Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Anonymous DDoS Attackers In Britain Sentenced

Two men receive jail time for botnet attacks on PayPal, MasterCard, Visa and the British anti-piracy lobby as part of Operation Payback.

Two men have been jailed in Britain for their role in launching distributed denial-of-service (DDoS) attacks against a number of high-profile sites, including PayPal.

"It is intolerable that when an individual or a group disagrees with a particular entity's activities, they should be free to curtail that activity by means of attacks such as those which took place in this case," said Judge Peter Testar, when he handed down his decision in the case, according to news reports.

British police had arrested five men and one minor as part of their investigation into the DDoS attacks. While one man was released without being charged and the minor released with a warning, the others were charged with violating the United Kingdom's Computer Misuse Act 1990. The group's ringleader, Christopher Weatherhead, 22, pleaded innocent to that charge, but was found guiltyin December 2012, and this week received a sentence of 18 months in jail. Meanwhile, Ashley Rhodes, 27, who pleaded guilty to the charge against him, received a jail sentence of seven months.

[ The Spamhaus group thwarted a Russian botnet. Read more at Virut Malware Botnet Torpedoed By Security Researchers. ]

A third man, Peter David Gibson, 24, pleaded guilty and was sentenced to six months imprisonment -- suspended for two years -- and 100 hours community service after the court found that he'd played a lesser role in the attacks. A fourth man, Jake Alexander Birchall, 18, who's currently on bail, last year pleaded guilty to the charge and is due to be sentenced on Feb. 1.

This appears to be the first time that people have been imprisoned in Britain for launching DDoS attacks, reportedthe BBC.

British police commended the sentencing. "Perpetrators of distributed denial-of-service attacks laud them as civil protests, but they can be incredibly damaging to the finances and reputations of online businesses. Simultaneously, they impact on the general public's ability to use online services," said detective chief inspector Terry Wilson of the Metropolitan Police Central e-Crime Unit, in a statement. "These men provided the infrastructure for such attacks. The sentences they have received are indicative of how serious the crime is and the tough approach the courts will take to such criminals."

Authorities said Weatherhead's group -- operating under such nicknames as "Nerdo" and "NikonElite" -- built a botnetthat they used to launch the attacks. While most botnets are comprised of surreptitiously exploited PCs, investigators said Weatherhead's botnet was comprised, at least in part, of volunteers' PCs, with many of the volunteers having been cultivated via Twitter and Facebook.

"The group targeted a number of companies from the digital entertainment industry that make up the anti-piracy lobby -- i.e., those taking legal actions against illegal file-sharing -- including 'Ministry of Sound' and the 'British Phonographic Industry,'" read a police statement. "The group then switched their attentions to companies including MasterCard and PayPal after their withdrawal of services from WikiLeaks."

PayPal had previously told the court that it incurred approximately $5.5 million in damages as a result of the attacks, which were conducted under the Anonymous banner as part of Operation Payback, which began after PayPal stopped processing payments on behalf of Wau Holland Foundation, which supported WikiLeaks. Along with the DDoS attacks, visitors to PayPal and other targeted websites were also redirected to a site that read, "You've tried to bite the Anonymous hand. You angered the hive and now you are being stung."

Unbeknownst to many of the attackers, however, their tool of choice -- dubbed Low Orbit Ion Cannon-- included the user's IP address with every attack packet, unless users took steps to hide it. As a result, PayPal was able to capture the IP addresses of many people who participated in the DDoS attacks, and it shared the information with investigators, who cross-referenced it with service providers' subscriber records to identify the people involved.

The "Nerdo" group leaders, however, were more sophisticated and used VPN services to hide their identities. Ultimately, however, their real identities were unraveled by British police, and in early 2011 the four men were busted.

"The investigators are really to be commended for breaking down the wall of anonymity that was put up in order to prevent the activity of these conspirators being interrupted," Judge Testar told the court.

The prosecution of these four men appears to be the end of prosecutions involving U.K. Operation Payback participants. British investigators have previously stated that unlike their U.S. law enforcement counterparts, who seem to be busting every Operation Payback participantthey can find, British police have preferred to target the ringleaders rather than the foot soldiers.

Cybercriminals are not only exploiting small and midsize businesses -- they're targeting them. While thefts of hundreds of thousands or even millions of credit card numbers and personal information records make headlines, many small companies' accounts have been cleaned out. In the SMBs In The Crosshairs report, we identify how SMBs are exploited, where their security fails and how they can shore up their defenses. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Andrew Binstock
50%
50%
Andrew Binstock,
User Rank: Apprentice
1/28/2013 | 7:55:18 AM
re: Anonymous DDoS Attackers In Britain Sentenced
"British police have preferred to target the ringleaders rather than the foot soldiers." Very curious to know the rationale. Is it part of a larger policy orientation, or are the laws substantially different in UK making convictions of 'foot soldiers' impractical, or is it driven by an outside factor, such as cost?
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27941
PUBLISHED: 2021-05-06
Unconstrained Web access to the device's private encryption key in the QR code pairing mode in the eWeLink mobile application (through 4.9.2 on Android and through 4.9.1 on iOS) allows a physically proximate attacker to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the...
CVE-2021-29203
PUBLISHED: 2021-05-06
A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gai...
CVE-2021-31737
PUBLISHED: 2021-05-06
emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution vulnerability due to upload of database backup file in admin/data.php.
CVE-2020-28198
PUBLISHED: 2021-05-06
** UNSUPPORTED WHEN ASSIGNED ** The 'id' parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. Note: the vulnerability can be exploited when it is used in "interactive" mode wh...
CVE-2021-28665
PUBLISHED: 2021-05-06
Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the SNMP plugin that can lead to excessive consumption of memory and CPU resources, and possibly a denial of service.