Categories: SecurityWorkspace

FBI Carries Out Texas Raids In Operation Payback Probe

The FBI raided a Dallas-based server farm and seized servers used in the distributed denial-of-service attack against PayPal earlier this month, according to an affidavit obtained by the Smoking Gun website.

Federal agents are looking for clues as to the identity of the hackers who orchestrated the DDOS attack on PayPal, according to the affidavit. It is unclear whether the raids were successful in that regard.

Payback attacks

The FBI began their investigation shortly after the Anonymous group of Internet activists launched DDoS attacks against PayPal and other financial and technical service companies for cutting off support to the WikiLeaks site after it published thousands of secret US state department cables.

The PayPal blog was offline for a few hours as part of the DDoS campaign the Anonymous group called “Operation Payback”. Volunteers were encouraged to download a point-and-click DDoS tool to attack PayPal and other targets, including Visa, MasterCard, Bank of America (earlier this week), and a Swiss bank who froze WikiLeaks founder Julian Assange’s accounts.

FBI investigators believe that some volunteers used botnets of compromised machines to launch a more potent assault, according to the affidavit.

“Vigilante DDoS, a bunch of kids getting together and running a software,” is not a particularly powerful attack because there is not enough volume, Jason Hoffman, of Joyent, told eWEEK. Attackers would have needed five to fifteen million people all on high speed broadband connections to “be effective”, he said.

PayPal provided FBI agents with eight IP addresses of servers that were used to run IRC chat servers associated with planning the Operation Payback attacks, according to the affidavit. Investigators believed the same systems were used as command and control hubs for botnets used during the DDOS attacks.

According to the affidavit, “multiple, severe DDos attacks” had been launched against PayPal, which amount to felony violations of a federal law covering the “unauthorised and knowing transmission of code or commands resulting in intentional damage to a protected computer system”.

One IP address was traced to Host Europe, a Germany-based Internet service provider. The server in question turned out to belong to a man from Herrlisheim, France, but that the root-level access to the machine appeared to be from a remote user with administrator access, said the affidavit. The log files indicate the commands to execute the attack came from this remote address, which led investigators to hosting firm Tailor Made Services in Dallas, Texas.

Source of attack investigated

Investigators believe the command to launch the attack was made on Tailor Made Services systems and relayed to this server in Germany to hide its origin.

A pair of log entries on the compromised Host Europe machine contained the same message: “Good_night,_paypal_Sweet_dreams_from_AnonOPs,” according to a sworn statement from FBI agent Allyn Lynd.

Agents raided Tailor Made Services on 16 December after getting a search warrant based on the affidavit. Agents copied two hard drives from the targeted server during this raid, according to Smoking Gun. There is currently no information available about what was found on the drives.

Another IP address associated with the attacks was traced to a Canadian ISP in British Columbia, which was actually a virtual server physically hosted at California-based “co-location” firm, Hurricane Electric. There is no information as to whether the company had been raided by agents at this time.

Fahmida Y Rashid eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved.

Recent Posts

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

3 hours ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

4 hours ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

20 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

22 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

23 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

1 day ago