FBI Issues 40 Warrants Over WikiLeaks

The FBI has carfried out forty search warrants across the 7 January, in search of information about distributed denial-of-service (DDoS) attacks which hit companies that blocked WikiLeaks’s funding.

The raids came the same day UK authorities arrested five people believed to be tied to the loosely affiliated group Anonymous, which has taken credit for the attacks. The suspects in the UK range in age from 15 to 26, and were picked up after being tied to the attacks.

Denial of service as a protest

After WikiLeaks began publishing leaked US Embassy documents, a war of DDoS attacks broke out, both against WikiLeaks, and against the organisations which withdrew banking and other facilities.

The goal of Operation Payback was to retaliate against companies or institutions that cut ties to WikiLeaks or were viewed as enemies of the whistle-blower site. The effort impacted a number of high-profile companies, including PayPal and Mastercard as well as targets such as the Swedish prosecutor’s office and PostFinance, a financial institution in Switzerland that closed an account belonging to WikiLeaks founder Julian Assange.

Besides the UK, authorities in the Netherlands have made arrests in the case as well.

Hacktivists have increasingly turned to denial-of-service attacks as a method of protest, while others have used them as a way to silence critics. A report last year from Harvard University’s Berkman Center for Internet & Society found 280 independent media and human rights Websites had been hit by 140 attacks between September 2009 and August 2010. Since 1998, the researchers counted reports of 329 different attacks against more than 815 sites — numbers they estimate are only a small portion of actual attacks.

The FBI said it is working closely with other law enforcement agencies across the globe, and said major antivirus companies have updated their software to detect the Low Orbit Ion Cannon tool used in the attacks.

“The FBI also is reminding the public that facilitating or conducting a DDoS attack is illegal, punishable by up to 10 years in prison, as well as exposing participants to significant civil liability,” the agency said in a press release.