FBI Raids Texas ISP For Anonymous DDoS Info 120
jcombel writes with this link to The Smoking Gun, which says "As part of an international criminal probe into computer attacks launched this month against perceived corporate enemies of WikiLeaks, the FBI has raided a Texas business and seized a computer server that investigators believe was used to launch a massive electronic attack on PayPal."
Computerworld has a story, as well.
Attacking financial services (Score:1)
Re:Attacking financial services (Score:5, Insightful)
What could possibly go wrong?
Paypal: the "bank" that somehow gets away with not having to be regulated like a bank and treated like a bank, despite looking like a bank and acting like a bank.
DDoS attacks suck but in this case, nothing of value was lost.
Re: (Score:2)
And despite not pretending to provide many of the services a bank provides, and not arranging to have the funds insured by the government, and despite you not having to have anything to do with them, whatsoever, if you don't feel like it.
Re: (Score:2)
You mean there ARE banks which were are required to do business with (that PayPal is not one of)? And all regulated banks are required to provide every possible service (that PayPal does not provide all of because they are not one of those banks)? I guess maybe more banks should having funds insured by the government. That way they can get out of actually having to do things right, and be on a better footing to provide alternatives to PayPal.
Re:Attacking financial services (Score:4, Insightful)
No, I don't mean that and you know it. But if you want to do business with a bank that, for example, offers you FDIC protected checking accounts, then you looking for a different sort of service provider. PayPal isn't in that line of work.
And, on your other comment
Re:WH says DDOS is not a crime (Score:5, Insightful)
You have to get a license to legally make a street protest which shuts down traffic, in most places.
Re: (Score:2)
Interesting... So would we need to apply for a license in the country the server is located, and/or in each participating country?
Re: (Score:2)
And each country that the traffic crosses over/under/through? That could be long list if you're geographically distributed. Actually maybe a network pro can tell me - could it be almost every country if it's very high traffic and load balancing starts routing things different directions to get to the end destination? I'm out of my field there.
Re: (Score:1)
No your actually right. Thats why networks are supposed to have redundancy and distributed network connections. If one fails a backup is in place to re-route traffic to its end point destination.
The problem that is clear in this case is that there is in no way shape or form in creating a "DDoS protest" license for any particular situation because of the mass complexity of the internet. I've in some cases tested connection routes for businesses and discovered that in some cases packets go through
Re: (Score:2)
Only where the server is located.
After all, protesters arriving from other countries to a protest don't need separate licenses.
Re: (Score:2)
This is where the metaphor breaks down. The protesters arriving from other countries can only get there so fast and generally only by engaging in economic activity. If you engage in mass mobile protest any way other than on foot you're only patronizing the problem.
Re: (Score:1)
Which is an entirely obvious overreach of legitimate government authority. If you have to ask the government for permission to speak out against the government, you are not free. Any government that implements such a policy is nothing more than a bunch of thugs and deserves as much respect.
Re: (Score:2, Insightful)
Lucky for you, then, that you don't have to ask the government for permission to speak out against the government, right? On the other hand, it seems like a good idea to make arrangements with the people who are tasked with keeping the streets working and safe when you are setting out to prevent your fellow citizens from being able to use the streets they pay for. Or are you implying that the only way to
Re: (Score:2, Insightful)
The fact that you are blocking a public street without making any prior arrangements to do so isn't a "point of view" thing - it's a simple are you, or aren't you doing it sort of thing.
As for linking to a Polish document about freedom of assembly? Who has said anything about interfering with freedom of assembly? The US has done more to protect and promote f
Re: (Score:1)
No, they protect the free speech and assembly rights of the people holding the event. Want freedom to block the street, and not have your event overrun by people who want to shout you down? Just do the same thing they did, and get a permit to use the street. At which point, the very same cops and emergency responders who are making sure the people you hate are allowed to have their event won't be allowed to trash your event when you have one.
Of cou
Re: (Score:2)
My goodness astroturf is high!
I love this do whatever you want as long as I don't have to barely take notice of it attitude that is the source of American freedom and democracy, keep it up, you are doing great, your country is more and more free every year so you are *obviously* doing something good!
Re: (Score:2)
Re: (Score:3)
WH says DDOS is not a crime
I don't see that in either you quote or in the article.
People who have plead guilty to DDOS attacks have done so under this law:
Specifically 18 U.S.C. 1030 (a) (5) (A) (i), (B) (i). [cornell.edu]
I would be curious to see this challenged in the case of a single person with a single machine. The efforts of a single individual is not enough to take down a server. In fact, odds are they don't have proof that any of the packets the individual sent even reached the server in question or had any effect on it.
Re: (Score:2)
White House cyber-security coordinator Howard Schmidt:
"We've seen over time street protests in cities that shut down traffic, and this is not dissimilar in the online world. There may be a disruption for a short period of time, but the bottom line is we continue to work to make sure that the impact is minimal."
People get arrested, tried, and convicted of criminal offenses committed as part of street protests. That statement means nothing like "DDOS is not a crime" but rather something more like "We will handle these protestors as harshly as we've handled G20 protestors since Seattle."
Idiots (Score:5, Informative)
It was a bloody IRC server that's all. It was used by LOIC to get targets, etc...
I'm sure they were scraping and recording all of the chat logs from each IRC channel that was used, and THOSE logs are the ones with the money info, like who was participating, or at least their IP at the time. Snatching the IRC servers themselves is relatively useless.
Re:Idiots (Score:5, Informative)
Re: (Score:2)
good luck, i'm behind seven proxies.
Re: (Score:2)
Wasn't those sevan proxies?
Re: (Score:1, Insightful)
Sure, it's a punishment. "If you allow this sort of thing, we're going to take your servers and hang onto them for months".
Re: (Score:2)
Sounds fair to me.
Re: (Score:2)
Re: (Score:1)
> Last time I checked, investigation was a part of due process, especially when it involves a court order or warrant.
That's a little disingenuous. If you can't investigate without depriving someone of a server for months, then the investigation shouldn't be allowed, in my opinion, otherwise people will do just that - punish under the guise of an investigation. Take an image or whatever - whatever you can do in 24 hours or whatever is deemed fair.
Re: (Score:2)
Let me investigate your computer, you can expect it back in... you know, I'll call you when they are ready.
Re:Idiots (Score:5, Interesting)
But more than that, why raid a datacenter? Why not work with the datacenter to get what they need and minimize an outage for any other custemers. It is like the FBI treats datacenters and ISP's as bad actors and doesn't trust that they aren't in on the crime which I think is rather outrageous.
Re:Idiots (Score:5, Insightful)
Re:Idiots (Score:4, Insightful)
All of which amounts to the government bullying legitimate businesses for doing nothing illegal. How is this even close to acceptable?
Re: (Score:1)
It sucks, but that's what you get for having a society that actually investigates crimes against members of society. You can move to Somalia if you want a more laiss
Re: (Score:2)
Everyone is missing the real problem here. The evidence in any digital (online, server, ...) case is the DATA. The hardware is almost useless. You might need things like MAC addresses and such, but the real stuff is the data. So, confiscating hardware is NOT needed. Confiscating DATA is what is needed. And the beauty of data is it copies so easily. So, the servers are evidence is uneducated BS. It always has and always will be. The data is the evidence.
If they need the hardware for hairs, fingerpri
Re: (Score:2)
Which definition of "DDoS" are you using, here?
Re: (Score:3)
Read a little harder and figure out who is doing the DDOS here and who got raided by the FBI.
Re: (Score:2)
Re: (Score:2)
Re:Idiots (Score:5, Informative)
I have to disagree about the taps.
I've worked in VERY large national ISPs and local ISPs. At the large ISPs we dealt with dozens of warrants daily. If need be engineering would work with them as a partner to get what they needed. We were also allowed to push back if the warrant wasn't in order.
At the small ISP the FBI would just show up and seize stuff. Often before hand they would call peers and dig up background information on the employees and owners. When dealing with small ISPs the FBI starts with the assumption that the company is in on it. You'll enjoy a reputation tarnished in the local community and threats of having all your equipment seized (putting you out of business).
Re: (Score:1)
Re: (Score:3)
I really doubt that they would agree to something likely to put them out of business unless they were coerced.
I haven't been following things, but my presumptions are:
1) the business is (essentially) innocent
2) there was no warrant
3) The FBI used "main force"
4) They'll get away with it again
Will they find evidence? Maybe. Did they shut down the business? Almost certainly.
That said, these are initial presumptions. Some comments have caused me to believe that this time the FBI didn't seize servers that wi
Re: (Score:2)
I really doubt that they would agree to something likely to put them out of business unless they were coerced.
I haven't been following things, but my presumptions are:
1) the business is (essentially) innocent
2) there was no warrant
3) The FBI used "main force"
4) They'll get away with it again
Will they find evidence? Maybe. Did they shut down the business? Almost certainly.
That said, these are initial presumptions.
In other words: you didn't even glance at anything besides the /. blurb.
(hint: you are simply and objectively wrong.)
Re: (Score:2)
Well, I was definitely wrong in certain ways. It sounds like they did have a warrant, e.g. And this time I didn't hear of anybody's door being broken down. As for the rest ... that still seems unproven.
It is, however, true that I don't trust anyone who combines appointed authority with power. In fact, I'm suspicious of any centralized power. So I tend to read about action of the Feds with two strikes already against them. Even if they were honest this would make it difficult to satisfy me. Unfortunat
Re: (Score:2)
"Excuse me, but have worked at a small ISP?"
The answer to that question is in the text of the post you responded to. I'm not sure why you didn't bother reading it.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
But more than that, why raid a datacenter? Why not work with the datacenter to get what they need and minimize an outage for any other custemers. It is like the FBI treats datacenters and ISP's as bad actors and doesn't trust that they aren't in on the crime which I think is rather outrageous.
Working quietly with an ISP and/or DC fails in the primary goal of this sort of raid: being outrageous enough to get media attention. The major tool of law enforcement in a situation like this is fear. They know that "Operation Payback" isn't like a spamming or commercial extortion bot net, in that it is not controlled by anyone in a technical sense. That makes it essentially impossible to take out by taking a few machines sitting in DC's hosting IRC channels or even by taking over those machines and watch
Re: (Score:2)
governments take orders from and act on behalf of large corporations
I thought everyone knew this...
Re: (Score:2)
Oh, give them a break.
The FBI is just doing its job: ensuring that government of the money, by the money and for the money, shall not perish from this earth.
Re: (Score:2)
Well, yeah, but so far it's been close to a conspiracy theory. What was lacking was proof.
Re: (Score:2)
I guess now its all about the wider chilling message, any IP range used gets a van. They have big trucks too
Re: (Score:2)
You would expect a new fed 'friend' or person the feds caught in the past to slowly befriend the admin/best new useful friend over time. Then work out ip's over a day/weeks when offered/gifted admin pw, raids for all... or long term tracking?
What mildly competent sysadmin hands out root passwords as gifts? They haven't even done that in Universities since the early 90's.
Re: (Score:2)
If caught in the past by the feds, you would have the time, cash and drive to work hard on/for your target group.
Re: (Score:2)
It would be nice if anonops irc wouldn't autoban proxies/tor.
"Welcome to irc.anonops.co.uk - We are Anonymous, expect us. - Anonymous proxy servers are not permitted."
Does that scan?
Re: (Score:3)
They ban proxies so that you are not DDOSing the proxy or killing ALL of tor.
They should use th3j35t3r's tool (Score:1, Interesting)
Anonymous guys should google an implementation of slowloris-over-Tor "XerXeS" like Th3j35t3r uses... (Yeah implementations are out there, do you think th3j35t3r wrote his tool by himself??? LOL)
Going over Tor hides the IP and doing this attack via multiple machines would make them a really nasty bunch of fuckers.
On the other hand maybe they should not do that. You see, one can easily prevent the "XerXeS" tool by just tarpitting multiple connections from a single IP. Or, better yet, tarpit all Tor exit node
Re:Idiots and War Criminals (Score:2)
While a court-martial is taking place in America about those US Army thrill killers of innocents, an Australian Special Forces unit is undergoing a court-martial in Sydney -- having killed innocents, instead of the Taliban, due to "faulty intel" -- a commonly occurring
Re:Atrocity (Score:2)
Atrocity Atrocity Atrocity Atrocity
Atrocity Atrocity Atrocity Atrocity
Come on!!! Who's With Me?
It's not just a meme, it's the description of how media control works.
Helpful Link to Tune for Singalong
http://www.youtube.com/watch?v=KMU0tzLwhbE [youtube.com]
Unfortunately I have no mix skillz.
I wasn't around then, but.. (Score:2, Insightful)
I get the feeling we're about to see Weather Underground 2.0. FBI and friends rounding up subversives, cooking up various stories/evidence/results and both sides getting more and more serious until things go bad.
Anonymous will, I suggest, become the 21st century hippies once more and more tangential interests come aboard, and before you know it a few radical offshoot groups will take on the government in a serious way. Cyberthreats the like of government talk are bullshit, but people with technical knowhow
Re: (Score:3)
Doubtful. The vast majority of Anonymous does what they do for the lulz, not out of any ideology.
Re: (Score:2)
The "for the lulz" is part of the meme, just like using the word "Anonymous" as personal name. If the target was something they supported, they would not have participate. The target is picked carefuly out of a ideology and peoples supporting the cause join the DDoS. The reasoning behine is that moral equal bigotry, and if you cannot do something for an ideology, you can only do it for your own selfish entertainment (a.k.a. "for the lulz").
Re: (Score:2)
I don't believe the Weather Underground was ever a serious threat, except in their own minds, and in the press. When I looked around I saw dozens of easy targets that they just ignored. They were more publicity hounds than a revolutionary movement. AFAIK they didn't even have a platform of "What we would do if we were in charge".
