Not-so anonymous Anonymouses head off to prison over PayPal DDoS

Four young Englishmen who went on an Anonymous rampage back in 2010 weren’t as anonymous as they might have hoped.

They were traced, identified and arrested.

We wrote at the end of 2011 that they’d been released on bail after being charged with running Distributed Denial of Service (DDoS) attacks against a number of high-profile payment processing companies.

PayPal, Mastercard and Visa ended up under the pump in the attacks, which were carried out in revenge for those companies refusing to process donations to controversial whistle-blowing outfit Wikileaks.

The fact that the DDoS might have prevented many other not-for-profit organisations from receiving donations as a side-effect didn’t seem to worry the attackers.

Interestingly, the judge who granted them bail didn’t ban them from using the internet during their temporary freedom, but he did place them under an unusual restriction: they weren’t allowed to use their online handles, or nicknames.

That probably wasn’t too onerous for Christopher Weatherhead, now 22, who had to stop going by “Nerdo”, nor for Ashley Rhodes, 28, who could no longer strut his stuff as “NikonElite”. But it might have been tricky for 24 year old Peter Gibson, who was apparently banned from calling himself “Peter”.

(It’s not clear if he had to go by the rather formal “Mr Gibson” instead, or if, paradoxically, he was permitted to adopt a pseudonym, provided it was one he hadn’t used before.)

All four pleaded guilty. Three have now been sentenced: Nerdo got 18 months, NikonElite got seven and Peter, also known as Peter, got a six month suspended sentence.

The fourth hacktivist, whom we now know to be Jake Birchall, was just 16 at the time of the offence and will be sentenced separately. He too was banned from using his nick while on bail, but the court never told us what it was.

You’ll find widespread reports suggesting that this attack alone cost PayPal £3.5 million (about $5.5 million), if you’re wondering just how harmful a DDoS can be for an online business.

You need to take this sort of damage figure with a pinch of salt – it seems to include the cost of precautions taken after the attack by PayPal that were an investment to protect the company into the future, so it seems a little counter-intuitive to include this in the retrospective cost of recovering from an attack.

But there is little doubt that the hacktivist quartet did, and intended to do, as much damage as they could. They’re said to have bragged on IRC, saying:

We have probably done some million pound of dmg to mc

(The word dmg, of course, means damage, while mc is shorthand for Mastercard.)

Now they get to regret.