It explicitly outlined a reminder that "facilitating or conducting a DDoS attack is illegal, punishable by up to 10 years in prison, as well as exposing participants to significant civil liability." And it placed the U.S. warrants in the context of the five arrests of five individuals in the UK yesterday who are suspected of being involved in the DDoS attacks while also explaining the FBI is working with "international law enforcement partners."
The cyber investigation, according to the release, is getting assistance from the National Cyber-Forensics and Training Alliance, an alliance the Washington Post reported in 2007 is "an investigative center with 18 agents from the Department of Homeland Security, the FBI and the U.S. Postal Service" that "receives data and assistance from more than 300 private companies and other anti-fraud groups." Primarily, students and researchers from Carnegie Mellon University, which is nearby, work to "counter malicious programs." As of 2007, the alliance was primarily focused on "pharmaceutical fraud, extortion and schemes to steal data from bank customers as they log in to their accounts" and on looking into the manipulation of stock markets.
Ryan Singel, who blogs for Wired.com, points out, "In the attacks on the financial-service companies, thousands downloaded a tool called LOIC -- or Low Orbit Ion Cannon -- that joined their computer to the group attack on the target of the moment. However, the tool did nothing to hide a user's IP address, making it possible for the target website to hand its server logs over to the authorities to track users down by their IP addresses."
What Singel is describing is something central to debates over what is known as data retention. Just this week, the U.S. Department of Justice renewed calls for mandatory data retention requirements that would require companies or organizations to retain customer usage data for up to two years to "fight Internet crimes."
Worldwide, moves by authorities to clampdown on privacy of information is exactly why organizations or companies that don't want to have to give up their information are interested in anonymizing traffic to neutralize data retention laws. For example, WikiLeaks' ISP reported January 27 that it was fighting back against the European Data Retention Directive by running all customer traffic through an encrypted virtual private network (VPN), which would mean they wouldn't know what their customers are doing, there would not be much to log, and with little to log there would never be anything useful in the logs if authorities or anti-piracy companies requested to see the logs.
The FBI likely has, according to Department of Justice guidelines cited in 2007 by Wired, complete freedom to "allow the bureau to run long-term "criminal intelligence' investigations" with no specific arrests or prosecutions anticipated, provided the target is a terrorist group or a "racketeering enterprise." The FBI probably has categorized anyone working for or with Anonymous as a cyber-terrorist.
Central to this unfolding FBI investigation are issues of privacy. There also seems to be a level of abuse by authorities who seize property without saying exactly why they are making seizures, without presenting evidence. But, the FBI, as has been the case with raids and subpoenas on antiwar, labor, and solidarity activists in recent months, do not have to present evidence. They have complete authority as part of investigations to take someone's computer equipment and return it months later or keep it indefinitely.