FBI agents executed more than 35 search warrants and arrested fourteen alleged members of the Anonymous hacking collective in a coordinated crackdown across the nation on Tuesday. The U.S. Department of Justice said in a statement that the individuals were arrested on charges related to their alleged involvement in Distributed Denial of Service (DDoS) attacks on PayPal’s website.
In late November 2010, WikiLeaks released a large amount of classified U.S. State Department cables on its website. Shortly after, PayPal suspended WikiLeaks’ accounts so that WikiLeaks could no longer receive donations via PayPal. WikiLeaks’ website declared that PayPal’s action “tried to economically strangle WikiLeaks.” The indictment alleges that in retribution for PayPal’s termination of WikiLeaks’ donation account, Anonymous coordinated and executed distributed denial of service (DDoS) attacks against PayPal.
While these arrests reflect the ongoing efforts of law enforcement to crack down and pursue those conducting malicious online activities, will they have an impact? Application Security, Inc.’s Director of Security Strategy, Andrew Herlands, doesn’t think so. “It is likely that the suspected ‘anonymous’ members were no more than foot soldiers in the larger Anonymous battle,” Herlands said. “A favorite tool of Anonymous for causing Distributed Denial of Service (DDoS) is the Low Orbit Ion Cannon (LOIC) software. People who wanted to join the Anonymous movement were encouraged to download the software to their personal computers, and join coordinated distributed attack ‘campaigns’. It’s likely that the people arrested are merely pawns, and while they may be made an example of, their arrest will likely have little to no short-term impact on the hacktivist attacks.”
The FBI also arrested two other defendants on Tuesday on other cyber-related charges, in two separate complaints filed in Florida and New Jersey.
Scott Matthew Arciszewski, 21, was arrested on Tuesday for allegedly hacking an InfraGard website. The complaint alleges that Arciszewski then tweeted about the intrusion and directed visitors to a separate website containing links with instructions on how to exploit the Tampa InfraGard website. InfraGard is a public-private partnership for critical infrastructure protection sponsored by the FBI.
In New Jersey the FBI charged Lance Moore, 21, of Las Cruces, N.M., with allegedly stealing confidential business information stored on AT&T’s servers and posting it on a public file sharing site. Moore was arrested on Tuesday at his home by FBI agents and is being charged with one count of accessing a protected computer without authorization.
According to the New Jersey complaint, Moore, a customer support contractor, “exceeded his authorized access” to AT&T’s servers and downloaded thousands of documents, applications and other files that, on the same day, he allegedly posted on a public file-hosting site that promises user anonymity. According to the complaint, on June 25, 2011, the computer hacking group LulzSec publicized that they had obtained confidential AT&T documents and made them publicly available on the Internet. The documents were the ones Moore had previously uploaded, the FBI said.
The FBI noted that the charge of intentional damage to a protected computer carries a maximum penalty of 10 years in prison and a $250,000 fine, and each count of conspiracy carries a maximum penalty of five years in prison and a $250,000 fine.
This week’s operations were done in coordination with the authorities in the United Kingdom and the Netherlands. The United Kingdom’s Metropolitan Police Service arrested one person and the Dutch National Police Agency arrested four individuals Tuesday for alleged related cyber crimes.
In July, Spanish authorities arrested three alleged Anonymous members, and authorities in Turkey detained 32 individuals allegedly linked to the hacktivist group.
As opposed cybercriminals profiting from data theft, hacktivism isn’t motivated by money. Hacktivist groups like Anonymous are motivated by revenge, politics, and a desire to humiliate victims, with profit typically not a motive.
Related Reading: How Operation Payback and Hacktivism are Rocking the ‘Net