Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI Raids Texas ISP For Anonymous DDoS Info

Posted by timothy on from the now-turn-around-reeeeal-slow dept.

jcombel writes with this link to The Smoking Gun, which says "As part of an international criminal probe into computer attacks launched this month against perceived corporate enemies of WikiLeaks, the FBI has raided a Texas business and seized a computer server that investigators believe was used to launch a massive electronic attack on PayPal." Computerworld has a story, as well.

11 of 120 comments (clear)

  1. Idiots by Mad-Mage1 · · Score: 5, Informative

    It was a bloody IRC server that's all. It was used by LOIC to get targets, etc...

    I'm sure they were scraping and recording all of the chat logs from each IRC channel that was used, and THOSE logs are the ones with the money info, like who was participating, or at least their IP at the time. Snatching the IRC servers themselves is relatively useless.

    --
    The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants.
    1. Re:Idiots by devxo · · Score: 5, Informative

      I haven't been to their network, but somehow I think it's one of those ircd's that hide user ip. Since they snatched the irc servers, they also got the masking keys and can now unmask all the ip's. Without getting the servers it wouldn't had been possible. Besides, there's probably more info and evidence on the servers.

    2. Re:Idiots by Tynin · · Score: 4, Interesting

      I agree with you. As a former ISP employee, it is pretty well known that the FBI has electronic taps into most ISP companies. I assume the same would be true for datacenter operations as well. I have to imagine watching the traffic silently would have yielded more info than shutting down servers and taking them in for review. No need to worry about masking keys when you can watch the raw traffic come in and see who the major actors are.

      But more than that, why raid a datacenter? Why not work with the datacenter to get what they need and minimize an outage for any other custemers. It is like the FBI treats datacenters and ISP's as bad actors and doesn't trust that they aren't in on the crime which I think is rather outrageous.

    3. Re:Idiots by Miros · · Score: 4, Insightful

      To discourage others from operating infrastructure that can aid in DDoS attacks? This kind of high visibility move tends to invoke certain emotions among people who might be otherwise inclined to assist in some criminal enterprise. Whoever owned that server is probably not having a good week right now, and it's clear that simply operating some seemingly benign infrastructure that aids in a conspiracy to commit a crime is something that can get your equipment seized and your ass in hot water.

    4. Re:Idiots by Kagato · · Score: 4, Informative

      I have to disagree about the taps.

      I've worked in VERY large national ISPs and local ISPs. At the large ISPs we dealt with dozens of warrants daily. If need be engineering would work with them as a partner to get what they needed. We were also allowed to push back if the warrant wasn't in order.

      At the small ISP the FBI would just show up and seize stuff. Often before hand they would call peers and dig up background information on the employees and owners. When dealing with small ISPs the FBI starts with the assumption that the company is in on it. You'll enjoy a reputation tarnished in the local community and threats of having all your equipment seized (putting you out of business).

  2. Re:WH says DDOS is not a crime by drinkypoo · · Score: 4, Insightful

    You have to get a license to legally make a street protest which shuts down traffic, in most places.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  3. Re:Attacking financial services by Anonymous Coward · · Score: 5, Insightful

    What could possibly go wrong?

    Paypal: the "bank" that somehow gets away with not having to be regulated like a bank and treated like a bank, despite looking like a bank and acting like a bank.

    DDoS attacks suck but in this case, nothing of value was lost.

  4. patriot by choko · · Score: 5, Insightful

    So I'm assuming that we are going to see a probe by authorities into the "patriots" behind the wikileaks DDOS attacks next?

  5. A few mistakes... by jornak · · Score: 5, Interesting

    First mistake: They list the IP in the affadavit OUTSIDE of the logs twice as 72.9.153.42 instead of 72.9.153.142 as it should be. One could assume that they could have now raided the wrong server in Tailor Made's farm.

    Second mistake: "root" is just an IRC nickname on AnonOPs, and this person does NOT have root access on the IRC server that was raid as falsely assumed in the affadavit. They have oper with override privileges, and that was what was logged. The raid on the server at Tailor Made Servers was made under false pretenses.

    Third mistake: Those logs show... [Thu Dec 9 11:14:27 2010] - OVERRIDE: root(root@72.9.153.142) TOPIC #loic '!lazor default targethost=api.paypal.comsubsite=/ speed=3 threads=15 method=tcp wait=false random=true checked=false message=Good_night_paypal_Sweet_dreams_from_AnonOPs port=443 stop' ... if anyone here has looked at LOIC's topic parsing, there's two mistakes the FBI made there. The first is that there's no space between targethost=api.paypal.com and subsite=/. The second is that this person "root" is STOPPING the attacks by adding "stop" at the end of the topic. Unless they can show logs of this "root" person throwing "start" in the topic instead of stop, this person is doing exactly the opposite of "willingly and knowingly" executing commands to start a DDoS attack.

    1. Re:A few mistakes... by Anonymous Coward · · Score: 5, Informative

      That's usual government tactics mixed with incompetence, i.e. raid as many people as possible, with warrants that are based on wrong information. Most cops don't know what they are doing in regards to IT or knowingly use bad information to get warrants. Hundreds and thousands of raids look great in press releases and there are no consequences for doing a shitty/fraudulent job. They simply hide the fact that a tiny, tiny percentage of those raids actually result in convictions. The vast majority of cases are discontinued due to lack of evidence or because people get lawyers who tear the crap cops did to shreds.

      A great example is operation "Himmel" in Germany. Literally 1000s of raids all across Germany were started because some server contained child pornography and logs appeared to indicate LOTS of downloads. Turns out the majority of images were neither CP nor illegal. People ended up getting their homes raided by police because they only loaded a few thumbnails; not even full images. In the end not a single case out of these 1000s ended up in court. Yet police and politicians considered the operation to be a success and used it to inflate their case numbers to prove how important new internet laws are.

      It's not about convictions, it's about publicity for politicians and creating FUD for agencies.

  6. Isn't it amazing.. by Dynamoo · · Score: 4, Insightful

    Isn't it amazing that the FBI can get their arses into gear over Anonymous, while allowing thousands of other criminal operations to use US based servers without disturbance. I am constantly horrified by the number of malicious sites operating out of the mainland US that are clearly operating in plain sight.

    --
    Never email donotemail@WeAreSpammers.com