As we reported previously, the United States Federal Bureau of Investigation (FBI) launched an investigation into Operation Payback in November, which was triggered due to DDoS attacks executed by Anonymous against Paypal and the US Copyright Office website.
Details are now finally starting to emerge on actions that the FBI has taken in their investigation on Anonymous and those who were allegedly involved in Operation Payback attacks.
The article details that “On December 9, PayPal investigators provided FBI agents with eight IP addresses that were hosting an “Anonymous” Internet Relay Chat (IRC) site that was being used to organize denial of service attacks. The unidentified administrators of this IRC “then acted as the command and control” of a botnet army of computers that was used to attack target web sites.”
FBI investigators claim that these Anonymous DDoS attacks violated federal law that reads “unauthorized and knowing transmission of code or commands resulting in intentional damage to a protected computer system.”
The IP addresses provided by Paypal didn’t lead directly to the Texas business, as investigators had to do a virtual hop scotch around the globe before being led to the server in the Lone Star state. The initial IP was traced to Host Europe, an ISP located in Germany. A search warrant issued by German police then revealed that the server belonged to a man from France. Additional analysis revealed that root (Administrator) access to the server appeared be coming from yet another IP altogether. This IP was eventually traced to “Tailor Made Services”, a Dallas Texas based business that specializes in dedicated server hosting.
Court records show that on December 16th, the FBI raided Tailor Made Services and copied two HDD’s located within servers that were tracked down in their IP address investigations. It is unclear whether or not any suspects have been identified by the FBI or if they are still trying to track down additional IP addresses linked to these computer systems.
A separate IP address provided by Paypal was found to be originating from a Canadian ISP in British Columbia. Canadian police determined that the virtual server utilizing this IP address was actually hosted at the provider Hurricane Electric in California. There is no official word as to whether the hard drive data from this California based server was seized by the FBI, but it is highly probable.
With the FBI and other International law enforcement entities now actively involved in Operation Payback investigations, it’s no surprise that legal heat is intensifying for these not-so-anonymous vigilantes. All of this risk could start thinning the ranks of Anonymous, if those involved start getting worried about the possible legal ramifications of their actions. Either way, my guess is that the activities of Anonymous will continue, but perhaps participants will start to be even more cautious about masking their real identities and IP addresses.