sm-220-computer-user-internet

The statement from the Spanish National Police linked the alleged cybercriminals to attacks on the Sony PlayStation store, two Spanish banks, an Italian energy company, and the governments of Egypt, Algeria, Libya, Iran, Chile, Colombia and New Zealand. (CBC)

Three alleged leaders of the Anonymous hacker group have been arrested in Spain, accused of cyberattacks on financial, government and corporate websites.

Spanish National Police announced the arrests Friday in a statement that alleged the three people in custody are leaders of the Spanish section of Anonymous, a loose-knit international activist group that has claimed attacks on companies such as Visa and MasterCard and on government websites.

The statement linked the alleged cybercriminals to attacks on the Spanish banks BBVA and Bankia, the Italian energy company Enel, and the governments of Egypt, Algeria, Libya, Iran, Chile, Colombia and New Zealand. They said a server at one of the hackers' homes had also been used to attack a Sony PlayStation store. But Manuel Vazquez, chief of the police's high-tech crime unit, told the Associated Press that the three detainees were not involved in an April cyberintrusion that affected millions of PlayStation Network users.

All three people arrested are Spaniards aged 30 to 32, Vasquez said. However, police did not mention any charges or names of the people arrested.

Police said one of the accused, who is 31 years old, was arrested in the southern city of Almeria. They allege he attacked many of the financial, government and corporate websites from his home in Gijon. Two other people were arrested in Barcelona and Alicante.

Police said the accused committed denial of service attacks that flood web servers with traffic, making them unavailable, using a program called LOIC. At times, they made use of zombie botnets — networks of computers infected with malware that allows them to be controlled and co-ordinated remotely — around the world. They co-ordinated attacks using IRC chat and used sophisticated encryption techniques to conceal their communications.

Two of the people arrested did not have their own connection to the internet, using other people's WiFi networks instead, which may have compromised the security of those networks, police said.

2 million lines of chats, websites

The statement said police began their investigation in October 2010 following a complaint of a denial of service attack on Spain's Ministry of Culture. They analyzed more than two million lines of chat logs and web pages used by the hackers in order to find the three people who were arrested.

Police said this was the first police operation against Anonymous in Spain, and that the only other countries to act against Anonymous so far are the U.K. and the U.S.

In January, British police arrested five young males on suspicion of involvement in cyberattacks by Anonymous, which has backed WikiLeaks.

Anonymous has claimed responsibility for attacking the websites of companies such as Visa, MasterCard and Paypal. All severed their links with WikiLeaks after it began publishing its massive trove of secret U.S. diplomatic memos.

Anonymous accused the companies of trying to stifle WikiLeaks and rallied an army of online supporters to flood their servers with traffic, periodically blocking access to their sites for hours at a time.

And in February, an internet forum run by Anonymous directed participants to attack the websites of the Egyptian Ministry of Information and the ruling National Democratic Party.

In a Twitter post, the group claimed credit for taking down the ministry's website and said the group was motivated by a desire to support Egyptian pro-democracy protesters.

In May, following a cyberattack that shut down the Sony PlayStation Network, including the PlayStation Store, Sony wrote to a U.S. congressional subcommittee, saying cyber vandals planted a file named Anonymous on one of its Sony Online Entertainment (SOE) servers, with the tag line, "We are Legion," which is used by the group.

Anonymous twice denied responsibility for the Sony attack on its "AnonOps Communications" blog. The group said it has never been known to engage in credit card theft. It suggested it had been framed.

The timing made Anonymous a suspect because the group had posted a blog post earlier in April expressing alarm and displeasure about Sony's legal action against hackers who figured out how to modify the Sony PlayStation 3 console to run non-Sony approved applications and said "you must face the consequences for your actions."

With files from The Associated Press