Monday, October 6, 2008

Two Europeans indicted for US cyberattacks

Two Europeans, one of whom is English, have been indicted by a US federal grand jury in connection with a 2003 distributed denial-of-service attack that is the focus of a major FBI investigation.

The two men, who are not in custody, were indicted as part of the FBI's Operation Cyberslam, initiated in 2003 following a series of crippling distributed denial-of-service (DDoS) attacks on a large Los Angeles vendor of digital recorders. The attacks effectively knocked that business offline, along with other private and government bodies, for two weeks, resulting in losses ranging from $200,000 (114,000) to more than $1 million, according to the FBI.

Operation Cyberslam is the first successful investigation of a large-scale DDoS used for a commercial purpose in the US, the FBI said.

In 2004, two US residents were charged with masterminding the attacks. The two Europeans indicted last week are accused of carrying out the attacks and face up to 15 years in prison if convicted on charges of conspiracy and intentionally damaging a computer system, according to the US Department of Justice (DOJ).

Lee Graham Walker, 24, of Bleys Bolton was indicted on Thursday along with a German 25-year-old called Axel Gembe. Gembe is believed to be the programmer behind Agobot, a well-known worm used to create botnets that can be used in DDoS attacks or for other purposes, such as relaying junk email.

The attacks were allegedly ordered by Saad Echouafni, a native of Morocco who was the owner of Orbit Communications. Paul Ashley, a business associate of Echouafni, was then responsible for contacting Walker and Gembe to carry out the attack, the DOJ said. Ashley pleaded guilty in 2004 and has already served two years in an Ohio prison for his part in the conspiracy.

Echouafni, also indicted in 2004, is being sought by the FBI, which said he should be considered armed and dangerous.

Walker and Gembe allegedly used a botnet they had created together to carry out the attacks. According to the indictment, the two arranged the attacks over Internet Relay Chat (IRC), also using IRC to discuss ways of making their botnet code more damaging to websites.

The particular technique used in the attack was allegedly to direct a flood of syn packets (short for synchronization packets) to the target websites. The botnet used was also capable of directing large amounts of malicious HTTP traffic, according to the DOJ.



  • FBI, Dutch police crack the Shadow botnet
  • FBI warns of new Storm worm variant
  • No comments: