Anonymous' Operation Payback attack cost PayPal £3.5m
By Nicole Kobie
Posted on 22 Nov 2012 at 17:30
A series of attacks against PayPal cost the payments firm £3.5m, a court has heard.
Two years ago, hacking group Anonymous targeted PayPal and a host of other financial firms for stopping payments of donations to a WikiLeaks funding foundation.
A first distributed-denial-of-service (DDoS) attack took the PayPal blog offline on 6 December, but 22-year-old Christopher Weatherhead is accused of continuing the attacks from 8 to 17 December.
Southwark Crown Court was told PayPal was forced to invest in new software and hardware to defend against future attacks, and borrowed 104 staff from parent firm eBay to help clean up after the incidents. PayPal also claimed it lost transactions during the attacks, according to a BBC report.
Prosecutor Sandip Patel said Weatherhead was a "cyber attacker and that he, and others like him, waged a sophisticated and orchestrated campaign of online attacks that paralysed a series of targeted computer systems belonging to companies to which they took issue with, for whatever reason, and those attacks caused unprecedented harm."
The cost claims are intriguing, as PayPal wasn't hacked - while Anonymous members have successfully hacked organisations, most of the time its members tend to stick with DDoS attacks.
"I can't help but agree that 'more than 100 people' working for three weeks to solve seems excessive," said Trend Micro's director of security research Rik Ferguson. "I can only imagine that they are including absolutely anyone who had any involvement whatsoever, not only in mitigating the attacks at the time but also in planning any future architectural changes, making purchasing decisions and even raising purchase orders -which of course is justifiable in terms of calculating the cost of an attack overall."
"A DDoS is an attack that can cause really a varying amount of damage depending on the victim and how they do business," he added. "Obviously Paypal's business model is entirely web-based and as such I would expect a DDoS attack to have significant financial impact."
The court wasn't told how much similar attacks, also part of Anonymous' so-called Operation Payback, cost MasterCard or Visa - but heard previous action against the BPI cost the lobby group £3,996 and Ministry of Sound £9,000.
"a court has heard"
"a court has heard" lol. is this the same court that "heard" Gary McKinnon caused $700,000 of damage with his hacks, when an extraditable offence requires a threshold level of $5,000 worth of damage for any individual count, and magically the indictment claimed that Gary McKinnon caused exactly $5,000 damage per system, therefore per count?
Your headline implies this number is a fact. It is not, is an allegation made in court.
Therefore the words "cost PayPal £3.5m" should be in quotes.
By gavmeister on 23 Nov 2012
- Hands on with the new Google Maps
- Nokia Lumia 925 review: first look
- Why I won't subscribe to Creative Cloud
- GoPro camera strapped to a remote-control helicopter: the ultimate boy's toy
- Acer Iconia A1 review: first look
- Acer Aspire P3 review: first look
- Acer Aspire R7 review: first look
- How we produce the PC Pro podcast
- Google Now draining iPhone battery
- The government website that doesn't work with IE, Chrome, Firefox, Safari, Macs or smartphones
- Yes, I write down my passwords
- How to deal with a ransomware attack
- How secure is your Wi-Fi network?
- How QR codes caught out the security pros
- Why I do not trust Do Not Track... yet
- The hard disks you can "secure" with a single-digit password
- Why I've started using a password manager
- Time to kill off CAPTCHA
- Are today's young people Generation I (for insecure)?
- Ransomware that's better made than antivirus software