Hundreds of Lee Gibling's ICQ Logs Leaked

Following on from the earlier release of Lee Giblings ICQ logs from the time he was working for Mindport and NDS I've now received the complete selection of ICQ logs from that period, taken from his hard drive. 

You can download the new ICQ logs here

Due to the way in which the files were stored in the ICQ folder on the hard drive they've been split into three seperate folders, so in many cases you have 3 copies of a slightly differing ICQ log for each person, so it's worth comparing all the logs for differences.

As identified in the earlier posts the following ICQ numbers belong to the following people:

Avigail Gutman of NDS - 4291479
Martin Gallagher of AIM - 9552119, 50640200, 56660445, 56660605, 63376893, 76873942
Barry Watters of AIM - 26354832
Len Withall of NDS - 61770995

It would be interesting to see if the times Lee Gibling was asked to do something by Ray Adams or Martin Gallagher corresponds with his activities with THOIC members.  Ray Adams emails were partly published by AFR, and all 14k can be found here.

You can contact the author on Twitter @brown_moses or by email at brownmoses@gmail.com

Lee Gibling - Ray Adams Used THOIC to Strongarm Cable Companies Into Giving Up Their Operational Security

Following on from his earlier posts on THOIC and NDS Lee Gibling popped up on Something Awful and said the following:

Well at some point of time it is bound to surface so i would rather give the facts up right now.

if you recall, i posed a question to Brown Moses, somewhat tongue in cheek, "Why would Operational Security aka NDS UK require the resources of a top team of investigators and Agents plus many paid informants when their media they were solely charged with protecting was to be blunt as safe as the Bank of England in terms of piracy".

More salient was where this budget to fund the Mad Hatters Tea Party was going to come from in lieu of Israel controlling the purse strings.

With no activity on a day-to-day basis for the operational team sitting in Maidenhead cutbacks at every corner were looking likely ultimately misplacing the talent Ray in his team had built up over the course of his tenure as head of Operational Security.

Never to be outdone, Ray came up with a magical plan.

The cable companies with their Sky TV lineup were in respect of set-box security running autonomous outside of NDS operational security. NDS UK were protecting card piracy - cable boxes used no card.

Selective hacks and pirates for cable boxes were to be cultured and made available on THOiC and the resulting impact was then delivered by a series of visits to the Cable bosses.

Ultimately Ray won his battle to retain the use of UK Operational Security personnel to take over the battle against what was presented as "blanket piracy" in their industry. I know the words used in the meetings with the Cable bosses as Ray had me write the study paper on his behalf.

Before long, the department had secured full time jobs for both Len Withall and Chris Le Maitre, both whom enjoyed the spoils of "rounding up" the same pirates that had been lured to share their spoils via THOiC.

The budget secured!

Did Israel know - I do not think so but Ray had bosses so go figure.

 You can contact the author on Twitter @brown_moses or by email at brownmoses@gmail.com

Lee Gibling Answers Some Questions About THOIC and NDS

Recently Lee Gibling has been in contact with me, and offered to fill in some of the gaps in the earlier investigation of his ICQ logs and Ray Adams' emails.  As I posted earlier, they showed that Lee Gibling worked for a company called AIM who were working on behalf of NDS competitor MindPort/Irdeto at the same time as he was working for NDS on the THOIC website project, and Lee offered to filled in some of the details that were missed.  First he talked about the Panorama programme Murdoch's TV Pirates:

Panorama touched on very little; air time is expensive and litigation from unsubstantiated talk can be dangeous.

I placed a lot of trust in Panorama and this was not displaced. All they went with was 100% but yes, a lot of questions remain unanswered.

Some people say that this is a decade old and it is old hat but if you think the mobile hacking is big business then be prepared to see the hat blown off of News Corp

On Digital was only the one company featured in Panorama that through NDS design I brought to their knees, but under their instruction and that includes on-digital we took on anything we wanted which included the whole UK cable industry.

Many thousands of jobs were lost indirectly as a result of actions made from NDS UK what was called Operational Security at Ray Adams headquarters in Maidenhead and it needs to be brought to account.

My respects go to Milly Dowler family.

He added there was much more filmed for the Panorama programme

The Panorama interview was a single "take" with Vivian. Yes, they condensed the programme to 30 minutes but the interview at one location went well over 2-1/2 hours and covered much that the Producers did not have time to consider as part of the programme. Will there be a Part II aired?  Maybe.

 Then he went on to provide more information about the AIM/MindPort/Irdeto situation:

To set some records straight - afterall many of you have invested much energy into piecing the jigsaw together, Andy Coulthurst is NOT a hacker but a full employee/technician at NDS UK. The other AC that is mentioned in email/ICQ is Andrew Curle who was at the time head of operations at Mindport/Irdeto.

I can also reveal as this is in the public domain albeit not surfaced (surprisingly) that Barry Watters was employed by Sky as a consultant and enjoyed office space at Sky.

Yes, he was seconded to Mindport on a very lucrative retainer, however, I do not believe that Sky knew this. Martin Gallagher of course knew I worked for Ray Adams, as did Barry Watters. I did communicate directly with Andrew Curle and was retained by AIM all of which was known and engineered by Ray Adams. Did NDS Israel (the top chain) know of this arrangement?  Of course they did. It's important to outline that NDS UK operational security had their budget contributions from Sky and Israel plus contributions were made to it by Ray Adam's opposite number in the Pacific Region and Asia which would be Avigail Gutman. Hence the reporting line involved many people although ultimately the buck and call was with Reuven Hasak in Israel. 

And explained how he came into contact with Ray Adams in the first place

Contact was made with Ray Adams via an Agent (employee) meeting at my home in Essex at the time. Thereafter, the same week i was introduced to Ray Adams at his offices in Maidenhead. Bit like visiting Father Christmas at Harrods .

He also gave more information on the subscriptions for THOIC that were discussed in the emails

There was NEVER any monies taken on THOiC - that would have detracted from the whole BDS ethos of using the community as a medium to either attract talented members and/or a complete audience when used to farm out information or media.

Yes, a handful of closed areas where in operation all of which were under control and instruction by NDS personnel who used pseudonyms during their online time on the forum. 

 He went on to pose this question

Why would such a significant operational security department (at great cost) be needed for the UK/Europe regions when the Sky [digital] card itself was not at risk of being compromised?

He also explained the situation with new accusations:

While I was in the UK last week or so I was introduced to Ian Gallagher of the Mail on Sunday. The introduction was made via Max Clifford. We were all set to reveal so much (far more than the Panorama programme), information that I believe will set the record straight once and for all.

The content would have been explosive however, the Mail on Sunday decided they could not follow through. I am not sure ANY newspaper under the current regime would have the balls to print. 

He also mentioned Hairymonster/FR15K

I do know that after all this time, (and I do not take kindly to blanket dismissals from Israel), that Hairy Monster holds some important collaborational evidence that between us working together can deliver a rock solid testimonial to the Leveson Enquiry.

At this present time, my solicitor (Mark Lewis) has not been contacted in respect of tribunal requests. 

 You can contact the author on Twitter @brown_moses or by email at brownmoses@gmail.com

The Week in Hackgate 09/04/12 to 15/04/12

With a two week break at the Leveson Inquiry it seemed that this week could have been a quiet week for all things Hackgate. It was reported that David Cameron would be appearing at the Leveson Inquiry after Gordon Brown and Tony Blair, which gave us something to look forward to, but all in all it seemed like it would be a quiet news.

Fortuantly Guido Fawkes decided to leak a selection of evidence from the Operation Motorman inquiry, covering 1028 News International entries, one of which included Rebekah Brooks requesting an illegal job. The Hacked Off campaign responded by putting out a statement expressing the view that the Operation Motorman files should be released, while the ICO reacted by expressing their displeasure and summoning Guido Fawkes to an interview over the matter.

More leaks occured when a number of ICQ logs belonging to NDS employed hacker Lee Gibling were released, which showed that not only was he helping NDS with the running of the hacker site THOIC, but also working with another company, AIM, who was in turn employed by MindPort, part of NDS competitor Irdeto. Later on in the week a little birdie told me there's more leaks to come, but for now we'll just have to enjoy what we have.

One Thursday the IPCC told the Met Police they'd been a bit naughty when dealing with Neil Wallis, but nothing serious enough to take any real action, and Mark Lewis announced three alleged victims of phone hacking in the US would begin legal proceedings in America, with later reports also claiming a second lawyer was considering legal action in America. In more good news for the legal profession the author of the NightJack blog exposed by the Times filed legal action against the newspaper.

After all that News International still has the joys of the long awaited Common's Select Committee report on phone hacking being released in the near future, maybe even this week, with the delays being put down to MPs being unsure if James Murdoch was either ignorant and stupid, or a liar and unfit to run a company.

You can contact the author on Twitter @brown_moses or by email at brownmoses@gmail.com

The Leaked ICQ Logs - Summary of What We've Learnt

Following on from the leak of Lee Gibling's ICQ logs where we discovered Lee Gibling worked for MindPort/Irdeto contractor AIM at the same time he was running THOIC for NDS Something Awful forum members Shageletic and Munin have put together an summary of what has been learnt from the leaked logs:

Lee is a good friend of Martin Gallagher, cerainly around the year 2000. The log is full of banter and they seem to have a good overview of the activities they are both involved in across NDS, AIM, Irdeto and Mindport. Lee knows that if NDS found out how closely he worked with AIM he might get into trouble.

Lee has a close working relationship with NDS. He was offered a place on the payroll, along with upgrades to servers and direct cash payments.  One of the logs mentions how he was offered the use of Ray Adam's holiday home for him and his family. He also was directly paid and employed by Barry Watters for most of the period of the logs until he started having increasing issues getting Barry Watters to pay him. He didn't have direct contact with Irdeto/Mindport. All contact seems to have been via Martin and neither wanted Mindport to know of Lee's involvement with THOIC.

Martin was employed by Barry Watters but seemed to spend most of his time interacting with Mindspring. He also was familiar with Adams and NDS but didn't seem to do any jobs for them.

Lee's main job for Barry Watters and Martin seems to have been acting as an IT consultant and general finder of information. This involved flagging up new hacker sites, monitoring the progress of various hacker groups towards a hack and providing samples of hacks and tools, with Lee occasionally purchasing them and being reimbursed by AIM.  Barry and Martin seemed to keep their client ignorant of the exact way they obtained them. They also sought to recruit other hackers

Lee's main job for NDS seemed to be doing odd programming and webmaster jobs and maintaining THOIC. He doesn't discuss many of the particulars of his NDS work with Martin. NDS helped set THOIC for Lee, which benefited from Lee's hacker knowledge, along with aggresively acting against other hacker websites.

Martin's main job seems to be as an information channel for Barry Watters and Mindspring. He traveled to meet hackers and informants. He was also (not very competently) setting up a mirror of major hacker sites on a isolated server for MindPort, with MindPort planning to use it as part of a service is wished to offer it's clients. Presumably this was to help them monitor activity on these sites and to have a local copy of any valuable intel should these vanish or get taken down.

Irdeto/Mindspring seemed to be keen on getting sites taken down. Koos and Kuster seemed to be the internal Irdeto/Mindspring security guys who were involved in that. They were both unpopular with Lee and Martin (and NDS, see the Bonds related e-mails) as they were seen as stirring up the nest and threatening valuable informants. In general, in all the logs Lee and Mertin show no desire to see most of the sites shuttered, they are more interested in observing and exploiting them.

As far as illegality is concernd then THOIC is definitely illegal and the logs show how everyone knew Lee well and that essentially everyone knew his involvement with THOIC. One thing to note is that Lee was saying that "the bosses" were monitoring his webmaster@thoic e-mail address. Something rather difficult to do if they didn't have direct control of the operation.

Nothing blatantly illegal has come up in the logs. That said both Lee and Martin were routinely dealing with criminals and buying their goods. They knew the full identities of many major players and essentially did nothing to curtail their activities. All of this, including the blattantly illegal THOIC, was all done with full knowledge of their respective superiors.

You can contact the author on Twitter @brown_moses or by email at brownmoses@gmail.com

The Leaked ICQ Logs - Lee Gibling Worked For More Than Just NDS

Yesterday I posted that a number of ICQ logs belonging to Lee Gibling had been leaked, and myself and others have spent some time working through the logs, looking for interesting information.

A number of the logs appear to belong to Martin Gallagher, who has a rather interesting CV:

Global Operations Manager Alternative Investigation Management Ltd (AIM) Public Company; 5001-10,000 employees; IVZ; Investment Management industry

1997 – 2004 (7 years) London, United Kingdom

I was responsible for all security projects including executive protection of CEOs and executives of well known multinational corportations, security reviews and risk assessments for large multinational media, hardware, software, and manufacturing & logistics companies.

Other areas of my operation and responsibility within the company were:

Surveillance, (Medical, Fraud & Piracy).
Test purchasing, for famous brands in the clothing, media and IT hardware and software industries
Undercover assignments, within logistics companies where high value thefts were prevalent.
Computer Forensics operations for individual clients and Blue Chip Hardware and Media companies.

Internet research, I was responsible for providing intensive internet research on hackers and piracy organisations , often infiltrating these criminal fraternities in order to provide law enforcement agencies and legal entities with criminals' personal details and evidence to support successful arrests and prosecutions.

It appears the following ICQ logs belong to him
56660605 21.12.1999 - 25.09.2000 Martin Gallagher

9552119 06.04.1999 - 05.09.1999 Martin Gallagher
56660445 08.05.2000 - 08.05.2000 SATNET/Ken Frazer
50640200 03.12.1999 - 15.01.2000 Ken Frazer
76873943 12.06.2000 - 03.11.2000 JanJo/Jannette Hess
63376893 05.02.2000 - 18.08.2000 Go4/Gopher Khan

He rather helpfully says this in his SATNET ICQ Log

56660445 (21.12.1999 15:44:31) MARTIN : SATNETºKenºFrazerºº0
56660445 (08.05.2000 18:41:11) MARTIN : yeah, i got several icq addresses
56660445 (08.05.2000 18:41:25) LEE : he he
56660445 (08.05.2000 18:41:58) MARTIN : you still got protium icq?
56660445 (08.05.2000 18:42:20) LEE : nah
56660445 (08.05.2000 18:42:48) LEE : i have also 56660605
56660445 (08.05.2000 18:43:25) MARTIN : that's me official one
56660445 (08.05.2000 18:44:08) LEE : ah - so this is yer dodgy one
56660445 (08.05.2000 18:45:19) MARTIN : satnet
Go4
Protium
those 3 r dodgy
56660445 (08.05.2000 18:46:49) LEE : i wondered who the fuck go4 was :-))
56660445 (08.05.2000 18:47:36) MARTIN : i am hoping that you is a nices peoples and can sends me somthings likes softwares
56660445 (08.05.2000 19:27:34) LEE : yes - we can send you any softwares you want - pls just ask Mr Satpratt

Along with references to his real name and contact details in the other ICQ logs it seems to confirm the accounts belong to him.

Martin Gallagher works for Barry Watters, the founder of Alternative Investigation Management Limited

Barry retired from the Metropolitan Police in 1995 after 31 years of distinguished service where he served as a front line detective at Scotland Yard. During his service he was engaged in a number of high profile departments including the Flying Squad, Regional Crime Squad and Specialist Operations. Whilst serving in these postings he was responsible for determining strategy in combating national and international crime organisations and was deployed on a number of occasions outside the United Kingdom.

He was also responsible for training operatives in Specialist Operations and on leaving the service in 1995 was engaged by Her Majesty’s Foreign and Commonwealth office to provide training specialist through the British Governments ‘Know How’ program to European countries seeking admission to the European Union.

On leaving the police service Barry founded Alternative Investigation Management Limited, a specialist security consultancy providing services to government, major ‘blue chip’ corporations and police services globally on risk assessment, crisis management, kidnap and ransom training, investigations and security training.

Lee Gibling and Martin Gallagher often discussed Barry Watters, especially in relation to Watters sending cheques to Gibling:
From ICQ log 63376893

63376893 (21.07.2000 20:10:00) MARTIN : Hi m8, Thanks for the mail re the free cam patch but I dont follow the story.

Baz said the cheque is in the post. hahaha!

Anyway, I have to do my end of month report now is there anything from you that I should put in?

From ICQ log 76873943

76873943 (31.10.2000 18:08:21) LEE : and wtf is bw?
76873943 (31.10.2000 18:08:39) LEE : i am officially on strike from today
76873943 (31.10.2000 18:08:41) MARTIN : barry watters?
76873943 (31.10.2000 18:08:51) LEE : yes
76873943 (31.10.2000 18:09:12) MARTIN : i am waiting 4 mine 2
76873943 (31.10.2000 18:09:27) MARTIN : go on strike m8!
76873943 (31.10.2000 18:09:59) MARTIN : no more stuff till i get paid :-)
76873943 (31.10.2000 18:10:05) LEE : wad da we wan,,,,, MONEY
wen da we wan it,,,, NOW
76873943 (31.10.2000 18:10:30) LEE : tell em m8! go4it

From ICQ log 56660605

56660605 (12.01.2000 22:13:08) LEE : still no bloody cheque from barry
56660605 (12.01.2000 22:13:40) MARTIN : all and any!!!!!!!!!!!
I gotta cover the globe so i have created country directories
56660605 (12.01.2000 22:13:55) LEE : that's a mean old task eh
56660605 (12.01.2000 22:14:06) MARTIN : I will chase baz up re the cheque
56660605 (12.01.2000 22:15:57) LEE : thanks

56660605 (14.01.2000 17:52:15) LEE : still no cheque with todays post - it doesn't take a whole week to send even 2nd class
56660605 (14.01.2000 17:53:57) MARTIN : I didnt get to speak with him yesterday. I would send an email in red!
56660605 (14.01.2000 17:54:27) LEE : no - i am officially on strike
56660605 (14.01.2000 17:55:46) MARTIN : ROFL :-D

56660605 (17.01.2000 15:51:50) LEE : still no damn cheque - btw i saw BW yesterday

56660605 (17.01.2000 17:55:27) LEE : cheque has turned up - it was only posted on 16th
56660605 (17.01.2000 17:55:49) MARTIN : he's a bad bugger!!!!!!
56660605 (17.01.2000 17:56:07) LEE : that is a bit naughty -
56660605 (17.01.2000 17:56:49) MARTIN : I'll say,,, Perhaps the girls forgot to post it heh heh heh
56660605 (17.01.2000 17:57:14) LEE : it is in BW's writing and had a first class stamp!
56660605 (17.01.2000 17:57:52) MARTIN : HE'S A REALLY BAD BUGGER!!!!
56660605 (17.01.2000 17:58:38) LEE : yep - i won't pay for any other software now until i have the money direct credited into my account - it's not fair having to wait 3 weeks for it
56660605 (17.01.2000 17:59:29) MARTIN : I agree! Perhaps he thinks your'e made of money!

From ICQ log 50640200

50640200 (29.12.1999 16:45:14) LEE : yes! i had to chaps the money on christmas eve!

750.00
75.00 (lee)
15.00 (chaps)

total: 840.00 - i would appreciate the money asap - i'm still out of pocket from the last lot - barry's cheque didn't turn up until friday! and won't clear now until the 4th of bloody january
50640200 (29.12.1999 16:45:38) MARTIN : k - i has been well busy!! yesterday was very very

So that appears to show that Lee Gibling was receiving money from AIM over a period of months, if not years, and in some cases Barry Watters, the founder of AIM, personally signed his cheques.

It appears AIM was working on behalf of Mindport, a division of Irdeto, and Lee Gibling was keeping NDS informed of their plans

From: THOiC Online© [mailto:webmaster@thoic.com]
Sent: Saturday, December 11, 1999 1:54 PM
To: radams@ndsuk.com; agutman@ndc.co.il
Subject: damn and blast!

Avigail

I have been in communication by telephone this morning with Martin
Gallagher who works for Barry Watters. The general chit chat moved to
Dave Cottle, and Martin was excited to tell me that he will be getting
a suprise very soon.

I enquired exactly what he mean't by that and he said that he was
going to be busted - he did not say whether it was he and Barry who
would be involved directly in the bust or whether it would be joint or
just Mindport.

He gleefully explained that MINDPORT had all the email from DC to
others including MM - I enquired what email he was talking about and
he said that they have an intercept running on his mailboxes.

This is crap - Mindport BW and MGallagher couldn't complete a Rubik's
Cube let alone get a hack working on several mailboxes.

I suggest the truth is they are either relying on the quantity of copy
email exchanged between Bond and MM which was furnished through me
or/and the content of Rolf's HDD.

Either way, I am concerned that they (Mindport & BW- AIM) are again
going off at a tangent looking for kudos. I think it would be a
serious judgement of error for them to attack Bond at this stage.

1. There is the GESA development which we have on the boil.

2. It would finish the Forum for GOOD. A forum that has and will
continue to produce excellent information.

3. What exactly will they get on Bond if they rely on the older
emails? a test case in australia - incitement to hack?? wow!

I've copied this to RA - you will no doubt be speaking to him on this
and I would be pleased if you can tell me that all the work we have
done will not be ruined by this complete bunch of amateurs.

Lee'

Now it's apparent that NDS and AIM had contact with each other, as this email shows:

'From: Bary Watters
To: Adams, Ray
Date: 11/17/1999 5:23:54 AM
Subject: eurosky

Hi ray the following forwarded for your info, found by martin:-

Do You live in Europe? Want to have Sky Digital in your home? Well now
you can. Here at Euro sky, we can supply one of two options to fulfill
your needs. Simple click on the option you prefer below:'

But it seems that Lee Gibling may not have been too keen on letting NDS know how much contact he was having with Martin Gallagher

63376893 (17.07.2000 20:16:17) MARTIN : u okm8?
63376893 (17.07.2000 20:17:04) LEE : yes - glad i got you
don't send any mail to lee@thoic.com or webmaster
send any mail to me at snakesurf69@hotmail.com
63376893 (17.07.2000 20:17:36) MARTIN : whats happend?
63376893 (17.07.2000 20:18:15) LEE : just that my mail is being monitored by the bosses
63376893 (17.07.2000 20:18:43) MARTIN : no probs m8. theybin moanin?
63376893 (17.07.2000 20:19:04) LEE : not really - just makin sure there's nothing to moan about
63376893 (17.07.2000 20:19:48) MARTIN LEE : k i will delete all refs to webmaster @ thoic and shall always use the new one,,,,,,,, ok?
63376893 (17.07.2000 20:20:07) LEE : i think that's best for now m8
63376893 (17.07.2000 20:20:19) MARTIN : k

Assuming that by "bosses" Lee means NDS it seems that he didn't want them to see what Martin was sending him.

Now, Martin and Lee seemed to have a very friendly relationship, with Lee apparently providing Martin with plenty of information about THOIC, including letting Martin know when THOIC users who were Mindport plants were accidently letting the webmasters know they were from Mindport.

56660605 (13.02.2000 16:14:17) LEE : MP are total wankers - there are a few people that know their ID's now in the forums
56660605 (13.02.2000 16:14:36) LEE : he he - i couldn;t sleep last night and was up till 4 am
56660605 (13.02.2000 16:14:50) MARTIN : who's bin in there?
56660605 (13.02.2000 16:17:44) LEE : quite a few actually - and silly silly boys think they are safe using a 3rd party email or ISP - but the wankers have been using the 'UBB a Friend' option to send some threads to people and the forwarding addresses they have input as so and so form mindport.com - they never learn - these forwarded messages are read by Bond - the messages are system generated when someone forwards on a message from the forums and it tells everything - bond gets copies as do I - so we can see who is forwarding threads out of the forums! it's common practise and IMO pretty lame
56660605 (13.02.2000 16:18:48) MARTIN : can u get me the details, ie alias used etc? I'll fkin sort em!!!
56660605 (13.02.2000 16:19:27) LEE : yeah - Mindport Australia - they also identify a plant in the forums - how amateur eh!
56660605 (13.02.2000 16:19:47) MARTIN : bond 007 he's one of ours, (i mean yours?)
56660605 (13.02.2000 16:20:07) MARTIN : had to be them eh?

Martin also wasn't shy about asking Lee to perform less than legal tasks

9552119 (13.07.1999 20:49:19) MARTIN : Lee, could you access hotel computers? ie bookings and reservations?
9552119 (13.07.1999 20:49:45) LEE : it's possible - depends on their security
9552119 (13.07.1999 20:50:15) MARTIN : you would have to do it through an annonymous ip eh?
9552119 (13.07.1999 20:50:25) LEE : that's easy enough
9552119 (13.07.1999 20:52:37) MARTIN : well I need to know if two people are checked in or about to checkin at
1. The Westbury Hotel (London)
2. The Hyde Park Hotel Ditto
3. Clariges London
Names: A Kashoggi
and Mr A K Pukar (Could be pookar) Spelling unsure
9552119 (13.07.1999 20:53:05) LEE : you didn't say 3!!!
that'll be 1k each
9552119 (13.07.1999 20:53:46) MARTIN : 1 kiss each okay but only if its Vicky I'm kissing! Ha
9552119 (13.07.1999 20:54:46) MARTIN : I have to phone the hotels but i thought it might be possible to check via their back orifice
9552119 (13.07.1999 20:57:48) LEE : it wouldn't be that quick to gain access - i'd first have to get their network ip address, bust their firewall (if poss dependent on the s/w) then if i got that lucky i'dhave to find the s/w prog and logon for their reservation system! they'd probably have been and left by the time i got in:-))
9552119 (13.07.1999 20:58:15) MARTIN : har har he he ho hum!
9552119 (13.07.1999 20:58:28) MARTIN : I'll stick to the phones

There's no evidence to say Lee went ahead and did the hack, but it does demonstrate how close the relationship was between Martin Gallagher and Lee Gibling at a time Lee Gibling was also apparently working for NDS.

There's still plenty more to read in the leaked ICQ logs, so hopefully tomorrow I'll have another post with even more new information.

You can contact the author on Twitter @brown_moses or by email at brownmoses@gmail.com

Lee Gibling's ICQ Logs Hacked

In the last few hours I've become aware of a number of ICQ logs being posted online which appear to be conversations between Lee Gibling, the hacker at the heart of the recent NDS hacking scandal and individuals who worked with or for NDS, plus other individuals.  The list includes:
Barry Watters of AIM
Martin Gallagher over multiple identities including Ken Frazer/Khan Ghoper covering the period he worked for NDS, Irdeto, and Mindport.
Len Withall - Former senior Surrey Police officer and NDS head of Operation Security
Avigail Gutman - NDS head of security issues in Asia and Australia

There's a number of interesting aspects to the NDS-Lee Gibling story, something these ICQ logs might shed light on, for example asking why Lee Gibling appears to be talking to Martin Altham at a time he was working for Irdeto, when Avigail Gutman has been accused of using David Cottle to hack Irdeto.

While it's hard to know if these are genuine I've tried to compare the logs against the leaked emails of Ray Adams, and found examples of what was discussed coming up in the emails.  For example, from Avigail Gutman's ICQ log:

4291479 (17.03.2000 06:47:22) : btw - if I right-click your name on icq and choose "info" I get your local ip 62.6.144.179...

do you get one on me? we should cancel that option.... no?

4291479 (17.03.2000 06:47:31) : i have been onto dn all night

4291479 (17.03.2000 06:47:50) : which girl....?

4291479 (17.03.2000 06:48:07) : i am on a fixed ip so it doesn't matter to me - anyone can find me on the net

4291479 (17.03.2000 06:48:14) : aha...

The above IP address turns up in a number of Ray Adams' emails, including this one

Received: from THOIC-9PV5TQ8MK [62.6.144.179] by thoic.com
(SMTPD32-5.05) id A51AB905021C; Wed, 24 Nov 1999 13:16:10 +0000

So, if you want to look through the ICQ logs you can download them here, although do be aware they may only open in Firefox. 

You can contact the author on Twitter @brown_moses or by email at brownmoses@gmail.com

All 14659 Ray Adams emails Leaked Online

While digging through various forums I've come across this post on the Digital Spy forums which links to a zip file of what appears to be 14659 emails from Ray Adams' computer, much more than have already been published by Austlian Financial Review.

They've been split into 4 folders, Inbox, Sent, To Ok and Deleted, and appear to represent the emails covering 1997 to 2002.  While it's impossible to verfiy if these are all genuine I've spot checked some of the new emails and they do seem to be legitimate.

As News Corp has already lawyered up and taken some emails offline it's possible these files will be deleted at some point in the near future.

You can view my earlier posts on Ray Adams here.

You can contact the author on Twitter @brown_moses or by email at brownmoses@gmail.com

Ray Adams, Tron, Chaos Club, and a Curious Journalist

This was a curious sequence of emails, starting first of all with a freelance journalist Burkhard Schröder trying to contact Ray Adams through one of his colleagues:

From: burks@BURKS.de [mailto:burks@BURKS.de]
Sent: 25 May 1999 11:09
To: gyampolsky@ndsisrael.com
Subject: Boris Floricic


Hallo, Berlin-Kreuzberg 25.05.99

I would like to get into contact to Mr. Ray Adams. I am a free lancer in
Berlin, Germany, and writing a book about Boris Floricic alias "Tron". Mr.
Adams should know a lot about this difficult subject.

Sincerely Burkhard Schröder

This seems to have immediately rang alarm bells

From: Yampolsky, Gerry (UK)
Sent: Tuesday, May 25, 1999 1:09 PM
To: Grant, Mal
Subject: FW: Boris Floricic
Importance: High


talk about suspicious

And was passed from one man to another

From: Grant, Mal
Sent: 26 May 1999 21:51
To: Adams, Ray
Subject: FW: Boris Floricic
Importance: High


Ray,

As discussed.

Mal

Until it eventually reached Ray Adams, who sent out an unusual message

From: Adams, Ray
To: cyberdyne@euro1.com
Date: 5/27/1999 10:23:00 PM
Subject: FW: Boris Floricic

Would you ask your friends at the CHAOS club if they want me to speak to
this journalist.

Ray Adams

The CHAOS Club was a group of German hackers Boris Floricic aka Tron, belonged to, and one of their members, with the email address cyberdyne@euro1.com, replied:

From: Marc [mailto:cyberdyne@euro1.com]
Sent: 27 May 1999 14:28
To: Adams, Ray
Subject: Re: FW: Boris Floricic

At 12:22 27.05.99 +0100, you wrote:

>Would you ask your friends at the CHAOS club if they want me to speak to
>this journalist.
>
>Ray Adams

he also contacted me
everybody ignores him at the moment cause boris parent's
did not want him to write anything at the moment. so in respect
to his parents i also ignore him more or less.

regards
marc

It should be noted there's no evidence to suggest anyone else in the Chaos Club but cyberdyne@euro1.com was contacted by Ray Adams.   Acting on his advice Ray ignores him

From: Adams, Ray
To: Marc
Date: 5/28/1999 12:49:16 AM
Subject: RE: FW: Boris Floricic
Tell your friends at the Chaos Club that I will also ignore him.

Ray

But pretty soon the journalist contacts Ray Adams directly

From: burks@BURKS.de [mailto:burks@BURKS.de]
Sent: 01 June 1999 16:37
To: radams@ndsuk.com
Subject: Tron


Hallo Ray Adams Berlin-Kreuzberg 01.06.99

I am writing a book about Boris Floricic. You knew him, and I got a lot of
informations about this theme, also about NDS. We should talk a little bit
about the circumstances of your "friendship" :-) with Tron.

I know something about your statement to Berlin's police. I am also very
intersted in all informations about Andreas Helm und Michael Kallmeier.

Please contakt me by phone +49 +30 6183387, 0172 382 9895 or - better - by
e-mail burks@burks.de

The book: "Burkhard Schröder: "Tron - Tod eines Hackers", Reinbek
(Rowohlt) 1999

Burkhard Schröder

Ray Adams replied, and also forwarded the message onto Marc:

From: Adams, Ray
To: cyberdyne@euro1.com
Date: 6/2/1999 8:47:30 AM
Subject: FW: Tron

To see.

-----Original Message-----

From: Adams, Ray
Sent: 01 June 1999 22:47
To: 'burks@BURKS.de'
Subject: RE: Tron

Hi

I heard that you have been asking about me. You should have approached me
direct in the first place.

So telephone me on ++ 44 385 313857.

First tell me a little about yourself. I have worked with many journalists
over the years. What have you written?. Are you any good?. What is
your angle? etc. You know the sort of thing. In the meantime I am making
my own enquiries of you so the quicker you respond the quicker we get on.

There is no need to put inneuendo in inverted commas I am a very
straightforward and respectable person.

Ray

So the journalist replies, answering Ray's questions, and asking some of his own:

From: burks@BURKS.de [mailto:burks@BURKS.de]
Sent: 02 June 1999 12:06
To: RAdams@ndsuk.com
Subject: Re: Tron


Hallo Ray Adams,

nice to meet you. :-

>First tell me a little about yourself.

Please look at: http://www.burks.de/english.html

>What have you written?.

Ten books, mostly about the extreme right szene in germany, one about
heroin, I will publish a novel next year. There is a link to an article of
the New York Times (in english) about me. Look on my page http://
www.burks.de/burks.html. Numerous articles about everything.

>What is your angle? etc. You know the sort of thing. In
>the meantime I am making my own enquiries of you so the quicker you
>respond the quicker we get on.

The police does not work any more. They rely on the medical expertise
which concluses: suicid. I am able to disprove this expertise to argue
further.

I know something about your connection to Tron. BTW: NDS is not very
suspcious. :-) Only a little bit :-)), because Jossi Zuriel has been
talking a little bit bullshit some days after Tron disappeared. I have a
fax which proves this. You met Boris twice at Kempenski and Hilton. You
offered a job to him, I have been told. What happened exactly? How do you
get to know about him? Tron's mother supposes too that you visited Tron at
his home.

I also have the delivery note from NDS to Tron. IF I know exactly what he
got from NDS, I would be able to check better out on which he was working
in the last weeks of his life.

Do you know Andreas Helm and Michael Kallmeier? They are VERY suspicious.

Tron mets two guys (not young) at saturday, after he left the house of his
mother. He has been seen entering a car from Belgium, I have been told.

I am interested in "Joy" and/or "Alfredo" and everything Boris told you
about his "blocker"-deals.

BTW: I have rough informations about the products NDS is working on and
about your job visiting young hackers in Europe.

>I am a very straightforward and respectable person.

Why not. I'm impressed. You worked for Scotland Yard, isn't it? What about
using PGP?

Greetz from Berlin

BurkS

Ray replies, and yet again forwards it's to Marc

From: Adams, Ray
To: cyberdyne@euro1.com
Date: 6/3/1999 4:39:26 AM
Subject: FW: Tron

-----Original Message-----
From: Adams, Ray
Sent: 02 June 1999 14:38
To: 'burks@BURKS.de'
Subject: RE: Tron

Some of what you say is familiar.

Boris was bright. Such people come to notice. NDS offers sponsorship at
University and possible employment therefater. This is normal business
practice.

The package that was sent to Boris was totally innocent. It was a couple
of chips for his University project. He could only buy them if he
purchased 100 at a time and as he only needed a couple I sent them to him.
They were ordinary off the shelf products.

I do not know anyone called Zuriel.

If you have evidence that Boris died other than by suicide I would assist
you all I am able. However, at the end of the day you must work with
Police on such matters. Are you interested in Justice or just a story?

There is nothing suspicious about NDS or the contact with BORIS. It was
open and normal.

You are wrong about visiting the Kempinsky hotel twice. It was once.

As for names of people I would like to know what you intend doing with any
information on such people. Are you suggesting that they were behind the
death of Boris? I have no such knowledge.

I still do not know what it is you are attempting to do. If I have any
information to establish that anyone killed Boris then I would give it to
the Police and not to you. What makes you think that I would do otherwise.

Rayt

The journalist replies with some questions that probably aren't the best for winning over Ray Adams

From: burks@BURKS.de
Sent: 02 June 1999 23:21
To: RAdams@ndsuk.com
Subject: Re: Tron

Hallo Radams,
NDS sponsorship at University and possible employment
therefater.

What kind of employment? What did he think about beeing employed in
UK?
This is normal business practice.
I know. I asked: How did you get into contact? Did you read about
him? Your informants?
The package that was sent to Boris was totally innocent. It
was a couple of chips for his University project.
That seems to be not true, because he finished this project some months ago. Don't pull my legs. Someone described this PICs to me. May be basic chips to decrypt PayTV. I am not sure. What kind of chips exactly, please?

if he purchased 100 at a time and as he only needed a couple I sent them to him. They were ordinary off the shelf products.
And why did you send this chips? Because of friendship? Didn't he say for what he need this chips?

I do not know anyone called Zuriel.

Then you will learn something about NDS now. I got this Fax from Jerusalem, some months ago:

I have meanwhile learned that they are mainly a pay T.V. company and that they have no connection with Defence sources in Israel...Finally I went to Jerusalem and in the company's offives found the deputy gegeral director who tried to convince me to talk to the company's spokeswoman in London...The Deputy Manager, Mr. Jossi Zuriel, admitted that he knew that Boris Floricic has disappeard 4 days ago but he did not know, till I told him, that he was found dead - hanging from a tree. How did he know about his disapperence? From the Internet on which hackers who break into the Internet, mentioned that he has disappeared. He claims he has no idea about the Lieferschein and chip and is trying to make contact with the company's president in London.

If you have evidence that Boris died other than by suicide I would assist you all I am able. However, at the end of the day you must work with Police on such matters.
Very soon, the police will close all their files. They announced it last
week: Suicid. And I don't believe it.

Are you interested in Justice or just a story?
I will get 5000 $ for the book and have to work six months. That is the
answer.

There is nothing suspicious about NDS or the contact with BORIS. It
was open and normal.
Sure. :-) Why did Markus Kuhn, Cambridge, work for NDS some times ago?

You are wrong about visiting the Kempinsky hotel twice. It was once.
Yes. The second time it was the Hilton, I was told. Or in reverse order.

As for names of people I would like to know what you intend doing with any information on such people. Are you suggesting that they were behind the death of Boris?
Not behind. They know something they did not tell the police. May be, they know who was interested to meet to Boris at saturday (the day he disappearde). He has been seen after he left his mother's home...

give it to the Police and not to you. What makes you think that I would do otherwise.
The police is not interested. I was told that you went to the police in Berlin. I will force the police to be interested in some aspects. There a some aspects of your headhunting-job which I am interested in too.
(Please excuse my bad english). I give NDS a fair chance to talk about the connection between the company and Boris. Why don't you encrypt your e-mail?

Greetz
BurkS

Ray is unimpressed with the line of questioning

Nachricht vom 03.06.99 weitergeleitet
Ursprung : burks@burks.de
Ersteller: RAdams@ndsuk.com
Your information about the chips I supplied is totally inaccurate. I do not like your insulting comments.
When he was sent the chips he was in the process of making his hardware device for his university project. I know the dates. You are wrong. If you are wrong about such a simple thing then you are probably wrong about other things. I do not lie and have no reason to lie.
Besides, I do not see how the questions you are asking can assist the Police to pursue what you are allegeing as to the cause of his death.

Again there is no one in NDS named Zuriel.

NDS does not need a fair chance in you book investigation as NDS has done absolutely nothing wrong. We have nothing to hide.

I have provided the Police will a full account of our dealings with Boris. They
were open and innocent.

As for pgp I have no reason to hide what I am saying.
Ray

Unfortuantly at that point there appears to be a break in emails, which continues when the journalist sends another email, this time in German, and which Ray Adams forwards to Marc

From: Adams, Ray
To: cyberdyne@euro1.com
Date: 8/2/1999 11:49:00 PM
Subject: FW: at once

-----Original Message-----
From: burks@BURKS.de [mailto:burks@BURKS.de]
Sent: 02 August 1999 12:00
To: radams@ndsuk.com
Subject: at once


Hallo Ray Adams Berlin-Kreuzberg 02.08.99

Ich habe Ihre Infos positiv verifizieren können. Dabei erfuhr ich, dass
sie angeblich Holländer seien und Deutsch verstünden.

Offenbar waren die Devices für ein Projekt Trons bestimmt, eine
Entschlüsselungsmaschine zu bauen. Er ist aber nicht sehr weit damit
gekommen.

Den Bericht der Yedioth Achronoth habe ich unter "grober Unfug"
eingeordnet. Ich habe ihn mir übersetzen lassen.

Ich habe starke Indizien für Suizid sammeln können, obwohl die Details
noch dubios sind. Aber sie werden ja schon darüber Bescheid wissen, da
einer meiner Informanten in engem Kontakt zu ihnen stehen soll. :-)

In diesem Sinne...

Gruss Burks

And translated via Google Translate

Hello Ray Adams Berlin-Kreuzberg 08.02.99

I can verify your information positively. And I learned that
Dutch and German are they supposed to understand.

Apparently, the devices were intended for a project Trons, a
To build decoding machine. He is not very far with it
came.

The report by the Yedioth Achronoth I'm in "utter nonsense"
classified. I have to translate it myself.

I was able to gather strong evidence of suicide, although the details
are still dubious. But they are indeed already know about it, because
is one of my informants are in close contact with them. :-)

In this sense ...

Gruss Burks

And after that there's one more email, again copied to Marc:

From: Adams, Ray
To: cyberdyne@euro1.com
Date: 8/3/1999 3:46:10 AM
Subject: FW: at once

To see

What is this that he did work for PMK - I do not believe it.

ray

-----Original Message-----
From: burks@BURKS.de [mailto:burks@BURKS.de]
Sent: 02 August 1999 18:15
To: RAdams@ndsuk.com
Subject: Re: at once


Hallo Radams,
You wrote:

>As you know my German is not very good.

