Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Anonymous DDoS Attackers In Britain Sentenced

Two men receive jail time for botnet attacks on PayPal, MasterCard, Visa and the British anti-piracy lobby as part of Operation Payback.

Two men have been jailed in Britain for their role in launching distributed denial-of-service (DDoS) attacks against a number of high-profile sites, including PayPal.

"It is intolerable that when an individual or a group disagrees with a particular entity's activities, they should be free to curtail that activity by means of attacks such as those which took place in this case," said Judge Peter Testar, when he handed down his decision in the case, according to news reports.

British police had arrested five men and one minor as part of their investigation into the DDoS attacks. While one man was released without being charged and the minor released with a warning, the others were charged with violating the United Kingdom's Computer Misuse Act 1990. The group's ringleader, Christopher Weatherhead, 22, pleaded innocent to that charge, but was found guiltyin December 2012, and this week received a sentence of 18 months in jail. Meanwhile, Ashley Rhodes, 27, who pleaded guilty to the charge against him, received a jail sentence of seven months.

[ The Spamhaus group thwarted a Russian botnet. Read more at Virut Malware Botnet Torpedoed By Security Researchers. ]

A third man, Peter David Gibson, 24, pleaded guilty and was sentenced to six months imprisonment -- suspended for two years -- and 100 hours community service after the court found that he'd played a lesser role in the attacks. A fourth man, Jake Alexander Birchall, 18, who's currently on bail, last year pleaded guilty to the charge and is due to be sentenced on Feb. 1.

This appears to be the first time that people have been imprisoned in Britain for launching DDoS attacks, reportedthe BBC.

British police commended the sentencing. "Perpetrators of distributed denial-of-service attacks laud them as civil protests, but they can be incredibly damaging to the finances and reputations of online businesses. Simultaneously, they impact on the general public's ability to use online services," said detective chief inspector Terry Wilson of the Metropolitan Police Central e-Crime Unit, in a statement. "These men provided the infrastructure for such attacks. The sentences they have received are indicative of how serious the crime is and the tough approach the courts will take to such criminals."

Authorities said Weatherhead's group -- operating under such nicknames as "Nerdo" and "NikonElite" -- built a botnetthat they used to launch the attacks. While most botnets are comprised of surreptitiously exploited PCs, investigators said Weatherhead's botnet was comprised, at least in part, of volunteers' PCs, with many of the volunteers having been cultivated via Twitter and Facebook.

"The group targeted a number of companies from the digital entertainment industry that make up the anti-piracy lobby -- i.e., those taking legal actions against illegal file-sharing -- including 'Ministry of Sound' and the 'British Phonographic Industry,'" read a police statement. "The group then switched their attentions to companies including MasterCard and PayPal after their withdrawal of services from WikiLeaks."

PayPal had previously told the court that it incurred approximately $5.5 million in damages as a result of the attacks, which were conducted under the Anonymous banner as part of Operation Payback, which began after PayPal stopped processing payments on behalf of Wau Holland Foundation, which supported WikiLeaks. Along with the DDoS attacks, visitors to PayPal and other targeted websites were also redirected to a site that read, "You've tried to bite the Anonymous hand. You angered the hive and now you are being stung."

Unbeknownst to many of the attackers, however, their tool of choice -- dubbed Low Orbit Ion Cannon-- included the user's IP address with every attack packet, unless users took steps to hide it. As a result, PayPal was able to capture the IP addresses of many people who participated in the DDoS attacks, and it shared the information with investigators, who cross-referenced it with service providers' subscriber records to identify the people involved.

The "Nerdo" group leaders, however, were more sophisticated and used VPN services to hide their identities. Ultimately, however, their real identities were unraveled by British police, and in early 2011 the four men were busted.

"The investigators are really to be commended for breaking down the wall of anonymity that was put up in order to prevent the activity of these conspirators being interrupted," Judge Testar told the court.

The prosecution of these four men appears to be the end of prosecutions involving U.K. Operation Payback participants. British investigators have previously stated that unlike their U.S. law enforcement counterparts, who seem to be busting every Operation Payback participantthey can find, British police have preferred to target the ringleaders rather than the foot soldiers.

Cybercriminals are not only exploiting small and midsize businesses -- they're targeting them. While thefts of hundreds of thousands or even millions of credit card numbers and personal information records make headlines, many small companies' accounts have been cleaned out. In the SMBs In The Crosshairs report, we identify how SMBs are exploited, where their security fails and how they can shore up their defenses. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Andrew Binstock
50%
50%
Andrew Binstock,
User Rank: Apprentice
1/28/2013 | 7:55:18 AM
re: Anonymous DDoS Attackers In Britain Sentenced
"British police have preferred to target the ringleaders rather than the foot soldiers." Very curious to know the rationale. Is it part of a larger policy orientation, or are the laws substantially different in UK making convictions of 'foot soldiers' impractical, or is it driven by an outside factor, such as cost?
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/28/2020
The Problem with Artificial Intelligence in Security
Dr. Leila Powell, Lead Security Data Scientist, Panaseer,  5/26/2020
10 iOS Security Tips to Lock Down Your iPhone
Kelly Sheridan, Staff Editor, Dark Reading,  5/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13660
PUBLISHED: 2020-05-28
CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name.
CVE-2020-11079
PUBLISHED: 2020-05-28
node-dns-sync (npm module dns-sync) through 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This has been fixed in 0.2.1.
CVE-2020-13245
PUBLISHED: 2020-05-28
Certain NETGEAR devices are affected by Missing SSL Certificate Validation. This affects R7000 1.0.9.6_1.2.19 through 1.0.11.100_10.2.10, and possibly R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500, and R7000P.
CVE-2020-4248
PUBLISHED: 2020-05-28
IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 175484.
CVE-2020-8329
PUBLISHED: 2020-05-28
A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device, causing an error to be displayed and preventing printer from functioning until the printer is rebooted...