    if they are going to arrest 1 kid for the attacks than they should go after the US for starting the attacks. Sadly anon is not a terrorist group as you all think it is but the collective opinion from a section of the internet. I'll wait until someone makes the mistake of waking the folks from 2chan. I'm going to lawl at all the n00bs here since they have no clue what the rules of the internet are and that if you play with fire you will be burned.

    • akw · 1765 days ago

      What rot. Anonymous' entire purpose is to terrorize those who aren't behaving as a group of anarchists wishes. The "collective opinion" of a group of internet users isn't worth a hill of beans if it's against the law, and the internet is not a free-for-all controlled by mob rule. This is real life, not some anarchist utopia.

      • Anon · 1765 days ago

        Ugh, how wrong you are. The opinions of large groups of people are worth more than law in practice. Has always been so and will always be so.
        If you fail to understand this you should perhaps take a peek at a history book for starters.
        The power has always and will always rest with the masses - and thank god for that. The checks and balances on the corrupt subhuman entities in power are the people and their opinions. And those in power will be judged by the people, and again in the pages of history when the time is mature enough.

        Support Operation PAYBACK!

  16. kall · 1765 days ago

    Article lies ofc.

  17. George A Butel · 1765 days ago

    Denial-of-service attacks are a form of terrorism, economic terrorism, a form of economic blackmail. What they say is that, if you don't accede to their wishes, they will cause you economic damages--no different than throwing rocks through your windows. Perhaps these youths are too young to understand the nature of the democratic process, or of how government, works, or how we can change it, but I have a suspicion that they were so busy learning their computer skills and playing computer games that they paid no attention to civics or government classes. No doubt they started out with legitimate concerns about what certain governments were doing. But instead of starting a political movement, or joining one, they took physical action--action no different than an armed uprising. Now, they will have police records, and will probably be unable to seek or win public office, and will be unable to vote anyway now when they reach that age, so they are destroying the very cause they believe in, diminishing their ability to legitimately help. And, even worse, they are creating a strong backlash that may interfere with all of our freedoms. The more they do things like what they have done, the more call there will be to restrict our liberties.

    • Antonymous · 1765 days ago

      And so was the Tea Party...and that was over taxes

    • antonymous · 1765 days ago

      Also I have to say you do realize that the people, the real anon and ghosts of the network aren't 12 right? Seriously you do understand that right?

    • miek · 1765 days ago

      Yes, because so many political movements have worked to remove laws that hinder freedom... so many political movements have stopped the COIAC, MPAA and Internet Censorship.

      Get real fool.

    • 1simpleanon · 1765 days ago

      This is the most ridiculous thing Ive read on here yet. The biggest youth vote ever arose and got Obama elected into office, yet here we are seeing the tax cuts for billionaires getting extended and our futures being flushed down the toilet. Try and justify "joining a political movement" all you want, but we tried that, and we dont have the ability to filibuster a bill to help 9/11 first responders, let alone millions of lobbyist dollars to buy our place in congress. What we do have here is a way to get our voice heard in being part of anonymous. Just hope the lowest of us the dont keep this going, like the dorky IT guy at your office that takes care of the internal email server for example, and become our own Wikileaks, because a few lines of code from someone reading a comment like this can potentially take down a company, and in the midsts of figuring it out,lairs out all the dirty laundry.

  18. Chii · 1765 days ago

    anybody know what is going on in the rest of the world while we are being distracted with this event?

  19. anonymous · 1765 days ago

    Good! They caught Anonymous! About time to, this kid has written too many dangers books in the last 500 years, caused too many uprisings and toppled way too many governments. I am glad he is finally arrested.

  20. myk · 1765 days ago

    I was listening to public radio and great point was made. It's goverment job to protect this information and if they can't do so effectively you can't blame people who got a hold of it. Newspapers are using anonymous sourses for years- how wikileaks is different? Is it because we can blame someone??? Do your job to protect info- problem solved.

    • akw · 1765 days ago

      You've got to be kidding. Governments protect people through laws. You break the law, you get punished. DDOS attacks are illegal because they caused damage to public and private business. What you're saying is that if the lock on my door isn't good enough to keep you from coming in and stealing my valuables, it's my fault if you do it. That's absurd.

  21. p01ntless · 1764 days ago

    lazers were charged at the dutch national police website and public prosecution service, succesfully bringing it down as retailiation for the arrest.

    the proud and bragging dutch cyberpolice pwned

  22. E_S_LaPorte · 1764 days ago

    The Dutch have intelligence services that are very much American lapdogs...

  23. Claudia · 1764 days ago

    A prime example of the urgency of information security needs in corporate and government organizations.

    It's not necessarily that these organiations were hacked, news coverage seems to be pointing to insiders leaking the documents to WikiLeaks. Wikileaks posted the classified information, there's no evidence that it hacked to get the info.

    Assurance training can be taken online and prep individuals for high security positions.

  24. Joseph · 1763 days ago

    This is not free speech, you idiots. This is theft of government property and invasion of privacy by punks in service of a narcissist. So you say you wanna revolution, eh? This is the same kind of thinking that leads street teens to light homeless men on fire.

    If someone leaked me your bank statements and medical records and I posted them online for everyone to see, I doubt you'd be so indiscriminate in your insistence on free speech. Your fist ends where my nose begins.

  25. Joy · 1763 days ago

    Incredible that this fast response from US were not used with those killing innocents...

    Incredible that companies take down services for "believeing a thing is illegal" and without a court order or a setenced a thing, in a country that promotes law and order :-) you guys make my laugh a lot...

    Who is US to order countries what freedom while their goverment kill and sell weapons, go on TV saying excalty opposite things that they do, and a Sara P with guns and screaming as positiong as a posible president.. this must be a joke...
    A country that attacked another country regardless UN sentecy (in which he signed to agree with rules by the way).

    The people are speaking out, its time the goverments step up and take responsibility for all the wrongs they have done. Thank you anonomous for giving people hope that all the lies will not be hidden.

  26. Joy · 1763 days ago


    Who can trust a guy with a pink shirt in charge of security issues ?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at https://grahamcluley.com, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley