Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI Raids Texas ISP For Anonymous DDoS Info

Posted by timothy on from the now-turn-around-reeeeal-slow dept.

jcombel writes with this link to The Smoking Gun, which says "As part of an international criminal probe into computer attacks launched this month against perceived corporate enemies of WikiLeaks, the FBI has raided a Texas business and seized a computer server that investigators believe was used to launch a massive electronic attack on PayPal." Computerworld has a story, as well.

25 of 120 comments (clear)

  1. Idiots by Mad-Mage1 · · Score: 5, Informative

    It was a bloody IRC server that's all. It was used by LOIC to get targets, etc...

    I'm sure they were scraping and recording all of the chat logs from each IRC channel that was used, and THOSE logs are the ones with the money info, like who was participating, or at least their IP at the time. Snatching the IRC servers themselves is relatively useless.

    --
    The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants.
    1. Re:Idiots by devxo · · Score: 5, Informative

      I haven't been to their network, but somehow I think it's one of those ircd's that hide user ip. Since they snatched the irc servers, they also got the masking keys and can now unmask all the ip's. Without getting the servers it wouldn't had been possible. Besides, there's probably more info and evidence on the servers.

    2. Re:Idiots by Tynin · · Score: 4, Interesting

      I agree with you. As a former ISP employee, it is pretty well known that the FBI has electronic taps into most ISP companies. I assume the same would be true for datacenter operations as well. I have to imagine watching the traffic silently would have yielded more info than shutting down servers and taking them in for review. No need to worry about masking keys when you can watch the raw traffic come in and see who the major actors are.

      But more than that, why raid a datacenter? Why not work with the datacenter to get what they need and minimize an outage for any other custemers. It is like the FBI treats datacenters and ISP's as bad actors and doesn't trust that they aren't in on the crime which I think is rather outrageous.

    3. Re:Idiots by tagno25 · · Score: 2

      They ban proxies so that you are not DDOSing the proxy or killing ALL of tor.

    4. Re:Idiots by Miros · · Score: 4, Insightful

      To discourage others from operating infrastructure that can aid in DDoS attacks? This kind of high visibility move tends to invoke certain emotions among people who might be otherwise inclined to assist in some criminal enterprise. Whoever owned that server is probably not having a good week right now, and it's clear that simply operating some seemingly benign infrastructure that aids in a conspiracy to commit a crime is something that can get your equipment seized and your ass in hot water.

    5. Re:Idiots by Kagato · · Score: 4, Informative

      I have to disagree about the taps.

      I've worked in VERY large national ISPs and local ISPs. At the large ISPs we dealt with dozens of warrants daily. If need be engineering would work with them as a partner to get what they needed. We were also allowed to push back if the warrant wasn't in order.

      At the small ISP the FBI would just show up and seize stuff. Often before hand they would call peers and dig up background information on the employees and owners. When dealing with small ISPs the FBI starts with the assumption that the company is in on it. You'll enjoy a reputation tarnished in the local community and threats of having all your equipment seized (putting you out of business).

    6. Re:Idiots by Hatta · · Score: 3, Insightful

      All of which amounts to the government bullying legitimate businesses for doing nothing illegal. How is this even close to acceptable?

      --
      Give me Classic Slashdot or give me death!
    7. Re:Idiots by Hatta · · Score: 2

      Read a little harder and figure out who is doing the DDOS here and who got raided by the FBI.

      --
      Give me Classic Slashdot or give me death!
    8. Re:Idiots by HiThere · · Score: 2

      I really doubt that they would agree to something likely to put them out of business unless they were coerced.

      I haven't been following things, but my presumptions are:
      1) the business is (essentially) innocent
      2) there was no warrant
      3) The FBI used "main force"
      4) They'll get away with it again

      Will they find evidence? Maybe. Did they shut down the business? Almost certainly.

      That said, these are initial presumptions. Some comments have caused me to believe that this time the FBI didn't seize servers that will actually put the company out of business. But I've heard of no evidence of a warrant, so I'm assuming that they've acted as they did in a few other cases that I've heard of.

      The actions of the FBI that I've heard of do not indicate that they are very interested in protecting the rights of the accused. And also that if they doubt that they'll be able to get enough evidence to convict their target, that they are willing to use extra-legal means to cause them severe financial damage. In one case where I'm personally aware, the (eventually) accused was able to get a decent pro-bono lawyer. (He couldn't hire one, because all his assets had been seized.) Last I heard he'd been fighting the charge for years. Not many pro-bono lawyers will support you through that. He's probably going to loose. Because he has expenses that he can no longer meet. But, I'll admit, this was the DEA not the FBI, so that poor evidence, even though it does shape the lens through which I read these stories. (The charge? He was a doctor charged with prescribing too much pain medication for cancer patients on welfare.)

      Perhaps I shouldn't think of the FBI the same way, but reports in the news show that they follow a similar pattern of behavior, so I think that it *IS* fair.

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
  2. Re:WH says DDOS is not a crime by drinkypoo · · Score: 4, Insightful

    You have to get a license to legally make a street protest which shuts down traffic, in most places.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  3. I wasn't around then, but.. by Anonymous Coward · · Score: 2, Insightful

    I get the feeling we're about to see Weather Underground 2.0. FBI and friends rounding up subversives, cooking up various stories/evidence/results and both sides getting more and more serious until things go bad.

    Anonymous will, I suggest, become the 21st century hippies once more and more tangential interests come aboard, and before you know it a few radical offshoot groups will take on the government in a serious way. Cyberthreats the like of government talk are bullshit, but people with technical knowhow and a bit of time can scuttle bureacracy gone bad, ala various leakings. I don't properly (beyond some scrapings of the history) know the who or what of 1969 onward and how right each side of the government-hippy fence was.. but I'm around for this fight, I'm a witnessing some disturbing trends that displease me greatly and can't say I side with the government being right.

    In the cosmic irony department, the captcha for this post is "unfair".

    1. Re:I wasn't around then, but.. by dreamchaser · · Score: 2

      Doubtful. The vast majority of Anonymous does what they do for the lulz, not out of any ideology.

    2. Re:I wasn't around then, but.. by Bobakitoo · · Score: 2

      The "for the lulz" is part of the meme, just like using the word "Anonymous" as personal name. If the target was something they supported, they would not have participate. The target is picked carefuly out of a ideology and peoples supporting the cause join the DDoS. The reasoning behine is that moral equal bigotry, and if you cannot do something for an ideology, you can only do it for your own selfish entertainment (a.k.a. "for the lulz").

  4. nice joe job, anonymous by circletimessquare · · Score: 2

    use the fbi to do your dirty work

    http://en.wikipedia.org/wiki/Joe_job

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  5. Re:Attacking financial services by Anonymous Coward · · Score: 5, Insightful

    What could possibly go wrong?

    Paypal: the "bank" that somehow gets away with not having to be regulated like a bank and treated like a bank, despite looking like a bank and acting like a bank.

    DDoS attacks suck but in this case, nothing of value was lost.

  6. Well, technically... by ferongr · · Score: 2

    ... the server did not actually send those TCP requests, but was hosting an IRC server. The flooding software allows the user to turn his computer in a voluntary "botnet member". The software then connects to a specific IRC server (can be changed easily in case the server goes out of commission), connects to a specific channel and then a bot in this channel responds to commands by the software and passes the IP address of the target.

    This allows the masterminds behind the attacks to coordinate the computers effectively and paralyze sites with an instant flood of requests, instead of having each user configuring the software with a new target I.P. and having the load on the target increase gradually, making it easier to react.

  7. Re:Paypal provided IRC server list? by jesseck · · Score: 2

    There's nothing that says PayPal couldn't have joined in with Anonymous and DDoS themselves... all it would take is a network admin to join the attack and watch the packets. All of a sudden, he becomes and "investigator"- making it sound like PayPal has their own black ops team, working hand-in-hand with the FBI. Of course, the FBI could do the same, or be wiretapping the data center without a warrant, and claim it was PayPal that gathered the info.

  8. patriot by choko · · Score: 5, Insightful

    So I'm assuming that we are going to see a probe by authorities into the "patriots" behind the wikileaks DDOS attacks next?

  9. Re:DOS Attacks by Bobakitoo · · Score: 3, Interesting

    Union strike and protest can also damage the economy. Let put all these peoples behind bars. Who the fuck they think they are? Damaging sort term profit of the all powerful corporations!

