FBI Arrests GeneSimmons.com DDoS Attacker, Connected to Anonymous


The distributed denial of service attack is the favorite crushing blow of the Anonymous hactivist collective, but as it causes disruption and misery to Internet users in the fashion on malicious vandalism, it is considered a crime in most countries.

FBI agents arrested a Connecticut man on Tuesday morning, charged with conducting the October 2010 attack on GeneSimmons.com. Mike Lennon at SecurityWeek brings us this story,

According to the U.S Attorney’s office, Kevin George Poe, a 24 year-old man from Manchester, Connecticut, was arrested and taken into custody without incident at the federal courthouse in Hartford. Poe, who used the online handle “spydr101,” made his first appearance Tuesday morning in a U.S. District Court, where a judge released him a $10,000 bond and ordered him to appear in federal court in Los Angeles on a date that has yet to be set.

An indictment returned last week accused Poe of being affiliated with the Anonymous hacking group, and specifically charges him with two counts—conspiracy and unauthorized impairment of a protected computer.

While undoubtedly, Gene Simmons—the rockstar, and lead singer of the band KISS—didn’t really notice much during the five-day bombardment with the Low Orbit Ion Cannon (LOIC) in 2010 these sorts of attacks don’t just affect the target, they can also wash away the connectivity of upstream sites.

The LOIC is a favorite device used by the Anonymous collective is a spreadable attack-program that allows the production of a stream of TCP/UDP requests from multiple computers to one target. As an open source tool, the LOIC is used to test network robustness via stress testing. This software is categorically related to the Lulz Cannon of LulzSec also used for malicious DDoS attacks which may have been a botnet armed with something similar to the LOIC. When Anonymous uses the LOIC, multiple members of the collective join a voluntary botnet, activate the program, feeding it IP-address coordinates, and then collectively bombard that address causing it to become inaccessible.

The use of software like the LOIC is not an anonymous act. As part of sending the packets to the target from the individual volunteers’ computer it essentially burns a blazing trail from its multiple origins to the target. During their investigation, the FBI could have simply looked at the incoming logs and traced the origin IP addresses back to the ISPs they were routed through; and from there to the individual computers used to engage in the attack.

As Poe is about to discover, DDoS is indeed a criminal act rather on par as a sort of mischief or vandalism.

According to the statutes, Poe could face a maximum of 15 years in federal prison.