First arrest made in connection with the Anonymous group DDoS attacks over WikiLeaks, as Amazon attack is aborted

News by Dan Raywood

A 16-year-old boy has been arrested in connection with the distributed denial-of-service (DDoS) attacks against the likes of PayPal, Visa and MasterCard this week.

A 16-year-old boy has been arrested in connection with the distributed denial-of-service (DDoS) attacks against the likes of PayPal, Visa and MasterCard this week.

According to an announcement by the Dutch Public Prosecution Service, the arrest was ordered by the national prosecutor of the high tech crime team of the national investigation in The Hague.

It claimed that immediately after it became clear that cyber attacks were being launched from the Netherlands, the national high tech crime team launched an investigation.

In a translated document, it said: “The cyber attacks quickly led yesterday to identify the suspect. When the boy was seized, computers and digital data carriers [were also taken]. The boy is now in police custody and interrogated by detectives from the high tech crime team.

“He has confessed [to the] attacks on MasterCard and Visa. The boy is probably part of a larger group of hackers, to which the investigation continues. He was arraigned Friday on the judge in Rotterdam.”

A number of DDoS attacks have been launched this week against the likes of PayPal, MasterCard, Swiss bank PostFinance and Visa following the firms respective withdrawal of services to WikiLeaks. The attacks have been promoted by the Anonymous group as part of its Operation Payback, which initially targeted those who opposed file sharing.

Nigel Hawthorn, VP of EMEA marketing at Blue Coat, commented that this week had been an astonishing one for the internet, free speech and the law. He said: “The Anonymous group are in no way affiliated with WikiLeaks, however it shows the power of the crowd if someone annoys enough people. In the past a riot needed a lot of organising and a lot of like-minded people in the same place at the same time, now you just need to harness some of the over one billion people in the world and you can cause waves far beyond your individual capabilities.”

Graham Cluley, senior technology consultant at Sophos, said that it appears that the authorities are not ruling out further arrests, as Dutch broadcasters reported last night that the police visited the offices of LeaseWeb and EvoSwitch, who are believed to be providing internet services to the Anonymous group, who have coordinated the attacks.

“Of course, it is highly unlikely that the attacks are coming from just one part of the world. DDoS attacks are illegal and you would be very foolish to participate in them, as the penalties can include lengthy jail sentences,” he said.

However a spokesperson for LeaseWeb said that this is not the case, and said that the site is hosted on a LeaseWeb resellers' server who has since removed the site due to illegal activity.

LeaseWeb said: “We are very much aware of our responsibilities as one of the leading hosting providers in the Netherlands. When there is any supposition that illegal activities are taking place through our network, we will actively cooperate with the competent authorities to stop these activities as soon as possible. We host all that is legal under Dutch law, consistent with our terms of service.

“In terms of the police van, EvoSwitch would like to point out that the police van was collecting servers from the recently exposed Bredolab botnet. The servers were rented by a customer of EvoSwitch. The police presence is in no way linked to any other clients of EvoSwitch.”

Meanwhile a rumoured attack on Amazon is reported to have been abandoned after it failed to make any impact on the site's performance. A report by web security tester Paul Mutton, writing on the blog, said that Anonymous decided the ‘hive' of computers in its botnet was not big enough to take on the might of Amazon that is evidently quite good at providing highly scalable web hosting services, not just on its own website, but also on its EC2 service. It said that its European data centre, which formerly hosted the WikiLeaks website, accounts for more than a third of all internet-facing web servers in Ireland.

Tweeting via the @anonopsnet address, Anonymous said that it could not ‘currently' attack Amazon as ‘the previous schedule was to do so, but we don't have enough forces'. It also appears that the Anonymous group's other two Twitter accounts at @AnonyWatcher and @Anon_Operation have been suspended.

Mutton said: “Operation Payback still intend to carry out a DDoS against Amazon, but appear unable do so without more volunteers taking part in their botnet. The botnet currently contains around 2,000 computers, each of which can receive attack commands from the group's IRC network.

“It is likely that other computers are also involved in the attacks. The group's network of IRC servers is under a fair amount of load, with some servers refusing connections, and others already at their user limits. To solve this problem, some ‘hacktivists' are instead using a browser-based JavaScript version of the LOIC tool. Clicking on the ‘IMMA CHARGING MAH LAZER' button causes the page to make a large volume of requests to the target site.”

Alan Bentley, SVP international at Lumension, said: "This is not just one-upmanship between hacktivists supporting WikiLeaks and self proclaimed ‘patriotic' hackers, the collateral damage of this cyber war could see a number of hacktivists behind bars. Whether it is the fact that they are preventing the availability of a public domain or using a collection of machines without the permission of the owners, there is no getting away from the fact that DDoS attacks are illegal.

“DDoS attacks will not go away any time soon. There are armies of botnets ready to be activated at any given moment. Botnets are only created through machines that have left themselves vulnerable. To reduce the number of botnets created in the future, organisations and consumers must ensure that all holes within their systems are closed, preventing hackers from taking control in the first place.

“Microsoft is set to issue 17 bulletins on Patch Tuesday, three of which close vulnerabilities that enable hackers to launch DDoS attacks. It is important that computer users ensure that they shut the open doors to their computer systems, before more botnets are created.”  


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews