The Brief — A threat was made against an Australian state police service that included an attack against its online resources and the publishing of serving member database information. This threat, if carried out, would have cost untold tens, if not
hundreds of thousands of dollars; as well as severely compromising reputation,
confidentiality, safety and operational efficacy of active members.
Rexxfield’s brief was to use the limited intelligence the Police Service had gathered, to
determine if it were possible to build a better profile and identify threat origins
from anonymous personas and online accounts they had created. The Police Service
had made no headway in 10 days.
The Outcome — Rexxfield was able to:
- Positively identify operational personas and true identities of the key
participants, resolve network infrastructure, geolocation and other identifying
details. The lead hacker was identified within three hours. - Map additional communications channels and methodologies used by
associated personas. - Identify a nest of HACTivists in the form of a group of 1000+ friends within
an obscure social networking platform, used for covert communications and
private messaging, outside of mainstream and highly scrutinized social
networking platforms. This discovery was a mother lode of intelligence. - Build an archive of communications conducted and exchanged by the key
perpetrator, in effect recovering deleted communications, retrieving
conversations believed to have been private and collecting existing public
communications. - Create a walk-through cheat sheet for Police Service personnel which
essentially reduced the Rexxfield work product to only the essential
investigation steps by eliminating the superfluous elements. In doing so a
Police Service sworn officer was able to duplicate Rexxfield intelligence
gathering and evidence preservation steps required to positively identify the
key perpetrator and inexorably link all relevant communications to that
individual. Thus enabling the officer to testify under oath if necessary, to
obtain warrants and if needed testify before the jury rather than requiring
Rexxfield consultants to go public with its methods and involvement.
