Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Anonymous DDoS Attackers In Britain Sentenced

Two men receive jail time for botnet attacks on PayPal, MasterCard, Visa and the British anti-piracy lobby as part of Operation Payback.

Two men have been jailed in Britain for their role in launching distributed denial-of-service (DDoS) attacks against a number of high-profile sites, including PayPal.

"It is intolerable that when an individual or a group disagrees with a particular entity's activities, they should be free to curtail that activity by means of attacks such as those which took place in this case," said Judge Peter Testar, when he handed down his decision in the case, according to news reports.

British police had arrested five men and one minor as part of their investigation into the DDoS attacks. While one man was released without being charged and the minor released with a warning, the others were charged with violating the United Kingdom's Computer Misuse Act 1990. The group's ringleader, Christopher Weatherhead, 22, pleaded innocent to that charge, but was found guiltyin December 2012, and this week received a sentence of 18 months in jail. Meanwhile, Ashley Rhodes, 27, who pleaded guilty to the charge against him, received a jail sentence of seven months.

[ The Spamhaus group thwarted a Russian botnet. Read more at Virut Malware Botnet Torpedoed By Security Researchers. ]

A third man, Peter David Gibson, 24, pleaded guilty and was sentenced to six months imprisonment -- suspended for two years -- and 100 hours community service after the court found that he'd played a lesser role in the attacks. A fourth man, Jake Alexander Birchall, 18, who's currently on bail, last year pleaded guilty to the charge and is due to be sentenced on Feb. 1.

This appears to be the first time that people have been imprisoned in Britain for launching DDoS attacks, reportedthe BBC.

British police commended the sentencing. "Perpetrators of distributed denial-of-service attacks laud them as civil protests, but they can be incredibly damaging to the finances and reputations of online businesses. Simultaneously, they impact on the general public's ability to use online services," said detective chief inspector Terry Wilson of the Metropolitan Police Central e-Crime Unit, in a statement. "These men provided the infrastructure for such attacks. The sentences they have received are indicative of how serious the crime is and the tough approach the courts will take to such criminals."

Authorities said Weatherhead's group -- operating under such nicknames as "Nerdo" and "NikonElite" -- built a botnetthat they used to launch the attacks. While most botnets are comprised of surreptitiously exploited PCs, investigators said Weatherhead's botnet was comprised, at least in part, of volunteers' PCs, with many of the volunteers having been cultivated via Twitter and Facebook.

"The group targeted a number of companies from the digital entertainment industry that make up the anti-piracy lobby -- i.e., those taking legal actions against illegal file-sharing -- including 'Ministry of Sound' and the 'British Phonographic Industry,'" read a police statement. "The group then switched their attentions to companies including MasterCard and PayPal after their withdrawal of services from WikiLeaks."

PayPal had previously told the court that it incurred approximately $5.5 million in damages as a result of the attacks, which were conducted under the Anonymous banner as part of Operation Payback, which began after PayPal stopped processing payments on behalf of Wau Holland Foundation, which supported WikiLeaks. Along with the DDoS attacks, visitors to PayPal and other targeted websites were also redirected to a site that read, "You've tried to bite the Anonymous hand. You angered the hive and now you are being stung."

Unbeknownst to many of the attackers, however, their tool of choice -- dubbed Low Orbit Ion Cannon-- included the user's IP address with every attack packet, unless users took steps to hide it. As a result, PayPal was able to capture the IP addresses of many people who participated in the DDoS attacks, and it shared the information with investigators, who cross-referenced it with service providers' subscriber records to identify the people involved.

The "Nerdo" group leaders, however, were more sophisticated and used VPN services to hide their identities. Ultimately, however, their real identities were unraveled by British police, and in early 2011 the four men were busted.

"The investigators are really to be commended for breaking down the wall of anonymity that was put up in order to prevent the activity of these conspirators being interrupted," Judge Testar told the court.

The prosecution of these four men appears to be the end of prosecutions involving U.K. Operation Payback participants. British investigators have previously stated that unlike their U.S. law enforcement counterparts, who seem to be busting every Operation Payback participantthey can find, British police have preferred to target the ringleaders rather than the foot soldiers.

Cybercriminals are not only exploiting small and midsize businesses -- they're targeting them. While thefts of hundreds of thousands or even millions of credit card numbers and personal information records make headlines, many small companies' accounts have been cleaned out. In the SMBs In The Crosshairs report, we identify how SMBs are exploited, where their security fails and how they can shore up their defenses. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Andrew Binstock
50%
50%
Andrew Binstock,
User Rank: Apprentice
1/28/2013 | 7:55:18 AM
re: Anonymous DDoS Attackers In Britain Sentenced
"British police have preferred to target the ringleaders rather than the foot soldiers." Very curious to know the rationale. Is it part of a larger policy orientation, or are the laws substantially different in UK making convictions of 'foot soldiers' impractical, or is it driven by an outside factor, such as cost?
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-4441
PUBLISHED: 2019-11-18
Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the CI game plugin.
CVE-2019-10764
PUBLISHED: 2019-11-18
In elliptic-php versions priot to 1.0.6, Timing attacks might be possible which can result in practical recovery of the long-term private key generated by the library under certain conditions. Leakage of a bit-length of the scalar during scalar multiplication is possible on an elliptic curve which m...
CVE-2019-19117
PUBLISHED: 2019-11-18
/usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2(PSG1218) V22.5.9.163 devices allows remote authenticated users to execute any command via shell metacharacters in the cgi-bin/luci autoUpTime parameter.
CVE-2008-7273
PUBLISHED: 2019-11-18
A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.
CVE-2012-4440
PUBLISHED: 2019-11-18
Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the Violations plugin.