Feds arrest 16 in Anonymous hack probe

PayPal avenged for 'Operation Avenge Assange'


Federal officials arrested 16 people accused of carrying out computer crimes that damaged or breached protected systems, including a December attack organized by the Anonymous hacker collective on PayPal that caused numerous service disruptions.

Fourteen suspects from 10 states were accused of participating in “Operation Avenge Assange,” which sought to punish the eBay-owned payment service for suspending an account belonging to whistle-blower website WikiLeaks. Using a tool known as the Low Orbit Ion Cannon and distributed by Anonymous members, they allegedly helped to coordinate an attack that bombarded PayPal servers with more traffic than they were designed to handle.

Members of Anonymous gathered in internet relay channels to plan and carry out the attack against PayPal, which banned WikiLeaks a few weeks after publishing hundreds of thousands of classified US State Department memos. The indictment, which was filed last week in federal court in San José, California, was unsealed Tuesday, just hours after it was widely reported that FBI agents had raided the homes of suspected Anonymous members.

They were charged with counts of conspiracy and intentional damage to a protected computer, and were scheduled to appear Tuesday in various federal courthouses near where they were arrested.

Thirteen of the suspects were identified as: Christopher Wayne Cooper, 23, aka "Anthrophobic"; Joshua John Covelli, 26, aka "Absolem" and "Toxic"; Keith Wilson Downey, 26; Mercedes Renee Haefer, 20, aka "No" and "MMMM"; Donald Husband, 29, aka "Ananon"; Vincent Charles Kershaw, 27, aka "Trivette", "Triv", and "Reaper"; Ethan Miles, 33; James C. Murphy, 36; Drew Alan Phillips, 26, aka "Drew010"; Jeffrey Puglisi, 28, aka "Jeffer", "Jefferp", and "Ji"; Daniel Sullivan, 22; Tracy Ann Valenzuela, 42; and Christopher Quang Vo, 22.

The name of one suspect was withheld.

Federal prosecutors announced the arrests of two other people who were charged with computer offenses that may have been related to hacks credited to LulzSec, which many believe to be a splinter group of Anonymous.

Scott Matthew Arciszewski, a 21-year-old student at the University of Central Florida, illegally accessed a website operated by the FBI-affiliated Infragard, a criminal complaint filed last week in Tampa alleged. He then uploaded three files he named “aspydrv.asp;jpg” – and, yes, the indictment includes that semicolon in the filename – which “caused damage to the server by impairing the integrity of the server,” according to FBI Special Agent Adam R. Malone, who prepared the document.

Arciszewski allegedly referred to the intrusion on his Twitter account and included a link to instructions for others to compromise the site.

Arciszewski's alleged June 21 hack came two weeks after LulzSec took credit for breaching the security of Infragard systems, defacing its website, and leaking its email database in the process.

A 16th suspect was accused in a separate complaint filed in federal court in New Jersey of stealing confidential business information stored on AT&T servers and posting it to the internet. Lance Moore, 21, of Las Cruces, New Mexico, allegedly used his position as a customer support contractor for the telecom giant to obtain the data, and then, in April, to post it to Fileape.com, which promises never to store the IP addresses of its users.

In late June, LulzSec announced it had acquired the data and recirculated it as part of a massive bittorrent upload.

In all, FBI agents executed 35 search warrants on Tuesday throughout the US as part of an ongoing investigation into coordinated “cyber attacks” against major companies and organizations. In a press release, prosecutors said Tuesday's arrests coincided with the arrests of one person in the UK's Metropolitan Police Service and four individuals by the Dutch National Police Agency. Those detentions were related to unspecified “cyber crimes.”

To date, more than 75 searches have taken place in the US as part of the investigation. ®


Other stories you might like

  • Planning for power cuts? That's strictly for the birds

    Please Mr Hitchcock, no more. The UPS can't take it

    Who, Me? "Expect the unexpected" is a cliché regularly trotted out during disaster planning. But how far should those plans go? Welcome to an episode of Who, Me? where a reader finds an entirely new failure mode.

    Today's tale comes from "Brian" (not his name) and is set during a period when the US state of California was facing rolling blackouts.

    Our reader was working for a struggling hardware vendor in the state, a once mighty power now reduced to a mere 1,400 employees thanks to that old favourite of the HR axe-wielder: "restructuring."

    Continue reading
  • North Korea pulled in $400m in cryptocurrency heists last year – report

    Plus: FIFA 22 players lose their identity and Texas gets phony QR codes

    In brief Thieves operating for the North Korean government made off with almost $400m in digicash last year in a concerted attack to steal and launder as much currency as they could.

    A report from blockchain biz Chainalysis found that attackers were going after investment houses and currency exchanges in a bid to purloin funds and send them back to the Glorious Leader's coffers. They then use mixing software to make masses of micropayments to new wallets, before consolidating them all again into a new account and moving the funds.

    Bitcoin used to be a top target but Ether is now the most stolen currency, say the researchers, accounting for 58 per cent of the funds filched. Bitcoin accounted for just 20 per cent, a fall of more than 50 per cent since 2019 - although part of the reason might be that they are now so valuable people are taking more care with them.

    Continue reading
  • Tesla Full Self-Driving videos prompt California's DMV to rethink policy on accidents

    Plus: AI systems can identify different chess players by their moves and more

    In brief California’s Department of Motor Vehicles said it’s “revisiting” its opinion of whether Tesla’s so-called Full Self-Driving feature needs more oversight after a series of videos demonstrate how the technology can be dangerous.

    “Recent software updates, videos showing dangerous use of that technology, open investigations by the National Highway Traffic Safety Administration, and the opinions of other experts in this space,” have made the DMV think twice about Tesla, according to a letter sent to California’s Senator Lena Gonzalez (D-Long Beach), chair of the Senate’s transportation committee, and first reported by the LA Times.

    Tesla isn’t required to report the number of crashes to California’s DMV unlike other self-driving car companies like Waymo or Cruise because it operates at lower levels of autonomy and requires human supervision. But that may change after videos like drivers having to take over to avoid accidentally swerving into pedestrians crossing the road or failing to detect a truck in the middle of the road continue circulating.

    Continue reading

Biting the hand that feeds IT © 1998–2022