Forgot your password?
typodupeerror
Crime United States

FBI Raids Texas ISP For Anonymous DDoS Info 120

Posted by timothy
from the now-turn-around-reeeeal-slow dept.
jcombel writes with this link to The Smoking Gun, which says "As part of an international criminal probe into computer attacks launched this month against perceived corporate enemies of WikiLeaks, the FBI has raided a Texas business and seized a computer server that investigators believe was used to launch a massive electronic attack on PayPal." Computerworld has a story, as well.
This discussion has been archived. No new comments can be posted.

FBI Raids Texas ISP For Anonymous DDoS Info

Comments Filter:
  • What could possibly go wrong?
    • by Anonymous Coward on Friday December 31, 2010 @09:51AM (#34721144)

      What could possibly go wrong?

      Paypal: the "bank" that somehow gets away with not having to be regulated like a bank and treated like a bank, despite looking like a bank and acting like a bank.

      DDoS attacks suck but in this case, nothing of value was lost.

      • by ScentCone (795499)
        despite looking like a bank and acting like a bank

        And despite not pretending to provide many of the services a bank provides, and not arranging to have the funds insured by the government, and despite you not having to have anything to do with them, whatsoever, if you don't feel like it.
        • by Skapare (16644)

          You mean there ARE banks which were are required to do business with (that PayPal is not one of)? And all regulated banks are required to provide every possible service (that PayPal does not provide all of because they are not one of those banks)? I guess maybe more banks should having funds insured by the government. That way they can get out of actually having to do things right, and be on a better footing to provide alternatives to PayPal.

          • by ScentCone (795499) on Friday December 31, 2010 @02:11PM (#34723098)
            You mean there ARE banks which were are required to do business with

            No, I don't mean that and you know it. But if you want to do business with a bank that, for example, offers you FDIC protected checking accounts, then you looking for a different sort of service provider. PayPal isn't in that line of work.

            And, on your other comment ... you're confusing FDIC insurance and the accompanying regulations with being bailed out, which are completely different things.
  • Idiots (Score:5, Informative)

    by Mad-Mage1 (235582) <infosecguy,mb&gmail,com> on Friday December 31, 2010 @09:13AM (#34720986) Homepage

    It was a bloody IRC server that's all. It was used by LOIC to get targets, etc...

    I'm sure they were scraping and recording all of the chat logs from each IRC channel that was used, and THOSE logs are the ones with the money info, like who was participating, or at least their IP at the time. Snatching the IRC servers themselves is relatively useless.

    • Re:Idiots (Score:5, Informative)

      by devxo (1963088) on Friday December 31, 2010 @09:21AM (#34721018)
      I haven't been to their network, but somehow I think it's one of those ircd's that hide user ip. Since they snatched the irc servers, they also got the masking keys and can now unmask all the ip's. Without getting the servers it wouldn't had been possible. Besides, there's probably more info and evidence on the servers.
    • Re: (Score:1, Insightful)

      by Threni (635302)

      Sure, it's a punishment. "If you allow this sort of thing, we're going to take your servers and hang onto them for months".

      • "if you are involved in criminal activity, you may be involved in a lengthy investigation".
        Sounds fair to me.
    • Re:Idiots (Score:5, Interesting)

      by Tynin (634655) on Friday December 31, 2010 @09:33AM (#34721076)
      I agree with you. As a former ISP employee, it is pretty well known that the FBI has electronic taps into most ISP companies. I assume the same would be true for datacenter operations as well. I have to imagine watching the traffic silently would have yielded more info than shutting down servers and taking them in for review. No need to worry about masking keys when you can watch the raw traffic come in and see who the major actors are.

      But more than that, why raid a datacenter? Why not work with the datacenter to get what they need and minimize an outage for any other custemers. It is like the FBI treats datacenters and ISP's as bad actors and doesn't trust that they aren't in on the crime which I think is rather outrageous.
      • Re:Idiots (Score:5, Insightful)

        by Miros (734652) on Friday December 31, 2010 @10:33AM (#34721372)
        To discourage others from operating infrastructure that can aid in DDoS attacks? This kind of high visibility move tends to invoke certain emotions among people who might be otherwise inclined to assist in some criminal enterprise. Whoever owned that server is probably not having a good week right now, and it's clear that simply operating some seemingly benign infrastructure that aids in a conspiracy to commit a crime is something that can get your equipment seized and your ass in hot water.
        • Re:Idiots (Score:4, Insightful)

          by Hatta (162192) on Friday December 31, 2010 @12:41PM (#34722462) Journal

          All of which amounts to the government bullying legitimate businesses for doing nothing illegal. How is this even close to acceptable?

