An image from the FBI affidavit posted on The Smoking Gun
(WEB HOST INDUSTRY REVIEW) — According to a lengthy report published Wednesday on investigative website The Smoking Gun, the FBI raided Texas-based web hosting company Tailor Made Services, seizing a computer believed to be involved in the “Operation:Payback” denial of service attacks targeting PayPal in the last month.
A second investigation may have led to the seizure of a machine hosted by Hurricane Electric, according to the report.
PayPal was targeted in the attacks, organized by the association of Internet users known as “Anonymous” – which is based out of the community site 4chan (and has often been known in the past for more good-natured acts of troublemaking) – along with several other sites reported to have suspended services to the whistle-blowing website WikiLeaks in the wake of its release of the now-famous “cablegate” documents.
According to the affidavit published by The Smoking Gun, the FBI investigation began earlier in December, after PayPal contacted agents, supplying a list of IP addresses it believed were involved in executing the Operation: Payback attacks against the company.
On December 9, PayPal provided the FBI with eight IP addresses that were hosting an IRC chat location being used to organize the DDoS attacks by controlling the voluntary botnet involved in executing the attacks.
The affidavit, filled out by, FBI agent Allyn Lynd traces a fairly interesting investigative process that led to the seizure of the server at Tailor Made Services this week. At least two of the IP addresses provided to the FBI by PayPal have been investigated so far.
One IP was first traced to German hosting provider Host Europe, where a search warrant executed by the German Federal Criminal Police found that the server belonged to a man from Herrlisheim, France. An analysis of that server showed that root-level access appeared to be coming from another IP address, which was ultimately traced to Tailor Made Services.
On December 16, FBI agents copied two hard drives from the server at Tailor Made. According to The Smoking Gun, court records do not describe what might have been found on those drives, or whether any further progress in identifying a suspect was made from that information.
An investigation into a second IP address determined that the virtual server provided by a Canadian firm was actually housed in California at a Hurricane Electric facility.
The second investigation is reportedly being led by FBI agent Christopher Calderon, an expert on botnets.
The affidavit relating to the seizure in the first investigation is excerpted on The Smoking Gun website.
About Liam Eagle
Liam Eagle has worked as a contributor to the Web Host Industry Review since its inception in 2000, and as editor since 2003. He has been editor of the WHIR's print magazine since its launch. His daily involvement in the gathering and reporting of Web hosting news and his regular interaction with Web hosting leaders gives him an uncommonly broad appreciation of the issues and tends facing the business. Through his WHIR blog, Liam spots Web hosting trends and offers opinions on the industry-wide impacts of major developments and the motivation behind big announcements. Follow him on Twitter @liameagle
No related posts.
