Anonymous DDoS Attackers In Britain Sentenced

Two men receive jail time for botnet attacks on PayPal, MasterCard, Visa and the British ant-piracy lobby as part of Operation Payback.

Mathew J. Schwartz, Contributor

January 25, 2013

4 Min Read
Dark Reading logo in a gray background | Dark Reading

Two men have been jailed in Britain for their role in launching distributed denial-of-service (DDoS) attacks against a number of high-profile sites, including PayPal.

"It is intolerable that when an individual or a group disagrees with a particular entity's activities, they should be free to curtail that activity by means of attacks such as those which took place in this case," said Judge Peter Testar, when he handed down his decision in the case, according to news reports.

British police had arrested five men and one minor as part of their investigation into the DDoS attacks. While one man was released without being charged and the minor released with a warning, the others were charged with violating the United Kingdom's Computer Misuse Act 1990. The group's ringleader, Christopher Weatherhead, 22, pleaded innocent to that charge, but was found guiltyin December 2012, and this week received a sentence of 18 months in jail. Meanwhile, Ashley Rhodes, 27, who pleaded guilty to the charge against him, received a jail sentence of seven months.

[ The Spamhaus group thwarted a Russian botnet. Read more at Virut Malware Botnet Torpedoed By Security Researchers. ]

A third man, Peter David Gibson, 24, pleaded guilty and was sentenced to six months imprisonment -- suspended for two years -- and 100 hours community service after the court found that he'd played a lesser role in the attacks. A fourth man, Jake Alexander Birchall, 18, who's currently on bail, last year pleaded guilty to the charge and is due to be sentenced on Feb. 1.

This appears to be the first time that people have been imprisoned in Britain for launching DDoS attacks, reportedthe BBC.

British police commended the sentencing. "Perpetrators of distributed denial-of-service attacks laud them as civil protests, but they can be incredibly damaging to the finances and reputations of online businesses. Simultaneously, they impact on the general public's ability to use online services," said detective chief inspector Terry Wilson of the Metropolitan Police Central e-Crime Unit, in a statement. "These men provided the infrastructure for such attacks. The sentences they have received are indicative of how serious the crime is and the tough approach the courts will take to such criminals."

Authorities said Weatherhead's group -- operating under such nicknames as "Nerdo" and "NikonElite" -- built a botnetthat they used to launch the attacks. While most botnets are comprised of surreptitiously exploited PCs, investigators said Weatherhead's botnet was comprised, at least in part, of volunteers' PCs, with many of the volunteers having been cultivated via Twitter and Facebook.

"The group targeted a number of companies from the digital entertainment industry that make up the anti-piracy lobby -- i.e., those taking legal actions against illegal file-sharing -- including 'Ministry of Sound' and the 'British Phonographic Industry,'" read a police statement. "The group then switched their attentions to companies including MasterCard and PayPal after their withdrawal of services from WikiLeaks."

PayPal had previously told the court that it incurred approximately $5.5 million in damages as a result of the attacks, which were conducted under the Anonymous banner as part of Operation Payback, which began after PayPal stopped processing payments on behalf of Wau Holland Foundation, which supported WikiLeaks. Along with the DDoS attacks, visitors to PayPal and other targeted websites were also redirected to a site that read, "You've tried to bite the Anonymous hand. You angered the hive and now you are being stung."

Unbeknownst to many of the attackers, however, their tool of choice -- dubbed Low Orbit Ion Cannon-- included the user's IP address with every attack packet, unless users took steps to hide it. As a result, PayPal was able to capture the IP addresses of many people who participated in the DDoS attacks, and it shared the information with investigators, who cross-referenced it with service providers' subscriber records to identify the people involved.

The "Nerdo" group leaders, however, were more sophisticated and used VPN services to hide their identities. Ultimately, however, their real identities were unraveled by British police, and in early 2011 the four men were busted.

"The investigators are really to be commended for breaking down the wall of anonymity that was put up in order to prevent the activity of these conspirators being interrupted," Judge Testar told the court.

The prosecution of these four men appears to be the end of prosecutions involving U.K. Operation Payback participants. British investigators have previously stated that unlike their U.S. law enforcement counterparts, who seem to be busting every Operation Payback participantthey can find, British police have preferred to target the ringleaders rather than the foot soldiers.

Cybercriminals are not only exploiting small and midsize businesses -- they're targeting them. While thefts of hundreds of thousands or even millions of credit card numbers and personal information records make headlines, many small companies' accounts have been cleaned out. In the SMBs In The Crosshairs report, we identify how SMBs are exploited, where their security fails and how they can shore up their defenses. (Free registration required.)

About the Author

Mathew J. Schwartz

Contributor

Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights