U.S. prosecutors arrested and charged 14 people with involvement in a cyber attack on EBay Inc.’s Paypal unit that the group Anonymous claims it instigated in retaliation for the online payment company suspending the account of WikiLeaks.
An indictment unsealed yesterday in San Jose, California, charges the individuals with conspiracy and intentional damage to a computer. Two others from New Mexico and Florida were arrested on cyber-related charges for improper access to computer files, the Justice Department said in an e-mailed statement.
Separately, a Cambridge, Massachusetts, man who is a former fellow at the Harvard University Center for Ethics, was charged by the U.S. with hacking into a computer network at the Massachusetts Institute of Technology and stealing more than 4 million documents.
The arrests related to the Paypal attack were made in 10 states and the District of Columbia and 35 search warrants were executed across the U.S. as part of an investigation into coordinated computer attacks against major companies, according to the statement.
The charges stem from “denial of service attacks” which saturate targeted computers with communication requests so service is denied to legitimate users. According to the indictment, Anonymous was an online collective of individuals associated with collaborative hacking attacks motivated by political and social goals.
‘Operation Avenge Assange’
The group referred to the attacks on Paypal as “Operation Avenge Assange,” according to the indictment. Julian Assange is WikiLeaks’ founder.
Paypal cut access to the whistle-blowing website WikiLeaks.org’s donation account in December citing violations of its service terms after WikiLeaks released a large amount of classified U.S. State Department cables on its website, according to the indictment.
Anonymous later took credit for a denial of service attack on Paypal as punishment for the company’s actions. A federal grand jury in San Jose began taking evidence in February as prosecutors probed attacks on Paypal, MasterCard Inc. and Visa Inc.
The attacks occurred from Dec. 6 to Dec. 10, prosecutors said.
Anuj Nayar, a spokesman for San Jose-based Paypal, said the company has no comment on “ongoing legal action.”
‘Protect Our Customers’
Also arrested yesterday was a New Mexico man who in April allegedly stole confidential business information stored on AT&T Inc. servers and posted it on a public file-sharing site, the Justice Department said. A complaint filed in federal court in New Jersey alleges that the documents he uploaded were the same ones that the computer hacking group LulzSec made public on the Internet June 25.
In another arrest, a Florida man who accessed without permission the website of a Tampa, Florida, nonprofit cyber-security program sponsored by the Federal Bureau of Investigation was charged with intentional damage to a protected computer.
The maximum penalty for intentional damage to a computer is 10 years in prison and a $250,000 fine. Each count of conspiracy carries a maximum penalty of five years in prison and a $250,000 fine.
In the MIT hacking case, Aaron Swartz, 24, was indicted on six counts including wire fraud and obtaining information from a protected computer, according to a statement from the U.S. attorney’s office in Boston. He faces as long as 35 years in prison and a fine of as much as $1 million if convicted.
A message seeking comment left at a telephone number belonging to an Aaron Swartz in Cambridge wasn’t immediately returned.
The Paypal attack case is U.S. v. Cooper, 11-471, U.S. District Court, Northern District of California (San Jose).