Anonymous hackers jailed for DDoS attacks on Visa, Mastercard and Paypal
Two self-styled “hacktivists” were jailed today for carrying out cyber attacks with hacking group Anonymous, one of which cost a website £3.5 million.
Christopher Weatherhead, 22, of Holly Road, Northampton, was given an 18-month sentence at Southwark Crown Court, London, after being found guilty of conspiring to impair the operation of computers between August 1, 2010 and January 22, 2011.
Ashley Rhodes, 28, of Bolton Crescent, Camberwell, south London, admitted the same charge and was jailed for seven months.
Co-defendant Peter Gibson, 24, of Castletown Road, Hartlepool, was deemed to have played a lesser role in the conspiracy, which he also admitted, and given a six-month suspended sentence.
Jake Birchall, 18, from Chester, will be sentenced later. He had also admitted the conspiracy.
Weatherhead did not react as he was jailed but Rhodes sighed and leant his head back on the wall behind him. A relative of one of the four defendants was seen weeping outside the courtroom following the sentencing.
Birchall will be sentenced on February 1.
The websites that fell victim to the cyber attacks were chosen by Anonymous, as part of so-called Operation Payback, because the hackers did not agree with their views.
Judge Peter Testar said: "It is intolerable that when an individual or a group disagrees with a particular entity's activities they should be free to curtail that activity by means of attacks such as those which took place in this case."
The distributed denial of service, or DDoS, attacks paralysed computer systems by flooding them with a huge number of online requests. Victims' websites would be directed to a page displaying the message: "You've tried to bite the Anonymous hand. You angered the hive and now you are being stung."
Online payment website PayPal was targeted, at a cost to the company of £3.5 million.
Others hit by the attacks included Mastercard and Visa.
Anonymous initially targeted companies involved in anti-piracy and digital rights, including the British Recorded Music Industry (BPI), the International Federation of the Phonographic Industry (IFPI) and four sites operated by the Ministry of Sound.
They then shifted their attention to payment sites which would not process donations to the Wau Holland Foundation, which is involved in raising funds for WikiLeaks.
Prosecutor Joel Smith said it was a "persistent campaign" designed to "cause damage, financial losses and press exposure".
Judge Testar told the court: "The purpose of these conspirators was to cause the websites of organisations to crash and therefore take them temporarily out of service."
He noted that their aims were not to cause permanent damage or to steal information from the sites and added: "The purpose was not commercial. It was activity by way of protest."
The DDoS attacks themselves were not particularly sophisticated, according to the judge.
"What was sophisticated was the lengths taken to protect the identities of those involved," said Judge Testar. "The investigators are really to be commended for breaking down the wall of anonymity that was put up in order to prevent the activity of these conspirators being interrupted."
The Ministry of Sound estimated the cost of the attack on their sites as being £9,000, while the IFPI's costs were more than £20,000 and the BPI's more than £4,000.
The financial impact on MasterCard and Visa were not revealed to the court. However, writing on an internet relay chat (IRC) channel to another user, Weatherhead boasted: "We have probably done some million pound of dmg (damage) to mc (MasterCard)."
At one point Gibson suggested the website of singer Lily Allen, now known by her married name Lily Cooper, as a possible target to Rhodes, who agreed with the idea. However, the attack never went ahead.
Judge Testar told the court: "They got themselves into a bit of an ideological twizzle. On one hand, they wanted to attack her because she had taken a stand against breach of copyright.
"But on the other hand, they didn't like the idea of attacking artists."
Weatherhead, who was studying at Northampton University at the time of the attacks, played "a leading role" and "was directing the activities of others", according to the judge.
"I'm satisfied that he was an important person in this conspiracy, certainly the most significant of those in the dock," he added.
Weatherhead used the online nickname "nerdo", the court was told, and his computer passwords were variations on the phrase: "Nerdo is the best/worst hacker in the world".
Mark Ruffell, defending Weatherhead, claimed his client was "addicted" to hacking.
He blamed Weatherhead's involvement in the cyber attacks on what he called "the nerd factor".
"It's that type of person who makes friends and finds an identity and generates a status in a virtual world," said Mr Ruffell.
He added that Weatherhead was a student "full of idealism and zeal" for his particular cause but has now turned away from the world of hacking, saying: "Never again."
Rhodes, the oldest of the group, also had an "ideological motive, not a financial motive", said his barrister, Nina Grahame.
He was described as being "hands on" and "closer to the coal face" than his co-defendants.
His involvement in Anonymous was due to "boredom", she added.
Rhodes' wife, who attended court to support her husband, had no idea of the illegal activities in which he was involved.
Gibson, who was not involved in the MasterCard, Visa or PayPal attacks, was also ordered to carry out 100 hours' community service as part of his sentence.
He was involved in the hacking for a shorter time than the others and left the group when he realised they intended to cause financial damage, the court was told.
Gibson, a York University graduate who achieved 14 GCSEs and 3 A-levels at high grades, was described as being "remorseful" for the role he played as an administrator for Anonymous.
The computers used by Weatherhead, Rhodes and Birchall to carry out the attacks will be taken away from them after the judge made a deprivation order.
Weatherhead had asked for the shell of his computer to be kept but the judge refused, saying to remove only the hard drive and leave the plastic casing intact would be too much work.
PA