Operation Megaupload

Overview

Operation Megaupload is a distributed denial-of-service (DDoS) campaign launched by online hacktivist group Anonymous in retaliation against the U.S. Justice Department's seizure and closure of file-hosting service Megaupload in January 2012. On the day of launch, 10 high-profile government and music industry websites were reportedly brought down, which was described as "one of the largest scale cyberattacks ever carried out" by an Anonymous-affiliated channel @Anonops.

Background

On January 19th, 2012, file-hosting service Megaupload was seized and shut down by the U.S. Department of Justice and indicted its executives and on numerous charges, including criminal copyright infringement and conspiracy to commit money laundering. As part of the crackdown, more than 20 search warrants were executed in the U.S. and eight other countries across Europe, in Hong Kong, and in New Zealand.

According to the indictment, the defendants generated revenue through subscriptions and online advertising, taking in $150 million in subscription fees overall and $25 million in advertising over the course of five years. It also alleges that Megaupload founder Kim Schmitz, who goes by the alias Kim Dotcom, made more than $42 million in personal income in 2010.

Developments

Online Reaction

The news of Megaupload seizure and closure spread quickly and was met by heightened reaction from online communities that had participated in a civil protest against controversial copyright bills that took place the day before. The story quickly became known as one of the most sensational and biggest copyright-related cases in the history of United States.

Anonymous Retaliation

Within an hour of the indictment, the U.S. Justice Department homepage went offline. Members of Anonymous released a statement regarding the shutdown of Megaupload and launch of distributed denial-of-service attacks known as Operation Megaupload (#OpMegaupload) via Pastebin^[2]:

We Anonymous are launching our largest attack ever on government and music industry sites. Lulz. The FBI didn't think they would get away with this did they? They should have expected us.

The document was accompanied by a list of aforementioned websites that the group claimed to have taken down as part of the operation; at least nine government and entertainment industry websites were confirmed to be out of service for several hours, including the homepages of FBI and the U.S. Copyright Office, Record Industry Association of America (RIAA) and the Motion Picture Association of America (MPAA). Also included in the statement were personal information of former Senator and chairman of MPAA Chris Dodd and his family members.

By midnight on January 20th, @AnonOps declared the operation a success with over 5,635 people using Low Orbit Ion Cannon to bring down the targeted sites:

#Anonymous launches largest attack ever crippling government and music industry sites #Megaupload +info >> goo.gl/i1rUw

All of the sites appeared to be available by early morning on January 20th, many of which addressed the DDoS attack and its illegality.

DDoS via Twitter

Security analysis firm Sophos issued a warning that Twitter users could be unknowingly launching DDoS attacks by clicking on links in the feed. According to the firm's senior technology consultant Grahma Cluley, Anonymous members participating in Operation Megaupload were allegedly planting auto-redirected links on Twitter via pastehtml.com, increasing the chance of unaware users contributing to the cyberattacks.

Content Deletion

On January 26th, 2012, U.S. Attorney Neil H Macbride filed a report in the Eastern District of Virginia which revealed that federal investigators have completed searches of Megaupload. According to Macbride's letter and the Associated Press, the hosted files may be permanently deleted by the data storage companies Carpathia Hosting Inc. and Cogent Communications Group Inc. beginning as early as on February 2nd, 2012. The letter further indicated that the government copied some data from the servers, but didn't physically remove any and it no longer had right to access the data upon completing the search warrants. The federal authorities' decision to takedown the service entirely has been met by heavy criticisms from some customers who have been using Megaupload to share and exchange copyright-legal content.

In response to the report, one of the data storage companies Carpathia Hosting released an official statement^[9] on January 30th, informing customers to contact the representatives of Megaupload rather than the hosting service.

Carpathia Hosting does not have, and has never had, access to the content on MegaUpload servers and has no mechanism for returning any content residing on such servers to MegaUpload’s customers.

Meanwhile, Torrent-related news site TorrentFreak^[10] has reported that Megaupload customers and Pirate Party sympathizers are looking to file a legal complaint^[8] against the F.B.I. for the mass wipe of the website's files and destruction of evidence, specifically "Articles 197 and 198 of the Spanish Penal Code" that address misappropriation of personal data.

"The widespread damage caused by the sudden closure of Megaupload is unjustified and completely disproportionate to the aim intended."

External References