2011-07-26 by SOMINI SENGUPTA from "new York Times" [http://www.nytimes.com/2011/07/26/technology/for-suspected-hackers-a-sense-of-social-protest.html]:
(Kelly Jordan for The New York Times) Keith Downey, 26, likened bombarding PayPal online to a sit-in.
SAN FRANCISCO — The F.B.I.’s arrests of 14 people last week were the most ambitious crackdown yet on a loose-knit group of hackers called Anonymous that has attacked a string of government agencies and private companies over the last eight months.
But at least some of the suspects are not your typical hard-core hackers, judging from interviews with two of them and the online traces of others. Some did not bother to cover their digital tracks as they participated in what they saw as an online protest. And some say they were unaware that their feverish clicks on a home computer may have been against the law.
The suspects, mostly in their 20s and living unremarkable lives in small towns and suburbs across the country, now face up to 15 years in prison. Among them are a college student, an ex-Marine, a couple of self-taught computer programmers, even a young man whose only celebrity before last week’s arrest was that he dressed up as Harry Potter for a movie premiere.
While federal law enforcement officials are clearly keen to quash the notion that online attacks are a form of social protest, the arrests highlight a far bigger challenge facing the authorities as they try to stop digital raids carried out by a large and ideologically motivated group of people scattered across the globe.
The Justice Department has accused the suspects of being part of a criminal conspiracy to damage the Web site of PayPal, the online payment company owned by eBay, which announced last December that it would stop processing donations for WikiLeaks after it exposed classified government information.
Anonymous encouraged retaliation against PayPal, rallying supporters on Twitter. Untold numbers of people — probably hundreds — jumped into the Anonymous-affiliated chat rooms. Some of them began lobbing large packets of data aimed at overwhelming PayPal’s system, using a program called Low Orbit Ion Cannon. The site was hampered for several hours.
Drew Phillips, a wry, serious 26-year-old programmer with a paunch that testifies to hours spent hunched over a computer, admits to joining one of those chat rooms when the attack was being discussed, and to tinkering with the program used in the attack. He said he could have obscured his Internet Protocol address, which can be used to identify a computer, had he thought that anyone was interested in what he was doing.
"I didn’t have anything to hide. I didn’t feel I had to mask my I.P. address,” he said over a caffe mocha at a coffee shop not far from Santa Rosa, his placid middle-class hometown north of San Francisco. “What would anyone want with me?”
Mr. Phillips admits he was sympathetic to the strike against PayPal, but he maintains he did not actually participate.
It took federal officials only a few weeks to catch up with Mr. Phillips. Police and federal agents with a search warrant, arrived at his home early one morning in January.
“What, did I download one too many movies?” he remembers asking facetiously. Federal agents were interested in what he was doing with the Low Orbit Ion Cannon software. Mr. Phillips, who works for a solar energy company, said he used it to test the endurance of his employer’s computer systems. They left with all his equipment: a server he had built himself, a desktop, two laptops and several flash drives. Federal agents returned last week to arrest him, charging him with causing damage to a protected computer and a related conspiracy charge. He says wryly that he suspects the government needed to make an example out of him.
Eugene H. Spafford, a computer security professor at Purdue University, was not convinced that the arrests last week would serve as a deterrent. Rather, he said, it could prompt others to be more careful in the future and even prompt retaliatory strikes.
“A whole bunch of people were angry, they didn’t really think about whether it was legal or not. It never entered their minds,” Professor Spafford said. “This was kind of the equivalent of a spontaneous street protest, where they may have been throwing rocks through windows but never thought that was against the law or hurting anybody.”
A federal law enforcement official, who would not be named because he was not authorized to speak about an active case, argued that denial-of-service attacks like the one against PayPal were costly and illegal: “These things are costing companies millions of dollars.”
The official acknowledged that some of those arrested “used unsophisticated techniques.” But when asked if the authorities were overreacting, he said, “No, it’s never heavy-handed to address violations of law, particularly in this arena of cybersecurity, where the threat is so pervasive.”
Anonymous does make some effort to warn its supporters of the potential hazards of joining the movement; its handbook for new recruits has several pages of instructions on how to mask one’s online identity.
Two days after the arrests in the United States last week, in an open letter to the F.B.I. and international law enforcement authorities, Anonymous and its offshoot, Lulz Security, pledged to continue to attack government and private Web sites. “Your threats to arrest us are meaningless to us as you cannot arrest an idea,” the statement read.
While there are clearly some core members of both Anonymous and Lulz Security, it is not clear whether the authorities have arrested any of them, though media reports have said that a 16-year-old arrested in London last week was an important member of the latter group.
In Jacksonville, Fla., another self-taught programmer named Keith Downey was also angered last December by PayPal’s stance toward WikiLeaks. And in general, he was dismayed at what he saw as increasing government control over the Internet. He logged on from home, also without bothering to use tools that would help shield his identity.
In an Anonymous chat room he was inspired to join the bombardment of PayPal. He likened it to “the college sit-ins of the ’70s” and even to Gandhi’s civil disobedience movement against British rule. No one in the chat rooms apparently bothered to explain that Gandhi spent a lot of time in jail, as did antiwar protesters in the 1970s. Mr. Downey wasn’t prepared to be arrested last week. Nor is he financially prepared to travel across the country for his court appearance in San Jose, Calif., in September.
Mr. Downey, who had a small business installing and maintaining computer hardware for local music studios, lost his computer equipment during an F.B.I. raid in January. He lives with his widowed mother, who was laid off from her job earlier this year. Mr. Downey says he is patching together construction work to make ends meet. He has been represented so far by court-appointed counsel. “I need to set up a donation Web site for my legal expenses,” said Mr. Downey. “I definitely will not use PayPal.”
"FBI Raids Homes of Three ‘Anonymous’ Suspects"
2011-07-19 by Kim Zetter [http://www.wired.com/threatlevel/2011/07/fbi-raids-anonymous-suspects/]:
FBI agents conducted early-morning raids at three homes in New York where suspects believed to be involved in the Anonymous hacking group live.
Investigators seized at least one laptop from one of the homes. Police believe the device may have been used in denial-of-service attacks against several companies.
More than 10 FBI agents converged on the home of Giordani Jordan in Baldwin, on Long Island, while other agents searched two additional homes in Long Island and Brooklyn, according to Fox News [http://www.foxnews.com/scitech/2011/07/19/exclusive-fbi-raids-homes-suspected-anonymous-hackers/].
Anonymous, a loose-knit collective of hackers, has publicly taken credit for denial-of-service attacks against PayPal, Visa and MasterCard after these payment services decided to stop transmitting donations to the secret-spilling site, WikiLeaks.
Last month, Spanish authorities arrested three alleged members of Anonymous in connection to separate attacks against Sony’s online Playstation network and other sites.
Anonymous declared Sony a target over the company’s lawsuit against PlayStation 3 tinkerer George Hotz. Sony claimed it found an Anonymous calling card on one of its compromised servers. But Anonymous asserted that “online thieves” were trying to frame the group over the Sony hacks.
No comments:
Post a Comment