And if you say Anonymous will become the same kind of thing, I have no trouble accepting it. But consider what you are saying. (I.e., they're just about there already.)
nice joe job, anonymous (Score:3)
use the fbi to do your dirty work
http://en.wikipedia.org/wiki/Joe_job [wikipedia.org]
Re: (Score:3)
Well, technically... (Score:2)
... the server did not actually send those TCP requests, but was hosting an IRC server. The flooding software allows the user to turn his computer in a voluntary "botnet member". The software then connects to a specific IRC server (can be changed easily in case the server goes out of commission), connects to a specific channel and then a bot in this channel responds to commands by the software and passes the IP address of the target.
This allows the masterminds behind the attacks to coordinate the computers
Re: (Score:2)
If only they could DDoS Walmart stores.....
Or China
Re: (Score:2)
Doh-ho-ho-ho, you almost had me there.
Apart from creating counter-measure and technical help jobs, when used on the large companys it forces people to use other services, spreading the wealth and creating even MORE jobs.
Quick, amend the broken window fallacy! Throwing bricks through the windows of more efficient businesses create may create jobs, but does it actually generate more overall wealth?
Re: (Score:2)
It might not generate more wealth, but perhaps it acts to redistribute it?
It's not exactly a fallacy. (Actually, the original might be if I remembered it more fully, but this version isn't...exactly.)
Re: (Score:3, Interesting)
Re: (Score:2)
Union strike and protest can also damage the economy. Let put all these peoples behind bars. Who the fuck they think they are? Damaging sort term profit of the all powerful corporations!
Sort term?
Re: (Score:2)
Squelching legitimate political demonstration can damage the economy and cost people jobs. If you care about the economy, preserve our freedom. These FBI agents belong behind bars.
patriot (Score:5, Insightful)
So I'm assuming that we are going to see a probe by authorities into the "patriots" behind the wikileaks DDOS attacks next?
A few mistakes... (Score:5, Interesting)
First mistake: They list the IP in the affadavit OUTSIDE of the logs twice as 72.9.153.42 instead of 72.9.153.142 as it should be. One could assume that they could have now raided the wrong server in Tailor Made's farm.
Second mistake: "root" is just an IRC nickname on AnonOPs, and this person does NOT have root access on the IRC server that was raid as falsely assumed in the affadavit. They have oper with override privileges, and that was what was logged. The raid on the server at Tailor Made Servers was made under false pretenses.
Third mistake: Those logs show... [Thu Dec 9 11:14:27 2010] - OVERRIDE: root(root@72.9.153.142) TOPIC #loic '!lazor default targethost=api.paypal.comsubsite=/ speed=3 threads=15 method=tcp wait=false random=true checked=false message=Good_night_paypal_Sweet_dreams_from_AnonOPs port=443 stop' ... if anyone here has looked at LOIC's topic parsing, there's two mistakes the FBI made there. The first is that there's no space between targethost=api.paypal.com and subsite=/. The second is that this person "root" is STOPPING the attacks by adding "stop" at the end of the topic. Unless they can show logs of this "root" person throwing "start" in the topic instead of stop, this person is doing exactly the opposite of "willingly and knowingly" executing commands to start a DDoS attack.
Re: (Score:1)
Re:A few mistakes... (Score:5, Informative)
That's usual government tactics mixed with incompetence, i.e. raid as many people as possible, with warrants that are based on wrong information. Most cops don't know what they are doing in regards to IT or knowingly use bad information to get warrants. Hundreds and thousands of raids look great in press releases and there are no consequences for doing a shitty/fraudulent job. They simply hide the fact that a tiny, tiny percentage of those raids actually result in convictions. The vast majority of cases are discontinued due to lack of evidence or because people get lawyers who tear the crap cops did to shreds.
A great example is operation "Himmel" in Germany. Literally 1000s of raids all across Germany were started because some server contained child pornography and logs appeared to indicate LOTS of downloads. Turns out the majority of images were neither CP nor illegal. People ended up getting their homes raided by police because they only loaded a few thumbnails; not even full images. In the end not a single case out of these 1000s ended up in court. Yet police and politicians considered the operation to be a success and used it to inflate their case numbers to prove how important new internet laws are.
It's not about convictions, it's about publicity for politicians and creating FUD for agencies.
Re: (Score:2)
Well, it sounds like my initial presumption that they didn't bother to get a warrant was wrong.
Isn't it amazing.. (Score:5, Insightful)
Re: (Score:2, Insightful)
Money talks... Anon starting playing with fire when they went after the credit processing industry. Most malicious servers don't go out of their way to put a big target on their back. More importantly, they don't actively disrupt commerce, something that this government takes more seriously than just about anything else.
Worth noting, this is the ONLY police action in the USA related to wikileaks, and it isn't really even related. What the hell does that say about all this?
Re: (Score:2)
Welll but isn't it great that the FBI is prioritizing the investigation of the people who DDoSed Wikileaks? They are freedom fighters aren't they? They surely will protect the freedom of speech of an important outlet for corruption and abuses of power aren't they? Oops I was day dreaming that law enforcement actually cared about people and justice again.