I did not know that. Sorry.

>He was not a threat or a problem to us.

I know this. He was only a problem for Irdeto. :-)

>His death was very sad. The Police are convinced that it was
>suicide. I do not have any information to the contrary.

They will finish the investigations very soon.

> My own personal view was that if Boris did commit suicide
> then there must have been a heavy pressure on him.

Did you know that he got dyslexia?

>I had the impression that he would establish the truth.

I do not share this impression.

>I know that Boris was in touch with Dutch and Belgian people.

Especially with "Joy", Eurosat Electronics, Kermst. http://209.215.141.2.
Boris also worked for Paul Maxwell-King sometimes. You should know this.
:-))

>The connection was to do with the hack of the Irdeto
>company products.

Boris sold some variations of the Irdeto-Hack.

>This is nothing to do with NDS.

Sure.

Burks

So, it's clear Ray Adams had a close relationship with one individual who claims to be a member of the Chaos Club, and the journalist had plenty of questions about NDS and their relationship with Tron, although it's interesting to note Ray Adams' surprise Tron was possibly working for PMK.

You can contact the author on Twitter @brown_moses or by email at brownmoses@gmail.com

Ray Adams and his Super Secret Slush Fund

Nation on the Something Awful forums has come across some more interesting emails from Ray Adams' stolen emails where he discusses payments being made, and has spotted a very interesting email among them:

RFC Headers:

From: Withall, Len
To: Adams, Ray
Date: 1/15/2000 1:23:42 AM
Subject: RE:
-----------------------------
Ray As this will now be coming direct from our accounts and not a bank then we will not need that No2 account we just discussed(re passwords etc).
As the new system will start from this month then it will leave £1882.99 in that account.????
Len

-----Original Message-----
From: Adams, Ray
Sent: 14 January 2000 14:12
To: Withall, Len
Subject: FW:

To see.

Ray

-----Original Message-----
From: Adams, Ray
Sent: 14 January 2000 14:07
To: Hasak, Reuven
Subject: RE:

Greg Gormley replied at 2.05pm today.
He says that Len will make out one of his usual payment sheets at the end of each month. On receipt in accounts Greg will code it up accordingly. He will use the 1370 coding. Greg asked me from which part of your budget he should take the money. He assumes from 'information'. I said that you would E-Mail him the detail.
I am still awaiting instructions from Vesco as to where the money will be sent. If he does not change anything before the end of the month we will send it to his usual bank account in Bulgaria.
We will start at end of January.
Many thanks
-----Original Message-----
From: Hasak, Reuven
Sent: 13 January 2000 17:25
To: Adams, Ray
Subject: RE:

so, as we talked I am awaiting your call.
I assume I can pay him directly from my UK budget.
-----Original Message-----
From: Adams, Ray
Sent: Wednesday, January 12, 2000 06:21
To: Hasak, Reuven
Subject: RE:


The deal with Pluto is $5,000
Vesco asked for £5,000. You will remember that we negotiated him down from $100,000 upfront plus a salary (engineers salary)
So you are not wrong as we have two separate deals. I can manage to squeeze the rest from somewhere.
Ray
-----Original Message-----
From: Hasak, Reuven
Sent: 11 January 2000 16:42
To: Adams, Ray
Subject: RE:
Importance: High

I'll feed you with 20,000 and we'll see where we go. PS-Are you sure we are talking UK POUNDS and not US$ (Is it my bad memory according to which we pay him 5000US$ ????)


-----Original Message-----
From: Adams, Ray
Sent: Tuesday, January 11, 2000 04:34
To: Hasak, Reuven
Subject: RE:


We are paying him £5,000 a month.
I can probably squeeze some out of my budget but not most of it. Until now we have used the money we hid away. There is £1,700 left of that. Thus it means that the accounts dept are not aware of our payments. Expenses etc are not a problem.
What do you think. We have to come up with 30,000 in total to get to the end of the year.
PS today we recruited Pete Tarmey, the big friend of Hannibal. We shall have to wait and see if he is truthful and loyal to us.
ray
-----Original Message-----
From: Hasak, Reuven
Sent: 10 January 2000 21:12
To: Adams, Ray
Subject: RE:

before robbing the bank , talk to uncle Reuven.
PS-how much do you need until the end of the year?
-----Original Message-----
From: Adams, Ray
Sent: Monday, January 10, 2000 07:49
To: Hasak, Reuven
Subject:


Going home . Alex arrives later tonight. Staying at my house.
We are now out of money to pay Vesco. The £30k that we spirited away from last year budget is exhausted. Tomorrow I rob a bank.
Ray

Paying people with money hidden away in secret accounts that their own accounting department doesn't know about?   I hope they've been declaring those payments on their tax self assesement forms otherwise they could get into big trouble with the HMRC.

You can contact the author on Twitter @brown_moses or by email at brownmoses@gmail.com

Ray Adams and his friends, the Bulgarian Hackers

Earlier this week the Austrlian Financial Review received an archive copy of 14,400 emails that appear to have come from the laptop of Ray Adams, Former head of security at NDS. They published a 6mb selection of around 700 pages of emails, and have asked people to look through them. 

Something Awful forum member Nation found a number of emails relating what appears to be the recruiting of a hacker, and possibly requests for work by Ray Adams.

First it appears a Veselin Nedelchev sent the profiles of two individuals, Nedeltchev and Donev to Ray Adams:

From: Veselin Nedelchev <veselin@kz.orbitel.bg>
To: Ray Adams
Date: 2/23/2001 9:06:54 AM
Subject: correction

Nedeltchev

Attended Grammar School equivalent in Kazanlak. A school with a technical profile stream until 1976

1976 to 1978 Military service in Bulgaria.

1978 Student at Technical institute in Gabrovo (Nothern Bulgaria) studying electronics. Graduated in 1981.

1981 engaged at I.M.M Government technical micro-electronic Institute in Kazanlak. Employed until 1990 as director of Micro-electronic research.

Visited Switzerland on Government Project and remained in Switzerland at end of project where employed by ADEZA, electronics company, on short term consultancy. Returned to Bulgaria and formed company ALIENS, specialising in microprocessor technology development and research.

In 1997 commenced as consultant to NDS (UK)

DONEV

Attended Technical institute in Kazanlak until 1986 when selected for specialist training at I.M.M. the government research Institute. So engaged until 1985

Joined Army for military service until 1988

From 1990 to 1995 engaged in the research and design departments at I.M.M. Specialising in Micro technology, micro-processor and encryption research. Responsible for development of protection systems in smart card technology.

Fluent in Russian and Bulgarian technical languages.

In 1994 joined private company ALIENS, Kazanlak, Bulgaria as partner. Company responsible for development of micro electronic and engineering techniques applicable to smart card technology and protective encryption methods.

1997 engaged as consultant to NDS. Visited and worked in Israel as specialist team leader with NDS in Jerusalem and Haifa. Units responsible for the protection of Pay TV encryption technology. Visited UK and engaged on applications of satellite broadcast encryption techniques.

The units within NDS that Donev has worked with are re-locating from Israel and Germany to the UK. He will be required to continue working with NDS in the UK.

It appears the first profile Veselin's own information, plus the profile of one other, “Donev”. Interestingly there’s a series of emails between Ray Adams and the email address aliens@engineer.com, which may be related to the above highlighted ALIENS, Kazanlak.

For example, this email was sent by Ray Adams to two accounts named vesco and Plamen

for <RAdams@ndsuk.com>; Fri, 26 Jan 2001 03:03:13 +0200
Reply-To: <alien@engineer.com>
From: "Alien" <alien@engineer.com>
To: "Adams, Ray" <RAdams@ndsuk.com>
Subject:
Date: Fri, 26 Jan 2001 03:06:43 +0200
Message-ID: <AAECIPKPADKNHJGCJDKHAEIGCAAA.alien@engineer.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
In-Reply-To: <F128BF333D06D41192D700508BC25EAC26C8EF@MOTH>
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700


From: Alien <alien@engineer.com>
To: Adams, Ray
Date: 1/26/2001 12:06:44 PM
Subject:
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
I'm thinking how to explain it...
Is there a position 'main hacker'?
How is it going to look in the form?

:-)

you can fax anything you want on my home phone line: +35943120600


Plamen

p.s. Write anything you would like to. I don't care.

-----Original Message-----
From: Adams, Ray [mailto:RAdams@ndsuk.com]
Sent: 25 ßíóàðè 2001 ã. 12:36
To: 'Plamen'; 'vesco'
Subject:

The sooner I have some information that I can supply to the immigration people the better.

I could fax the forms to you so that you can see the type of information that we are having to supply. What is the best fax number for you.

Ray

So this seems to prove that Plamen is using the aliens@engineer.com email address. It certainly seems to imply that Plamen is a “main hacker” as he describes himself, and that Ray is trying to help him with immigration documents.

This email from Ray Adams to the aliens@engineer.com account seems to show they build up a trusting relationship

A letter with a sealed envelope from Barclays Bank has arrived at my house - addressed to you...

To which he receives this reply

Hi Ray,

I'm very happy to hear you again...
I trust you completely. Please, open the envelope and send me the access codes via e-mail as soon as possible. It is URGENT. Thanks in advance.
Zvi is coming here at 16-th (Wednesday).
We (me and Vesco) will meet him at the airport...

the visit to UK could be very nice 'vacation' :-)

In this email we see more information on what the guy has actually been doing

It is very good job - good salary, very good conditions, chance for development in the position, small responsibilities as to keep your mouth shut...

The first project was to get out some code, to look at it and to explain some part of the program inside. Everything was well documented, the code was not protected and the CPU architecture was well known. Where is the challenge in this? Nothing is unknown!

The second project was to construct DDT having only FEW BYTES of code, boring again! I could have accepted the first project as a test, but the second was not a test. Someone really thought it was a challenge or he was simply bored to do it himself and said "The fucking Bulgarian has to do it for a lesson". I did my best and I found something challenging in it, leaving a trap, just a small detail inserting random element in its behavior. I was surprised when Zvi asked for my opinion and sent me another DDT made by someone else using the same method and having the SAME detail UNTOUCHED! It meant the person constructed the new ECM has not taken even a look at the
kill packet, he has not even tried to understand what it does, he just used it literally knowing what it should do because I claimed that it should work and someone tested it and said it works.

The next project is to give a LECTURE to some guys on the subject "How to write better protected software for our products - the confession of one ex-hacker..." I apologize for the irony but I couldn't keep it.

Plamen also offers to use some of his other skills

I have another idea. Why don't you let me hack some of your competitor's products? It will be fun for me and profitable for the company...
...This letter is not something I could send to anybody else except to you

This email provides more details of the work the hacker was doing for Ray Adams

Hi Zvi,

I need information urgently. I would like to know is there a service ID:FB90 or ID:E047 in the Galaxy system. The last job was a hard nut! I think I found solution...
Well, it depends of your answer but if it is yes - the problem has no solution. Probably you would have to change some of the IDs of the services...

Is there a way to give me program making signatures? I would like to test the DDT before sending it to you in order to avoid the bugs...

Plamen

p.s. I modified the glitcher program to support Galaxy cards. It now supports both DTV and Galaxy. Would you like to have it? :-)

Finally in this email it seems Ray has a special take for Plamen and Vesco

I have a mission for you and possibly for Vesco as weel.

One question is who Vesco is? The original emails with the two profiles were sent by 'Veselin Nedelchev', so it’s not a massive leap to imagine his nickname could be Vesco. Could “Donev” be Plamen?  Interestingly Plamen Donev is a Bulgarian football coach, maybe the nickname Plamen is a play on that?

You can contact the author on Twitter @brown_moses or by email at brownmoses@gmail.com

Links between Ray Adams and others involved with the phone hacking scandal

After the allegations made in Panorama's Murdoch's Pirates an eagle eyed Something Awful forum member Daveman23 noted some interesting links between various individuals involved with groups and individuals mentioned in the Panorama documentry, including Ray Adams, former head of security of the Murdoch subsidiary NDS, that’s well worth a read:

That would be former Scotland Yard commander Ray Adams (and Head of Criminal Intelligence - organised crime basically) working for NDS as Head of Security. That's the same Ray Adams who is accused of interfering with the Stephen Lawrence inquiry and investigated for misconduct over his links with drug dealer, murderer and police informant Kenneth Noye and his associate Clifford Norris, father of David Norris (now in jail for Stephen Lawrence's murder). The report into corruption relating to Mr Adams was withheld from the Macpherson report into the murder.


Also the same Ray Adams whose friend DC Alan "Taffy" Holmes shot himself in 1987 whilst Ray was being investigated by a police corruption inquiry. DC Holmes was the policeman working with murdered private detective Daniel Morgan on a whistleblowing case against corruption in the Met (allegations from Gillard and Flynn's "The Untouchables"). Daniel Morgan's murder inquiry in 1987 also seems to have suffered from NI "interest", involving the surveillance of the wife of the chief investigating officer.


Daniel Morgan's business partner, Jonathan Rees, was acquitted of Mr Morgan's murder in 2011 alongside the Vian brothers and James Cook. Another police officer, Sid Fillery, was arrested at the time but later released. Mr Fillery went to take over Mr Morgan's job at Southern Investigations. Mr Fillery also had charges of perverting the course of justice dropped but was later convicted on 15 counts of making indecent images of children.


Mr Rees was being paid by News International to the tune of around £150,000 a year and shared a business address with former senior NI executive (and Northern Ireland editor) Alex Marunchak. Mr Marunchak also likes hackers as he paid one to crack Ian Hurst's (alias Martin Ingram) home PC. Mr Rees also established the firm Abbeycover, at the same address as Southern Investigations, with the former news editor of the News of the World, Greg Wiskiw.


The same names, every time.

 

It makes you ask if there's more connections between individuals involved in various aspects of News Corp's operations.

You can contact the author on Twitter @brown_moses or by email at brownmoses@gmail.com