How U.K. Police Busted Anonymous Suspect

Operation Payback operators identities unearthed largely through social leakage -- highlighting differences between U.S. and British hacker investigations.

Who Is Hacking U.S. Banks? 8 Facts (click image for larger view and for slideshow)
Are U.S. authorities focusing too much on busting low-level hacktivist operators, at the expense of taking down the leading lights?
The difference in style can be seen in the approach that U.K. investigators have taken to prosecuting the ringleaders of
Operation Payback
, which was the Anonymous-branded attack campaign that targeted businesses, including PayPal and MasterCard, with distributed denial of service (DDoS) attacks for their having blocked payments to WikiLeaks. PayPal said the attacks resulted in losses of £3.5 million ($5.6 million).
According to Ray Massie, a freelance computer forensic and open source training consultant who led Britains Operation Payback investigation as a detective sergeant with Londons Metropolitan Police Service, his team focused on the people who organized the attacks and picked the targets, rather than low-level operators. We went after organizers and facilitators rather than foot soldiers. U.S. authorities went after a mix, Massie
told

The Register
.
[ For more about busting bad guys based on digital tracks, read
How Digital Forensics Detects Insider Theft
. ]
By comparison, U.S. authorities have ended up prosecuting a large number of people who downloaded a DDoS tool promoted by some of the leaders of Anonymous, and which attacked targets selected not by the downloader, but by leaders of Anonymous. The DDoS tool in question was known as the
Low Orbit Ion Cannon
(LOIC), and less advanced LOIC users didnt seem to realize that the tool often coded their IP address into the packets it generated. Many of the attacked organizations recorded these packets and shared them with authorities, who used service providers subscriber records to identify LOIC users real identities, then
began making arrests
.
Of course, U.S. authorities have also busted multiple alleged leaders of the supposedly leaderless Anonymous hacktivist collective,
including Sabu
-- real name: Hector Xavier Monsegur -- who also served as the leader of LulzSec.
But British authorities have limited their efforts to prosecuting the organizers behind Operation Payback, as highlighted by the case of Northampton, England-based Christopher Wetherhead (aka Nerdo), 22. Last week, he was found guilty in Southwark Crown Court of one count of conspiracy to commit unauthorized acts with intent to impair the operation of a computer, in violation of the U.K.s 1990 Computer Misuse Act.
In his defense, Wetherhead maintained that he only moderated the AnonOps IRC channel. But Scotland Yards Police Central eCrime Unit had studied numerous Anonymous IRC logs and found nickname (NIC) clues that helped them identify the British leaders of Operation Payback
In a nutshell we identified Weatherhead via the IRC network, former detective constable Trevor Dickey, who now works in the private sector, told
The Register
.
We identified their IRC channels and captured several weeks of chat. During that time we looked at the status of NICs such as admins and operators, he said. We then did some keyword searching and spent a lot of time looking [at] social leakage. Combining all these elements we then identified the NICs of interest and did open source research on them. Weatherhead was easy to identify as he had been using the NIC of Nerdo for quite some time.
The other suspects likewise were also identified in large part via social-network leakage. We were able to tie their digital identities to real life identities, Massie told
The Register
. Now that the suspects are in their 20s, they are security conscious, but they were using the same nick when they were a kid on gaming forums or elsewhere. They made mistakes.
Prosecutors also found evidence that Wetherhead had contracted for services with
bulletproof hosting provider
Heihachi in Russia, on behalf of Anonymous. The prosecutor described Heihachi as providing a safe haven for cybercriminals.
Thanks to that police digital forensic work, a jury of six men and five women took just two hours to return a guilty verdict against Weatherhead, saying hed had an integral role in the attacks, reported
The Guardian
.
Three other men -- Jake Alexander Birchall, 18, of Little Neston, Cheshire; Ashley Rhodes, 27, of Bolton Crescent, London; and Peter David Gibson, 24, of Hartlepool, Cleveland -- earlier this year pled guilty to the same charge.
Judge Peter Testar told Wetherhead that he and his co-conspirators
might do jail time
as a result. All four men are due back in Southwark Crown Court in January 2013 for pre-sentence reports.
Stay ahead of the eCommerce technology curve. Watch our webcast, Next Generation e-Commerce Strategies for B2B Sales and Marketing, to learn the strategies and tactics you can use to more efficiently give your clients what they want, keep them happy and increase sales.
Register now
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
How U.K. Police Busted Anonymous Suspect