  10. Re:WH says DDOS is not a crime by JumperCable · · Score: 2

    WH says DDOS is not a crime

    I don't see that in either you quote or in the article.

    People who have plead guilty to DDOS attacks have done so under this law:

    Specifically 18 U.S.C. 1030 (a) (5) (A) (i), (B) (i).

    I would be curious to see this challenged in the case of a single person with a single machine. The efforts of a single individual is not enough to take down a server. In fact, odds are they don't have proof that any of the packets the individual sent even reached the server in question or had any effect on it.

  11. A few mistakes... by jornak · · Score: 5, Interesting

    First mistake: They list the IP in the affadavit OUTSIDE of the logs twice as 72.9.153.42 instead of 72.9.153.142 as it should be. One could assume that they could have now raided the wrong server in Tailor Made's farm.

    Second mistake: "root" is just an IRC nickname on AnonOPs, and this person does NOT have root access on the IRC server that was raid as falsely assumed in the affadavit. They have oper with override privileges, and that was what was logged. The raid on the server at Tailor Made Servers was made under false pretenses.

    Third mistake: Those logs show... [Thu Dec 9 11:14:27 2010] - OVERRIDE: root(root@72.9.153.142) TOPIC #loic '!lazor default targethost=api.paypal.comsubsite=/ speed=3 threads=15 method=tcp wait=false random=true checked=false message=Good_night_paypal_Sweet_dreams_from_AnonOPs port=443 stop' ... if anyone here has looked at LOIC's topic parsing, there's two mistakes the FBI made there. The first is that there's no space between targethost=api.paypal.com and subsite=/. The second is that this person "root" is STOPPING the attacks by adding "stop" at the end of the topic. Unless they can show logs of this "root" person throwing "start" in the topic instead of stop, this person is doing exactly the opposite of "willingly and knowingly" executing commands to start a DDoS attack.

    1. Re:A few mistakes... by Anonymous Coward · · Score: 5, Informative

      That's usual government tactics mixed with incompetence, i.e. raid as many people as possible, with warrants that are based on wrong information. Most cops don't know what they are doing in regards to IT or knowingly use bad information to get warrants. Hundreds and thousands of raids look great in press releases and there are no consequences for doing a shitty/fraudulent job. They simply hide the fact that a tiny, tiny percentage of those raids actually result in convictions. The vast majority of cases are discontinued due to lack of evidence or because people get lawyers who tear the crap cops did to shreds.

      A great example is operation "Himmel" in Germany. Literally 1000s of raids all across Germany were started because some server contained child pornography and logs appeared to indicate LOTS of downloads. Turns out the majority of images were neither CP nor illegal. People ended up getting their homes raided by police because they only loaded a few thumbnails; not even full images. In the end not a single case out of these 1000s ended up in court. Yet police and politicians considered the operation to be a success and used it to inflate their case numbers to prove how important new internet laws are.

      It's not about convictions, it's about publicity for politicians and creating FUD for agencies.

  12. Isn't it amazing.. by Dynamoo · · Score: 4, Insightful

    Isn't it amazing that the FBI can get their arses into gear over Anonymous, while allowing thousands of other criminal operations to use US based servers without disturbance. I am constantly horrified by the number of malicious sites operating out of the mainland US that are clearly operating in plain sight.

    --
    Never email donotemail@WeAreSpammers.com
    1. Re:Isn't it amazing.. by Anonymous Coward · · Score: 2, Insightful

      Money talks... Anon starting playing with fire when they went after the credit processing industry. Most malicious servers don't go out of their way to put a big target on their back. More importantly, they don't actively disrupt commerce, something that this government takes more seriously than just about anything else.
       
      Worth noting, this is the ONLY police action in the USA related to wikileaks, and it isn't really even related. What the hell does that say about all this?

  13. Re:Attacking financial services by ScentCone · · Score: 3, Insightful

    You mean there ARE banks which were are required to do business with

    No, I don't mean that and you know it. But if you want to do business with a bank that, for example, offers you FDIC protected checking accounts, then you looking for a different sort of service provider. PayPal isn't in that line of work.

    And, on your other comment ... you're confusing FDIC insurance and the accompanying regulations with being bailed out, which are completely different things.

    --
    Don't disappoint your bird dog. Go to the range.