Hardly any TV coverage has been given to one of the biggest DPA breaches to happen within the UK by law firm ACS:Law which is managed by Andrew Crossley.
This news is one of the biggest news stories circulating online and effects over 18,000 people that have had their sensitive data shared online. There will be repercussions of this for years to come but there may be some good points that come out of it as well.
A company named Aiplex was hired by certain large multinational copyright holders to DDoS (Denial of Service) Attack the Pirate Bay (A file sharing site). The Pirate Bay was the subject of several attacks and with the help of Anonymous (a white hat hacking group that have been campaigning against the cult of Scientology for many years).
Anonymous started organising “Project Payback is a Bitch” through the 4chan message boards which took the form of DDoS attacks against the original perpetrators sites.
One of the sites targeted last week was also ACS:Law that have been sending letters en-masse to alleged file sharers infringers with the only proof of evidence being an IP Address. This is shoddy evidence in the slightest as it does not show who has downloaded or uploaded material only that a connection was used that may be associated with an Internet Account.
ACS:Law was using court orders against ISPs, mainly BSkyB, BT, and PlusNet to obtain customer details, then sending an intimidating demand letter usually for £500. The titles claimed to be have downloaded were usually pornographic titles, games, or music files.
Out of all the letters sent, roughly 25% were paying up due to fear, limited knowledge of how it works, embarrassment, or because they were actually guilty of downloading a file.
The letters are worded in a way to spread fear, as they cannot prove that the person actually downloaded the material in question, they only know that an IP address was used for the download.
An IP Address is very flimsy evidence for the fact that (a) it can be spoofed, (b) sites like The Pirate Bay inject fake IP Addresses in their logs to create confusion on who is downloading material, (c) Wi-Fi connections can be easily hacked, (d) Wi-Fi connections can be unsecured and easily accessible (e) the download may have been made by someone living in the house, a neighbour, a person sitting in a car, and so on.
Anyway, letters were sent en-masse, and some people felt obliged to pay for a variety of reasons and I am assuming the majority out of intimidation. The way the letters were sent out with little, or no proof, highlights this as a legalised scam/extortion.
Anyway ACS:Law were attacked by Anonymous and their site was taken down. The IT staff responsible for the website, restored the site, but while they restored the site they made available a complete backup of all the companies email accounts, which included personal messages, employment details, bank account details of employees and alleged file sharers, names and addresses attached to the alleged titles they downloaded, letters of plea by the accused file sharers, and so on.
This was freely available on the ACS:Law site for people to view and download. Once someone spotted this error it didn’t take long for a complete backup to be made which was then made available through the Pirate Bay and other file sharing site. The ACS:Law data leak have been downloaded countless times and is freely available around the world for anyone to have a look.
The Data Leak
The data leak has included some interesting emails between employees which at times show that the company knew they were on shaky ground when it came to pursuing alleged file sharers, and I would like to note, that not one case has been brought to court.
People that deny the allegation (around 75%) after a few harassing letters, their cases are dropped as it is too costly and not enough evidence to take them to court. The 25% that have paid (for one reason or other, whether guilty or not) are the ones that are supporting this business practice financially and making this form of intimidation a lucrative business model.
Basically they are casting a large net across the UK, hoping to reel in some and with over 18,000 customer details ready to be processed for threatening letter wanting money (roughly £500 each), only 25% return on all the letters is still a very attractive and lucrative business. I would also like to note, that this type of practice is how most scams work.
I have read through some of the leaked emails and to say I am shocked is a major understatement. This should be on all the mainstream news channel constantly until actions have been taken against ACS:Law for this major breach. The emails have shown others to be concerned at the legality of the practice, poor unemployed persons offering to pay when they cant afford to pay, yet denying they made any download in the first place, and so on.
There is also spreadsheets available of PlusNet, BT and BSkyB customers with their name and address linked to material they have allegedly downloaded, most of these are for pornographic titles as well.
We have looked at the postcodes for these people and currently there in no names for Lochgelly, but their is some details of alleged file sharers from the surrounding area. To these people, I urge you not to pay ACS:Law, there is no proof you have downloaded anything, contact the Information Commissioner and seek compensation from the ISP providing the data (they sent some of the info unsecured against the Court Order) and against ACS:Law. Definitely seek legal advice and also contact your local MP.
The emails also give you an insight into the man responsible for all these letters that are targeting low income earners. His workers are paid a small pittance, while Andrew tries to demand that 200 claims are processed a day. Meanwhile what he saves in staff wages are splurged by buying a new Bentley and Jeep for his mistress, looking to buy expensive homes and go on expensive holidays, while he also tells his ex-wife (in a language unbefitting of a solicitor) that she is living with a drug addled hermit and to get out his life, struggles to pay his rent, direct debits are refused, clients demanding money and unpaid invoices. One email also talks about money laundering yet there is not enough information to actually know if they are money laundering or why this reference is made.
Within the leak there is all the personal details of various company and personal accounts of Andrew Crossley. Most sensible people are sympathising with the alleged file sharers and provide support online to them which is a good thing.
However for Andrew Crossley his troubles are just beginning, message boards are leaking all the details of his bank accounts, credit cards and company accounts. I have seen unconfirmed reports that his eFax account has had a password change and now people are sending faxes en-masse to places in Somalia and a variety of other locations.
People have been claiming to top up their skype accounts using the PayPal details of Andrew Crossley. Also he has been receiving pranks calls from around the world at all times of the day, I am sure he will receive much spam to his home address, as well as many “free” pizzas.
While I do not condone these actions, it has shown that these companies like ACS:Law are unethical and have been profiteering through intimidation on lack of evidence. Before anyone feels sorry for Andrew Crossley, remember he has been profiteering through scare mongering thousands of potentially innocent people on the whimsiest of evidence that would not hold up in a court. Some might even say to Andrew that Payback is a Bitch.
Today GM Lawyers will be approaching the court for the details of PlusNet customers to continue the type work of ACS:Law was engaged in. PlusNet customers are outraged at this and are hoping PlusNet will fight the legal action. I will post an update later.
If PlusNet fail, PlusNet customers should expect to start receiving letters in the next couple of months. If you do receive a letter do not pay, do not admit guilt, reply with a very short denial and do not give them any information to work with.
This also highlights some major concerns over the Digital Economy Act. Once this act is live it will lead to an estimated 7 million people within the UK being branded a criminal. Therefore if you are aware of what is going on with these companies, the major breach and more contact your MP and hopefully they will manage to pass laws to stop this insidious practice being conducted by bottom feeding solicitors.
If you need further information or help with any of these issues please visit the following sites: