Wikileaks Cyberattacks: FBI Executes More Than 40 Search Warrants Across US

Five arrested in U.K. for alleged role in "operation payback" attacks.

January 27, 2011, 8:04 PM

Jan. 27, 2011 — -- Agents from the FBI today executed more than 40 search warrants around the United States related to last year's cyberattacks that targeted companies that cut off financial donations to Wikileaks following the website's release of U.S. diplomatic cables.

The search warrants were executed in conjunction with arrests in the United Kingdom of five people for their role in "Operation Payback," an effort apparently organized by a group of Internet hacktivists called "Anonymous."

Companies targeted in the cyberattacks included MasterCard, Visa and PayPal.

The companies were subjected to distributed denial of service attacks (DDoS) that flood Internet sites and computer networks with requests for information and commands making the networks and websites unavailable to computer users.

"Operation Payback" was launched as a form of protest against companies breaking their ties with Wikileaks and impairing its ability to raise money.

At the time of the attacks, it was reported that websites for Sarah Palin's PAC and for the Swedish prosecutor's office, seeking Wikileaks founder Julian Assange's extradition on rape charges, also were targeted in the attacks.

A press release posted on the FBI's website late on Thursday noted, "These distributed denial of service attacks are facilitated by software tools designed to damage a computer network's ability to function by flooding it with useless commands and information, thus denying service to legitimate users. A group calling itself "Anonymous" has claimed responsibility for the attacks, saying they conducted them in protest of the companies' and organizations' actions. The attacks were facilitated by the software tools the group makes available for free download on the Internet. The victims included major U.S. companies across several industries."

The FBI noted in the press release, "The FBI also is reminding the public that facilitating or conducting a DDoS attack is illegal, punishable by up to 10 years in prison, as well as exposing participants to significant civil liability."

Searches were conducted in the San Francisco Bay area and the Boston area as part of an ongoing investigation that involved 26 FBI field offices executing search warrants, FBI officials told ABC News.

An FBI spokeswoman declined to comment on the nature of the search warrants or provide information about them because the warrants currently are sealed from the public domain.

According to a Metropolitan Police press release in the United Kingdom, police arrested five males aged 15, 16, 19, 20 and 26 today in early morning arrests. They all were charged under the Computer Misuse Act of 1990.

The FBI has worked with Scotland Yard and investigators in the Netherlands, Germany and France as part of the investigation and with the National Cyber-Forensics and Training Alliance (NCFTA) which is providing assistance. NCFTA is a partnership with the FBI to combat cyber crime.

Justice Department and FBI sources said that the FBI assisted with the investigation of the Dutch youth who was arrested in relation to the "Operation Payback" cyberattacks last month. The FBI's Cyber Division at FBI Headquarters and an FBI special agent embedded with the Dutch police assisted in that case. According to officials, the FBI provided some data to investigators that helped lead to the arrest.

The attacks were done with a computer program called "Low Orbit Ion Canon," and users around the world were communicating via Twitter about how to use it and where to target the program, officials said.

A research paper released by the University of Twente in the Netherlands found that a user's IP address could be revealed by using the "Low Orbit Ion Canon" program. A copy of the paper can be viewed by clicking here.

The FBI noted in its press release, "The NCFTA has advised that software from any untrustworthy source represents a potential threat and should be removed. Major Internet security (anti-virus) software providers have instituted updates so they will detect the so-called "Low Orbit Ion Canon" tools used in these attacks."