WASHINGTON (Reuters) - U.S. authorities on Tuesday arrested 16 people on charges they participated in major cyber attacks, including the crippling of eBay’s PayPal website as retribution for dropping WikiLeaks as a client.
FBI agents arrested 14 people in nine states and Washington, D.C., for the PayPal attack, which occurred last December and was allegedly coordinated by the hacking group Anonymous. It was the biggest take down so far tied to the high-profile cyber attack.
Financial institutions like PayPal, Visa and MasterCard withdrew services from WikiLeaks last year after the website published thousands of sometimes embarrassing secret U.S. diplomatic reports that have caused strains between Washington and numerous allies.
Hackers responded with so-called distributed denial-of-service attacks that flooded the companies’ websites and rendered them unavailable to legitimate users, according to the indictment filed in California.
PayPal suffered attacks for several days last December.
The 14 individuals were charged with conspiracy, which carries a maximum penalty of five years in prison if convicted, and intentional damage to a protected computer, which carries a maximum sentence of 10 years in prison.
Law enforcement authorities believe Anonymous is mostly made up of hackers believed to be in their teens and early 20s.
“The fact that they have been tracked back and that some of them have been arrested is a significant development,” said Mark Rasch, a former chief of the Justice Department’s cyber crimes unit and now director of Cybersecurity and Privacy Consulting for the government technology services firm CSC.
In addition, U.S. authorities executed more than 35 search warrants around the country as part of its investigation into coordinated cyber attacks against major companies and organizations, the Justice Department said.
The Justice Department and FBI have been under pressure to crack down on hackers who have stepped up their attacks on corporate and government websites over the last several months in a bid to thwart their activities.
Stewart Baker, a former top official of the Homeland Security department, said the FBI probably gave the case extra attention because of the public taunting the bureau received from Anonymous and related groups.
“It does look like some of these guys (hackers) were just fools. The PayPal attack in particular,” said Baker, now at the law firm Steptoe and Johnson LLP. “It looks like these bozos must have just said ‘Cool, an attack on PayPal. You can use my machine.’
“I think it makes it a lot less likely that that people will join the next digital lynch mob,” he said.
Another related arrest came in New Mexico where an employee for a contractor for AT&T’s wireless service faced charges of accessing a computer without authorization by allegedly downloading thousands of documents related to its 4G data network and LTE mobile broadband network.
The data was subsequently downloaded to a file-sharing web site in April and another one of the loosely organized groups of hackers, Lulz Security, subsequently publicized the data breach, the complaint said.
AT&T had no comment on the arrest.
Additional reporting by Basil Katz and Christine Kearney in New York, Jim Finkle in Boston and Dan Levine in San Francisco; editing by Todd Eastham and Bill Trott