A series of attacks against PayPal cost the payments firm £3.5m, a court has heard.
Two years ago, hacking group Anonymous targeted PayPal and a host of other financial firms for stopping payments of donations to a WikiLeaks funding foundation.
A first distributed-denial-of-service (DDoS) attack took the PayPal blog offline on 6 December, but 22-year-old Christopher Weatherhead is accused of continuing the attacks from 8 to 17 December.
Southwark Crown Court was told PayPal was forced to invest in new software and hardware to defend against future attacks, and borrowed 104 staff from parent firm eBay to help clean up after the incidents. PayPal also claimed it lost transactions during the attacks, according to a BBC report.
Prosecutor Sandip Patel said Weatherhead was a “cyber attacker and that he, and others like him, waged a sophisticated and orchestrated campaign of online attacks that paralysed a series of targeted computer systems belonging to companies to which they took issue with, for whatever reason, and those attacks caused unprecedented harm.”
The cost claims are intriguing, as PayPal wasn’t hacked – while Anonymous members have successfully hacked organisations, most of the time its members tend to stick with DDoS attacks.
“I can’t help but agree that ‘more than 100 people’ working for three weeks to solve seems excessive,” said Trend Micro’s director of security research Rik Ferguson. “I can only imagine that they are including absolutely anyone who had any involvement whatsoever, not only in mitigating the attacks at the time but also in planning any future architectural changes, making purchasing decisions and even raising purchase orders -which of course is justifiable in terms of calculating the cost of an attack overall.”
“A DDoS is an attack that can cause really a varying amount of damage depending on the victim and how they do business,” he added. “Obviously Paypal’s business model is entirely web-based and as such I would expect a DDoS attack to have significant financial impact.”
The court wasn’t told how much similar attacks, also part of Anonymous’ so-called Operation Payback, cost MasterCard or Visa – but heard previous action against the BPI cost the lobby group £3,996 and Ministry of Sound £9,000.
Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.