It is hard to operate in cyberspace without leaving a trail. The September 25th cyber attack on deproxfraud.info, and whistleblower Richard Marsh’s personal Facebook, Google, Gmail, Twitter, Dropbox, Vimeo, WordPress, YouTube and Twitter accounts shows a particularly grubby set of fingerprints that the Norfolk CID will doubtless be familiar with…
Richard Marsh is resident in Saskatchewan, Canada, and has been since January 2017. Thus when social media sites detected “persons unknown” logging in to the administration areas of his websites and pages from locations in Norfolk UK, they automatically sent out Security Alert emails to the page or website owner.
From the flurry of security alerts received on the 25th and 26th September, an exact timeline of the hacker’s activity can be constructed. Note that the email times are for Saskatchewan, which is 7 hours behind the UK. The hacker started by illegally accessing Richard’s Twitter account at 20.33 from a location in King’s Lynn, Norfolk. This generated the security alert below at 13.33 Saskatchewan time.
September 25th, 2017
13.33 Twitter new login from King’s Lynn, Norfolk
13.40 Facebook password reset
13.47 Twitter password reset
13.54 Twitter email address changed
14.34 WordPress (deproxfraud.info) email address changed
15.22 Vimeo account deleted
15.23 Gmail account security alert: Sign in from a Blackberry device in the UK
18.31 Dropbox account accessed from Terrington St. Clement, Norfolk
19.33 New email address “firstname.lastname@example.org” added to LinkedIn account
September 26th, 2017
01.58 Romer Photonics Company page removed from LinkedIn
05.16 Facebook account login from Whittlesford, UK
The directors of Hygiene Solutions Ltd and their partners in crime might like to contemplate the fate of young Gareth Crosskey, who was sentenced to a year in prison for hacking a Facebook Account.