By Jeremy Pelofsky and Diane Bartz
WASHINGTON (Reuters) - U.S. authorities on Tuesday arrested 16 people on charges they participated in major cyber attacks, including an attempt to cripple eBay's PayPal website as retribution for dropping WikiLeaks as a client.
FBI agents arrested 14 people in nine states and Washington, D.C., for the PayPal attack, which occurred last December and was allegedly coordinated by the hacking group Anonymous. It was the biggest response by authorities tied to a recent spate of high-profile cyber attacks.
Financial institutions like PayPal, Visa and MasterCard withdrew services from WikiLeaks last year after the website published thousands of sometimes embarrassing secret U.S. diplomatic reports that have caused strains between Washington and numerous allies.
Hackers responded with so-called distributed denial-of-service attacks that flooded the companies' websites with requests for information and rendered them unavailable to legitimate users, according to the indictment filed in federal court in San Jose, California.
PayPal suffered attacks for several days last December. Company spokesman Anuj Nayar said he could not comment on current legal action.
The 14 individuals were charged with conspiracy, which carries a maximum penalty of five years in prison if convicted, and intentional damage to a protected computer, which carries a maximum sentence of 10 years in prison.
The accused ranged in age from 20 to 42 and lived in Alabama, Arizona, California, Colorado, the District of Columbia, Florida, Massachusetts, Nevada, New Mexico and Ohio.
One of the difficulties authorities have had tracking down hacking attacks is that they can be launched from anywhere and can come from an individual who can mask his location.
Law enforcement authorities believe Anonymous is mostly made up of hackers believed to be in their teens and early 20s. The group has taken credit for numerous attacks, including attacks on Bank of America, Sony and the Malaysian government.
"The fact that they have been tracked back and that some of them have been arrested is a significant development," said Mark Rasch, a former chief of the Justice Department's cyber crimes unit and now director of Cybersecurity and Privacy Consulting for the government technology services firm CSC.
CYBER ATTACK PROBES CONTINUE
In a likely sign investigations are intensifying, U.S. authorities executed more than 35 search warrants around the country in their investigation of coordinated cyber attacks against major companies and organizations, the Justice Department said.
The Justice Department and FBI have been under pressure to crack down on hackers who have stepped up their attacks on corporate and government websites in the past several months in a bid to thwart their activities.
Stewart Baker, a former top official of the Homeland Security Department, said the FBI probably gave the case extra attention because of the public taunting the bureau received from Anonymous and related groups.
"It does look like some of these guys (hackers) were just fools. The PayPal attack in particular," said Baker, now at the law firm Steptoe and Johnson LLP. "It looks like these bozos must have just said 'Cool, an attack on PayPal. You can use my machine.'
"I think it makes it a lot less likely that that people will join the next digital lynch mob," he said.
Another related arrest came in New Mexico where an employee for a contractor for AT&T's wireless service faced charges of accessing a computer without authorization by allegedly downloading thousands of documents related to its 4G data network and LTE mobile broadband network.
The data was subsequently downloaded to a file-sharing web site in April and another one of the loosely organized groups of hackers, Lulz Security, subsequently publicized the data breach, the complaint said. AT&T had no comment on the arrest.
The other man arrested by FBI agents was in Florida, where he was charged with illegally accessing Tampa Bay Infragard's website and uploading three malicious files. The group is an FBI-sponsored organization focused on critical infrastructure.
The Justice Department said British police arrested one person and Dutch authorities arrested four for cyber crimes related to recent attacks on major companies and organizations.
(This story was corrected in the first paragraph to make clear the attack attempted to cripple PayPal but did not cripple the site.)
(Additional reporting by Basil Katz and Christine Kearney in New York, Jim Finkle in Boston, Dan Levine and Alistair Barrin San Francisco; editing by Todd Eastham and Bill Trott)