State Police Service, Fraud and Corporate Crime Group (Computer Crime Investigation Unit)

The Brief — A threat was made against an Australian state police service that included an attack against its online resources and the publishing of serving member database information. This threat, if carried out, would have cost untold tens, if not
hundreds of thousands of dollars; as well as severely compromising reputation,
confidentiality, safety and operational efficacy of active members.
Rexxfield’s brief was to use the limited intelligence the Police Service had gathered, to
determine if it were possible to build a better profile and identify threat origins
from anonymous personas and online accounts they had created. The Police Service
had made no headway in 10 days.

The Outcome — Rexxfield was able to:

  1. Positively identify operational personas and true identities of the key
    participants, resolve network infrastructure, geolocation and other identifying
    details. The lead hacker was identified within three hours.
  2. Map additional communications channels and methodologies used by
    associated personas.
  3. Identify a nest of HACTivists in the form of a group of 1000+ friends within
    an obscure social networking platform, used for covert communications and
    private messaging, outside of mainstream and highly scrutinized social
    networking platforms. This discovery was a mother lode of intelligence.
  4. Build an archive of communications conducted and exchanged by the key
    perpetrator, in effect recovering deleted communications, retrieving
    conversations believed to have been private and collecting existing public
  5. Create a walk-through cheat sheet for Police Service personnel which
    essentially reduced the Rexxfield work product to only the essential
    investigation steps by eliminating the superfluous elements. In doing so a
    Police Service sworn officer was able to duplicate Rexxfield intelligence
    gathering and evidence preservation steps required to positively identify the
    key perpetrator and inexorably link all relevant communications to that
    individual. Thus enabling the officer to testify under oath if necessary, to
    obtain warrants and if needed testify before the jury rather than requiring
    Rexxfield consultants to go public with its methods and involvement.