Fourteen individuals were arrested on Monday by FBI agents on charges related to their alleged involvement in a cyber attack on PayPal’s website as part of an action claimed by the group “Anonymous,” announced the Department of Justice and the FBI. Two additional defendants were arrested on Tuesday on cyber-related charges.
The 14 individuals were arrested in Alabama, Arizona, California, Colorado, the District of Columbia, Florida, Massachusetts, Nevada, New Mexico, and Ohio on charges contained in an indictment unsealed on Tuesday in the Northern District of California in San Jose. In addition, two individuals were arrested on similar charges in two separate complaints filed in the Middle District of Florida and the District of New Jersey.
Also on Tuesday, FBI agents executed more than 35 search warrants throughout the United States as part of an ongoing investigation into coordinated cyber attacks against major companies and organizations. Finally, the United Kingdom’s Metropolitan Police Service arrested one person and the Dutch National Police Agency arrested four individuals on Tuseday for alleged related cyber crimes.
According to the San Jose indictment, in late November 2010, WikiLeaks released a large amount of classified U.S. State Department cables on its website. Citing violations of the PayPal terms of service, and in response to WikiLeaks’ release of the classified cables, PayPal suspended WikiLeaks’ accounts so that WikiLeaks could no longer receive donations via PayPal. WikiLeaks’ website declared that PayPal’s action “tried to economically strangle WikiLeaks.”
The San Jose indictment alleges that in retribution for PayPal’s termination of WikiLeaks’ donation account, a group calling itself Anonymous coordinated and executed distributed denial of service (DDoS) attacks against PayPal’s computer servers using an open source computer program the group makes available for free download on the Internet. According to the indictment, Anonymous referred to the DDoS attacks on PayPal as “Operation Avenge Assange.”
The defendants charged in the San Jose indictment allegedly conspired with others to intentionally damage protected computers at PayPal from Dec. 6, 2010, to Dec. 10, 2010.
The individuals named in the San Jose indictment are: Christopher Wayne Cooper, 23, aka “Anthrophobic;” Joshua John Covelli, 26, aka “Absolem” and “Toxic;” Keith Wilson Downey, 26; Mercedes Renee Haefer, 20, aka “No” and “MMMM;” Donald Husband, 29, aka “Ananon;” Vincent Charles Kershaw, 27, aka “Trivette,” “Triv” and “Reaper;” Ethan Miles, 33; James C. Murphy, 36; Drew Alan Phillips, 26, aka “Drew010;” Jeffrey Puglisi, 28, aka “Jeffer,” “Jefferp” and “Ji;” Daniel Sullivan, 22; Tracy Ann Valenzuela, 42; and Christopher Quang Vo, 22. One individual’s name has been withheld by the court.
The defendants are charged with various counts of conspiracy and intentional damage to a protected computer. They will make initial appearances throughout the day in the districts in which they were arrested.
In addition to the activities in San Jose, Scott Matthew Arciszewski, 21, was arrested on Tusday by FBI agents on charges of intentional damage to a protected computer.
According to the complaint, on June 21, 2011, Arciszewski allegedly accessed without authorization the Tampa Bay InfraGard website and uploaded three files. The complaint alleges that Arciszewski then tweeted about the intrusion and directed visitors to a separate website containing links with instructions on how to exploit the Tampa InfraGard website. InfraGard is a public-private partnership for critical infrastructure protection sponsored by the FBI with chapters in all 50 states.
Also on Tuesday, a related complaint unsealed in the District of New Jersey charges Lance Moore, 21, of Las Cruces, N.M., with allegedly stealing confidential business information stored on AT&T’s servers and posting it on a public file sharing site. Moore was arrested this morning at his residence by FBI agents and is expected to make an initial appearance this afternoon in Las Cruces federal court. Moore is charged in with one count of accessing a protected computer without authorization.
According to the New Jersey complaint, Moore, a customer support contractor, exceeded his authorized access to AT&T’s servers and downloaded thousands of documents, applications and other files that, on the same day, he allegedly posted on a public file-hosting site that promises user anonymity. According to the complaint, on June 25, 2011, the computer hacking group LulzSec publicized that they had obtained confidential AT&T documents and made them publicly available on the Internet. The documents were the ones Moore had previously uploaded.