Bellingcat

Thursday, 12 April 2012

The Leaked ICQ Logs - Summary of What We've Learnt

Following on from the leak of Lee Gibling's ICQ logs where we discovered Lee Gibling worked for MindPort/Irdeto contractor AIM at the same time he was running THOIC for NDS Something Awful forum members Shageletic and Munin have put together an summary of what has been learnt from the leaked logs:

Lee is a good friend of Martin Gallagher, cerainly around the year 2000. The log is full of banter and they seem to have a good overview of the activities they are both involved in across NDS, AIM, Irdeto and Mindport. Lee knows that if NDS found out how closely he worked with AIM he might get into trouble.

Lee has a close working relationship with NDS. He was offered a place on the payroll, along with upgrades to servers and direct cash payments.  One of the logs mentions how he was offered the use of Ray Adam's holiday home for him and his family. He also was directly paid and employed by Barry Watters for most of the period of the logs until he started having increasing issues getting Barry Watters to pay him. He didn't have direct contact with Irdeto/Mindport. All contact seems to have been via Martin and neither wanted Mindport to know of Lee's involvement with THOIC.

Martin was employed by Barry Watters but seemed to spend most of his time interacting with Mindspring. He also was familiar with Adams and NDS but didn't seem to do any jobs for them.

Lee's main job for Barry Watters and Martin seems to have been acting as an IT consultant and general finder of information. This involved flagging up new hacker sites, monitoring the progress of various hacker groups towards a hack and providing samples of hacks and tools, with Lee occasionally purchasing them and being reimbursed by AIM.  Barry and Martin seemed to keep their client ignorant of the exact way they obtained them. They also sought to recruit other hackers

Lee's main job for NDS seemed to be doing odd programming and webmaster jobs and maintaining THOIC. He doesn't discuss many of the particulars of his NDS work with Martin. NDS helped set THOIC for Lee, which benefited from Lee's hacker knowledge, along with aggresively acting against other hacker websites.

Martin's main job seems to be as an information channel for Barry Watters and Mindspring. He traveled to meet hackers and informants. He was also (not very competently) setting up a mirror of major hacker sites on a isolated server for MindPort, with MindPort planning to use it as part of a service is wished to offer it's clients. Presumably this was to help them monitor activity on these sites and to have a local copy of any valuable intel should these vanish or get taken down.

Irdeto/Mindspring seemed to be keen on getting sites taken down. Koos and Kuster seemed to be the internal Irdeto/Mindspring security guys who were involved in that. They were both unpopular with Lee and Martin (and NDS, see the Bonds related e-mails) as they were seen as stirring up the nest and threatening valuable informants. In general, in all the logs Lee and Mertin show no desire to see most of the sites shuttered, they are more interested in observing and exploiting them.

As far as illegality is concernd then THOIC is definitely illegal and the logs show how everyone knew Lee well and that essentially everyone knew his involvement with THOIC. One thing to note is that Lee was saying that "the bosses" were monitoring his webmaster@thoic e-mail address. Something rather difficult to do if they didn't have direct control of the operation.

Nothing blatantly illegal has come up in the logs. That said both Lee and Martin were routinely dealing with criminals and buying their goods. They knew the full identities of many major players and essentially did nothing to curtail their activities. All of this, including the blattantly illegal THOIC, was all done with full knowledge of their respective superiors.

You can contact the author on Twitter @brown_moses or by email at brownmoses@gmail.com

No comments:

Post a Comment