DDoS attackers cost PayPal £3.5 million
PayPal paid around £3.5 million (€4.3 million) to defend and arm itself against distributed denial-of-service (DDoS) attacks. The attacks in 2010 and 2011 – named Operation Payback by members of hacktivist collective Anonymous – were initially aimed at companies that opposed internet piracy, but switched to companies like Mastercard, Visa and PayPal after they refused to process payments to WikiLeaks. The details have been revealed in a court case at Southwark Crown Court where a defendant, Christopher Weatherhead, is facing charges of conspiring to impair the operation of computers.
The BBC reports the prosecution as saying that more than one hundred workers from eBay, PayPal's parent company, spent three weeks working on DDoS-attack-related issues and that PayPal had bought software and hardware to defend itself against further attacks. In all, the total cost of this work came to £3.5 million.
Earlier attacks on companies such as the British Phonographic Institute and Ministry of Sound were much less expensive to remedy, according to the prosecution, coming in at £4,000 and £9,000 respectively. The prosecutor, Sandip Patel, called the accused "vandals" noting the defendant had posted plans on an IRC channel under the handle "Nerdo" encouraging an attack on Paypal and that "he and others like him, waged a sophisticated and orchestrated campaign of online attacks that paralysed a series of targeted computer systems belonging to companies to which they took issue with, for whatever reason, and those attacks caused unprecedented harm."
Weatherhead, from Northampton, pleaded not guilty to the charges, while three fellow defendants – 27-year-old Ashley Rhodes, 24-year-old Peter Gibson and an un-named 18-year-old male – have all pleaded guilty to the same charge. They were arrested in January; Weatherhead's home, where computer equipment was seized by police, was raided on 27 January. Weatherhead says the equipment seized belongs to his sister, but the prosecution points out that the passwords on the system were variations of the phrase "Nerdo is the best (or worst) hacker in the world". Weatherhead is specifically accused of running an IRC server on the Russian-based ISP Heihachi, described as a "safe haven" for renegade sites; the prosecution says the defendant boasted that Heihachi allowed anything, even child pornography. The trial continues.