(Here’s an exercpt from my ebook Inside Anonymous: A Journey into the World of Cyberactivism – Inform-ant.com, 2013, just published in English)
Almost simultaneously, on the other side of the Atlantic, the case of the PayPal attack in 2010, launched by Anonymous as part of Operation Payback, the DDoS campaign in defense of WikiLeaks, reached its climax. Some young British people have been accused and condemned for that attack: in particular, a 22-year-old man, Christopher Weatherhead, who called himself “Nerdo” online, was convicted of conspiracy to impair computer operations. He has been sentenced to 18 months in prison.
In this case, there is at least one delicate element to be considered and that is, that Weatherhead/Nerdo, who denies a charge of conspiracy, was in fact an IRC administrator and rather than having participated in the attacks, according to the indictment he had instigated them. As The Register wrote “the UK police decided to target the administrators of Anonymous-run channels, focusing on instigators of attacks rather than Anonymous “foot soldiers” otherwise involved in DDoS assaults“.
Was he really an instigator? And what does this mean? “Nerdo wouldn’t attack, he was only an IRC network operator and he did a lot for it. It is unfair to be on trial for something like this”, Highlander, an old anon who participated to Operation Payback, tells me. “He was an IRC administrator and he was a spokesman. They seem to go more after those guys and this proves that they are angry”, Windu, a current IRC administrator himself, confirms. To this day, Weatherhead/Nerdo’s biggest mistake was, for sure, that of having used the same nickname for such a long time or more precisely, of having used the same one he had used as a kid, when he took less care with his anonymity. In this way, the police, and in particular Scotland Yard’s Police Central eCrime Unit was able to trace his identity, after chasing him in the IRC channels.
“We identified their IRC channels and captured several weeks of chat. During that time we looked at the status of nicks such as admins and operators”, former detective Constable Trevor Dickey declared to The Register. “We then did some keyword searching and spent a lot of time looking for social leakage. Combining all these elements, we then identified the nicks of interest and did open source research on them. Weatherhead was easy enough to identify as he had been using the “Nerdo” nick for quite some time”. “We were able to tie their digital identities to real life identities”, added Ray Massie, a computer forensic consultant who led the investigation. “Now that the suspects are in their 20’s, they are security conscious, but when they were kids, they were using the same nick on gaming forums or elsewhere. They have made mistakes.”
The trial for the PayPal attack is also remarkable for the damages estimated by the company at £ 3.5 million. According to the pleadings released by the prosecutor Sandip Patel, the attacks caused “considerable damages” to the firm’s reputation and a loss of trade. More than 100 workers from PayPal’s parent company eBay spent three weeks working on issues related to those attacks. Moreover, PayPal also had to buy additional software and hardware to defend itself against similar attacks in the future.
Windu thinks that the amount of £ 3.5 million is decidedly excessive from all points of view. Also because their website, he says, “was disrupted for a week and they had intermittent issues, but it was not completely down”.
Highlander remembers those days or “good ol’ times” as he calls them. “There were 9,000 people attacking PayPal, 7,000 of them in the hive in other words, connected in a hive mind mode”.
This was a LOIC version that enabled the users who had downloaded the software to connect to an IRC server where a “commander” was leading them automatically to the targets. Therefore, they were all together, launching a hailstorm of data packets that was sending the selected website haywire.
Those who stayed out of the hive did so because they had heavier means: either software like HOIC, which allowed them to launch a DDoS attack independently, or a real botnet.