From The Smoking Gun: "As part of an international criminal probe into computer attacks launched this month against perceived corporate enemies of WikiLeaks, the FBI has raided a Texas business and seized a computer server that investigators believe was used to launch a massive electronic attack on PayPal." More details on the firm in question, and another hosting facility in California the FBI is investigating, at the bottom of the piece.
Probably somebody set up the IRC channel on their already-existing server (or that of their employer). The FBI is probably interested in the IRC server logs to find out who was connected and perhaps the logs of the chat if the server keeps them.
Actually… given the article on this here, perhaps the IRC channel was being used as a control conduit for the LOIC installs.
Kiddies, in future, host that stuff outside the US.
#8 so what? I was connected on anonops irc at that time but I didn’t attack paypal, am I a “criminal”? :P
Anon
“#8 so what? I was connected on anonops irc at that time but I didn’t attack paypal, am I a “criminal”? :P”
I sincerely don’t understand. I give up. I didn’t understand if they were charging the company with a crime, or if they were looking to find others on the server.
This will do nothing, stop no one. The sysadmin’s of the world are in control. operation “payback” its a joke. A puff piece. Calming the nerves of the public that doesn’t understand how the internet really works. You think the person running the bot net on that server was actually there? HA!
What, did they raid Steve Jackson Games again?
This won’t end well.
Another good reason to filter UDP at the edge of your network.
Filter UDP? I take it you don’t use DNS? Am I missing something?
The asymmetry here is painfully glaring. The FBI goes after the people who attacked PayPal but not those who earlier attacked WikiLeaks.
It may be difficult to do if the attack wasn’t domestic.
So, (warning: dumb question here), is there a way that they can distinguish that the attacks actually originated from that server?
Or could it be that some other ISP location turned the server into a zombie or bot computer? Is there a way to know if someone hacked the computer, or sent a trojan in order to do the attacks?
Makes you feel good about hosting your data in a ‘secure’ data center. Imagine you’re hosting your (completely unrelated yet private) data in this Texas datacenter the day it gets raided by the FBI.
It appears that it wasn’t the server itself that was performing the DDoS, it was just hosting the IRC channel for coordination of the attacks.
Thanks for that answer. Does “hosting” imply that they were complicit somehow? Or is it that they simply have a business that makes money by “hosting” whatever activity or traffic someone pays them to put through their servers? I’m sorry if I should already know this.