Two Europeans, one of whom is English, have been indicted by a U.S. federal grand jury in connection with a 2003 distributed denial-of-service attack that is the focus of a major FBI investigation.
The two men, who are not in custody, were indicted as part of the FBI's Operation Cyberslam, initiated in 2003 following a series of crippling distributed denial-of-service, or DDoS, attacks on a large Los Angeles vendor of digital recorders. The attacks effectively knocked that business offline, along with other private and government bodies, for two weeks, resulting in losses ranging from $200,000 to more than $1 million, according to the FBI.
Operation Cyberslam is the first successful investigation of a large-scale DDoS used for a commercial purpose in the United States, the FBI said.
In 2004, two U.S. residents were charged with masterminding the attacks. The two Europeans indicted last week are accused of carrying out the attacks, and they face up to 15 years in prison, if convicted on charges of conspiracy and intentionally damaging a computer system, according to the U.S. Department of Justice.
Lee Graham Walker, 24, of Bleys Bolton, England, was indicted on Thursday, along with a German 25-year-old named Axel Gembe. Gembe is believed to be the programmer behind Agobot, a well-known worm used to create botnets that can be used in DDoS attacks or for other purposes, such as relaying junk e-mail.
The attacks were allegedly ordered by Saad Echouafni, a native of Morocco who was the owner of Orbit Communications. Paul Ashley, a business associate of Echouafni, was then responsible for contacting Walker and Gembe to carry out the attack, the Justice Department said. Ashley pleaded guilty in 2004 and has already served two years in an Ohio prison for his part in the conspiracy.
Echouafni, also indicted in 2004, is being sought by the FBI, which said he should be considered armed and dangerous.
Walker and Gembe allegedly used a botnet they had created together to carry out the attacks. According to the indictment, the two arranged the attacks over Internet Relay Chat (IRC), also using IRC to discuss ways of making their botnet code more damaging to Web sites.
The particular technique used in the attack was allegedly used to direct a flood of synchronization packets to the target Web sites. The botnet used was also capable of directing large amounts of malicious HTTP traffic, according to the Justice Department.
Matthew Broersma of ZDNet UK reported from London.