          • Actually, in this case the servers are evidence, and the FBI has every right to confiscate it. This happens all the time in hacking cases. Think about what would happen if the FBI didn't confiscate evidence -- it would be trivially easy to conduct illegal behavior because your provider would not give up the evidence necessary to convict you.

            It sucks, but that's what you get for having a society that actually investigates crimes against members of society. You can move to Somalia if you want a more laiss
            • by innerweb (721995)

              Everyone is missing the real problem here. The evidence in any digital (online, server, ...) case is the DATA. The hardware is almost useless. You might need things like MAC addresses and such, but the real stuff is the data. So, confiscating hardware is NOT needed. Confiscating DATA is what is needed. And the beauty of data is it copies so easily. So, the servers are evidence is uneducated BS. It always has and always will be. The data is the evidence.

              If they need the hardware for hairs, fingerpri

          • by ScentCone (795499)
            doing nothing illegal

            Which definition of "DDoS" are you using, here?
            • by Hatta (162192)

              Read a little harder and figure out who is doing the DDOS here and who got raided by the FBI.

              • by ScentCone (795499)
                When you provide the physical infrastructure that is used to perform or coordinate that DDoS attack, you really can't complain that the people tasked with investigating the crime are going to need to lay hands on the system and data in question, intact. ISPs and hosting facilities especially, because the next attack could be on something they're, themselves, trying to keep on the air as it's being attacked.
        • by sgt_doom (655561)
          What did that guy do a few years back? Put a link to some supposed porn or super-model site, but instead the underlying link was to the FBI HQ, which implemented an undercover DDoS attack? Sure hope nobody else copycats that!
      • Re:Idiots (Score:5, Informative)

        by Kagato (116051) on Friday December 31, 2010 @11:37AM (#34721832)

        I have to disagree about the taps.

        I've worked in VERY large national ISPs and local ISPs. At the large ISPs we dealt with dozens of warrants daily. If need be engineering would work with them as a partner to get what they needed. We were also allowed to push back if the warrant wasn't in order.

        At the small ISP the FBI would just show up and seize stuff. Often before hand they would call peers and dig up background information on the employees and owners. When dealing with small ISPs the FBI starts with the assumption that the company is in on it. You'll enjoy a reputation tarnished in the local community and threats of having all your equipment seized (putting you out of business).

        • Excuse me, but have worked at a small ISP? How do you know that the FBI didn't ask ahead time to obtain the info. and only when the ISP refused to cooperate did they didn't start confiscating things?
          • by HiThere (15173)

            I really doubt that they would agree to something likely to put them out of business unless they were coerced.

            I haven't been following things, but my presumptions are:
            1) the business is (essentially) innocent
            2) there was no warrant
            3) The FBI used "main force"
            4) They'll get away with it again

            Will they find evidence? Maybe. Did they shut down the business? Almost certainly.

            That said, these are initial presumptions. Some comments have caused me to believe that this time the FBI didn't seize servers that wi

            • by wkcole (644783)

              I really doubt that they would agree to something likely to put them out of business unless they were coerced.

              I haven't been following things, but my presumptions are:
              1) the business is (essentially) innocent
              2) there was no warrant
              3) The FBI used "main force"
              4) They'll get away with it again

              Will they find evidence? Maybe. Did they shut down the business? Almost certainly.

              That said, these are initial presumptions.

              In other words: you didn't even glance at anything besides the /. blurb. (hint: you are simply and objectively wrong.)

              • by HiThere (15173)

                Well, I was definitely wrong in certain ways. It sounds like they did have a warrant, e.g. And this time I didn't hear of anybody's door being broken down. As for the rest ... that still seems unproven.

                It is, however, true that I don't trust anyone who combines appointed authority with power. In fact, I'm suspicious of any centralized power. So I tend to read about action of the Feds with two strikes already against them. Even if they were honest this would make it difficult to satisfy me. Unfortunat

          • by Legion303 (97901)

            "Excuse me, but have worked at a small ISP?"

            The answer to that question is in the text of the post you responded to. I'm not sure why you didn't bother reading it.

      • by sgt_doom (655561)
        Yup, ADVAPI.DLL from Microsoft and Apple, and who knows who else, Narus boxes at the nation's switching centers and IXPs, it's definitely a done deal!
      • by wkcole (644783)

        But more than that, why raid a datacenter? Why not work with the datacenter to get what they need and minimize an outage for any other custemers. It is like the FBI treats datacenters and ISP's as bad actors and doesn't trust that they aren't in on the crime which I think is rather outrageous.

        Working quietly with an ISP and/or DC fails in the primary goal of this sort of raid: being outrageous enough to get media attention. The major tool of law enforcement in a situation like this is fear. They know that "Operation Payback" isn't like a spamming or commercial extortion bot net, in that it is not controlled by anyone in a technical sense. That makes it essentially impossible to take out by taking a few machines sitting in DC's hosting IRC channels or even by taking over those machines and watch

    • by AHuxley (892839)
      You would expect a new fed 'friend' or person the feds caught in the past to slowly befriend the admin/best new useful friend over time. Then work out ip's over a day/weeks when offered/gifted admin pw, raids for all... or long term tracking?
      I guess now its all about the wider chilling message, any IP range used gets a van. They have big trucks too ...
      • by Culture20 (968837)

        You would expect a new fed 'friend' or person the feds caught in the past to slowly befriend the admin/best new useful friend over time. Then work out ip's over a day/weeks when offered/gifted admin pw, raids for all... or long term tracking?

        What mildly competent sysadmin hands out root passwords as gifts? They haven't even done that in Universities since the early 90's.

        • by AHuxley (892839)
          Long term flattery, shared interests, an understanding of Unix ect. could charm admins into that zone of pw trust.
          If caught in the past by the feds, you would have the time, cash and drive to work hard on/for your target group.
    • by Larryish (1215510)

      It would be nice if anonops irc wouldn't autoban proxies/tor.

      "Welcome to irc.anonops.co.uk - We are Anonymous, expect us. - Anonymous proxy servers are not permitted."

      Does that scan?

    • by Anonymous Coward

      Anonymous guys should google an implementation of slowloris-over-Tor "XerXeS" like Th3j35t3r uses... (Yeah implementations are out there, do you think th3j35t3r wrote his tool by himself??? LOL)

      Going over Tor hides the IP and doing this attack via multiple machines would make them a really nasty bunch of fuckers.

      On the other hand maybe they should not do that. You see, one can easily prevent the "XerXeS" tool by just tarpitting multiple connections from a single IP. Or, better yet, tarpit all Tor exit node

    • I have been reading those SAR reports Wikileaked from Afghanistan, and there appears to be atrocity after atrocity after atrocity, supported by those very rare and occasional news stories (in the international media, as America has no media).

      While a court-martial is taking place in America about those US Army thrill killers of innocents, an Australian Special Forces unit is undergoing a court-martial in Sydney -- having killed innocents, instead of the Taliban, due to "faulty intel" -- a commonly occurring

  • by Anonymous Coward

    I get the feeling we're about to see Weather Underground 2.0. FBI and friends rounding up subversives, cooking up various stories/evidence/results and both sides getting more and more serious until things go bad.

    Anonymous will, I suggest, become the 21st century hippies once more and more tangential interests come aboard, and before you know it a few radical offshoot groups will take on the government in a serious way. Cyberthreats the like of government talk are bullshit, but people with technical knowhow

    • Doubtful. The vast majority of Anonymous does what they do for the lulz, not out of any ideology.

      • The "for the lulz" is part of the meme, just like using the word "Anonymous" as personal name. If the target was something they supported, they would not have participate. The target is picked carefuly out of a ideology and peoples supporting the cause join the DDoS. The reasoning behine is that moral equal bigotry, and if you cannot do something for an ideology, you can only do it for your own selfish entertainment (a.k.a. "for the lulz").

    • by HiThere (15173)

      I don't believe the Weather Underground was ever a serious threat, except in their own minds, and in the press. When I looked around I saw dozens of easy targets that they just ignored. They were more publicity hounds than a revolutionary movement. AFAIK they didn't even have a platform of "What we would do if we were in charge".

      And if you say Anonymous will become the same kind of thing, I have no trouble accepting it. But consider what you are saying. (I.e., they're just about there already.)

  • use the fbi to do your dirty work

    http://en.wikipedia.org/wiki/Joe_job [wikipedia.org]

  • ... the server did not actually send those TCP requests, but was hosting an IRC server. The flooding software allows the user to turn his computer in a voluntary "botnet member". The software then connects to a specific IRC server (can be changed easily in case the server goes out of commission), connects to a specific channel and then a bot in this channel responds to commands by the software and passes the IP address of the target.

    This allows the masterminds behind the attacks to coordinate the computers

  • patriot (Score:5, Insightful)

    by choko (44196) on Friday December 31, 2010 @10:24AM (#34721328)

    So I'm assuming that we are going to see a probe by authorities into the "patriots" behind the wikileaks DDOS attacks next?

  • A few mistakes... (Score:5, Interesting)

    by jornak (1377831) on Friday December 31, 2010 @10:47AM (#34721456)

    First mistake: They list the IP in the affadavit OUTSIDE of the logs twice as 72.9.153.42 instead of 72.9.153.142 as it should be. One could assume that they could have now raided the wrong server in Tailor Made's farm.

    Second mistake: "root" is just an IRC nickname on AnonOPs, and this person does NOT have root access on the IRC server that was raid as falsely assumed in the affadavit. They have oper with override privileges, and that was what was logged. The raid on the server at Tailor Made Servers was made under false pretenses.

    Third mistake: Those logs show... [Thu Dec 9 11:14:27 2010] - OVERRIDE: root(root@72.9.153.142) TOPIC #loic '!lazor default targethost=api.paypal.comsubsite=/ speed=3 threads=15 method=tcp wait=false random=true checked=false message=Good_night_paypal_Sweet_dreams_from_AnonOPs port=443 stop' ... if anyone here has looked at LOIC's topic parsing, there's two mistakes the FBI made there. The first is that there's no space between targethost=api.paypal.com and subsite=/. The second is that this person "root" is STOPPING the attacks by adding "stop" at the end of the topic. Unless they can show logs of this "root" person throwing "start" in the topic instead of stop, this person is doing exactly the opposite of "willingly and knowingly" executing commands to start a DDoS attack.

    • Either an honest mistake, or as many mistakes there could be, a deliberate error to identify potential participants.
    • Re:A few mistakes... (Score:5, Informative)

      by Anonymous Coward on Friday December 31, 2010 @11:39AM (#34721854)

      That's usual government tactics mixed with incompetence, i.e. raid as many people as possible, with warrants that are based on wrong information. Most cops don't know what they are doing in regards to IT or knowingly use bad information to get warrants. Hundreds and thousands of raids look great in press releases and there are no consequences for doing a shitty/fraudulent job. They simply hide the fact that a tiny, tiny percentage of those raids actually result in convictions. The vast majority of cases are discontinued due to lack of evidence or because people get lawyers who tear the crap cops did to shreds.

      A great example is operation "Himmel" in Germany. Literally 1000s of raids all across Germany were started because some server contained child pornography and logs appeared to indicate LOTS of downloads. Turns out the majority of images were neither CP nor illegal. People ended up getting their homes raided by police because they only loaded a few thumbnails; not even full images. In the end not a single case out of these 1000s ended up in court. Yet police and politicians considered the operation to be a success and used it to inflate their case numbers to prove how important new internet laws are.

      It's not about convictions, it's about publicity for politicians and creating FUD for agencies.

    • by HiThere (15173)

      Well, it sounds like my initial presumption that they didn't bother to get a warrant was wrong.

  • Isn't it amazing.. (Score:5, Insightful)

    by Dynamoo (527749) on Friday December 31, 2010 @12:15PM (#34722236) Homepage
    Isn't it amazing that the FBI can get their arses into gear over Anonymous, while allowing thousands of other criminal operations to use US based servers without disturbance. I am constantly horrified by the number of malicious sites operating out of the mainland US that are clearly operating in plain sight.
    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Money talks... Anon starting playing with fire when they went after the credit processing industry. Most malicious servers don't go out of their way to put a big target on their back. More importantly, they don't actively disrupt commerce, something that this government takes more seriously than just about anything else.
       
      Worth noting, this is the ONLY police action in the USA related to wikileaks, and it isn't really even related. What the hell does that say about all this?

    • Welll but isn't it great that the FBI is prioritizing the investigation of the people who DDoSed Wikileaks? They are freedom fighters aren't they? They surely will protect the freedom of speech of an important outlet for corruption and abuses of power aren't they? Oops I was day dreaming that law enforcement actually cared about people and justice again.

I tell them to turn to the study of mathematics, for it is only there that they might escape the lusts of the flesh. -- Thomas Mann, "The Magic Mountain"

Working...