Nerdo, known in the real world as Christopher Weatherhead, a 22 year old male, studying at Nottingham University, was busted earlier this year for allegedly taking part in the Denial of Service (DDOS) attack on PayPal that he allegedly conducted as part of the Anonymous Op, “Operation Payback”. A operation launched by the hacktivists in support of WikiLeaks when the PayPal site stop taking payments.
Nerdo was convicted on one count of “conspiracy to impair the operation of computers” after been found guilty by a jury last week at Southwark Crown.
Three other co-conspirators had already plead guilty to the same charge, all male ranging in age from 18 to 27.
All relatively mature hackers, all with a decent IQ, and all with plenty of experience on how the Internet world worked. So what when wrong?
Surely they weren’t bragging about their exploits on Facebook, a common mistake by the junior hackers in the world, or even bragging about it on Twitter, another popular yet naive mistake?
Actually, no, as with most hackers now-a-days they communicated via IRC channels, which they know will be monitored, but they used common techniques to hide their real world identity, such as TOR, anonymous proxies and encryption.
The AnonOps IRC channel was very popular with Anonymous foot soldiers, but was run and controlled by “senior” members that were Admins or Operators. These Admins and Operators had their own private channel that they used to communicate with, including plotting strategies on how to control the foot soldiers, by shouting down dissenting voices and directing discussions.
Their biggest mistake was social leakage. The IRC was run under anonymous nicknames, such as Nerdo, which allowed “status” updates. So while the Feds could not track the TOR users that were contributing to the AnonOps channel, they could investigate their Status updates. For example if an Admin or Operator was to update their status with “Just won award for advanced computer technology” the Feds would check all social network updates to see who with a real identity had a similar update.
The Feds also checked out common gaming platforms, such xBox Live, PlayStation network, World of Warcraft and RuneScape. While it might have been common to use TOR when accessing IRC it is much less common to use it while playing online, just because of the latency it would cause.
Therefore if you have used your hacker nickname anywhere else on the net, you were busted.
This includes using the name when you were a less paranoid teenager, for example Nerdo had been around many years, and had foot prints all over the web, foot prints that led straight back to him.
Even today I see “future” hackers that are advertising on Twitter and Facebook, and no private messages in Facebook/Hotmail/gMail are not private to the Feds. I have even seen these future hackers buy the domain name that relates to their anonymous hacker nickname. These future hackers are too young to know any better and as their “reputation” grows they become less reluctant to give up their nickname and even if they do the temptation to brag about their previous reputation proves too much.