FBI Investigates Anonymous DDoS Attacks Against PayPal

Court fillings reveal that FBI is currently investigating the distributed denial of service attacks launched against PayPal by the Anonymous group of hacktivists.

The Smoking Gun reports that an FBI affidavit sworn in support of a search warrant at a Dallas hosting firm, reveals details of the federal probe.

At the beginning this month, PayPal froze the account used by WikiLeaks to receive donations citing illegal activities.

Shortly afterward, Anonymous, a group of Internet activists known to use DDoS as a protest method, mounted an attack against the PayPal blog.

In the days that followed, the attack moved to the main website and its API. PayPal publicly dismissed the downtime of its blog as a technical issue, but according to the affidavit, it contacted the FBI about it on December 6.

The company also supplied eight IP addresses used by Anononymous' IRC server, irc.anonops.net, where the attacks are launched from through the hive mind feature of the Low Orbit Ion Canon (LOIC) DDoS tool.

The "hive mind" setting makes computers act like botnet clients by putting their bandwidth resources at the disposal of Anonymous leaders, who can then issue commands to attack certain targets.

One of the IP addresses provided by PayPal pointed to a hosting provider in Germany. When the German Federal Criminal Police investigated, it discovered that the server was owned by a man from France.

However, a more detailed analysis of the logs revealed that the actual commands to launch the DDoS attacks were issued by someone connected from an IP at the Dallas co-location vendor, where the FBI wants to execute a search warrant.

A separate IP addresss led investigators to an ISP in Canada, which told the Royal Canadian Mounted Police that its server is actually hosted at Hurricane Electric in Fremont, California.

The investigation continues and might lead to criminal charges against Anonymous members. Two teenagers previously received one-year prison sentences for their participation in Anonymous-organized DDoS attacks against the Church of Scientology.