Authorities in the U.S. and Germany have raided Internet Service Providers in hopes of tracking down the hackers who launched distributed denial of service (DDoS) attacks against Web sites such as Visa.com, PayPal.com, and Mastercard.com earlier this month.
In documents posted Wednesday to the Smoking Gun Web site, the U.S. Federal Bureau of Investigation describes the complex path its investigation has taken as it has searched for the computers that served as a central meeting point for the attacks.
After Germany’s Federal Criminal Police raided service provider Host Europe, they linked one of he IRC servers to Dallas’s Tailor Made Services, the documents state. Two hard drives were seized from Dallas’s Tailor Made Services on Dec. 16, the Smoking Gun reports. Another IRC server has been traced to Fremont, California’s Hurricane Electric.
Neither Hurricane Electric nor Tailor Made Services could be reached immediately for comment Thursday.
The early-December attacks were part of a grassroots campaign called “Operation Payback,” which tried to put pressure on companies that had severed relations with WikiLeaks after it began publishing classified U.S. Department of State cables. Operation Payback is the work of a group called Anonymous, which has launched similar attacks against the Church of Scientology and the Motion Picture Association of America in the past.
The attacks were strong, but minimally disruptive. They knocked Web sites offline, but they didn’t touch any of the target’s back-end transaction processing systems. They also garnered a lot of publicity for Anonymous.
Ringleaders urged volunteers to download software that flooded Web sites with useless Internet traffic, ultimately causing may of them to come grinding to a stop. Other victims included the Web sites of WikiLeaks critic Sarah Palin and the Swedish Prosecutor’s Office, which is pursuing sex charges against WikiLeaks founder Julian Assange.
The FBI investigation centers on the IRC servers, used to coordinate the attacks. The FBI initiated the investigation on Dec. 9 after PayPal provided them with the Internet Protocol addresses of eight IRC servers used in by the group.
On Dec. 9, Dutch police arrested a 16-year-old boy in connection with the attacks.
Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert’s e-mail address is robert_mcmillan@idg.com