By Akira The Don on Tuesday, September 28th, 2010

Andrew Crossley, that douchebag lawyer the fine folks at 4chan exposed as a granny-robbing, lying, thieving scumbucket is facing a £500,000 fine for losing the personal details of thousands oh his unsuspecting prey. I personally think he should be in an American jail, as should his collaborators at British Telecom

The Guardian reports (strangely failing to mention who attacked the law firm’s site, and why):

The Information Commissioner could levy a fine of up to £500,000 on the London law firm from which the personal details of more than 8,000 Sky broadband customers, 400 Plusnet customers and 5,000 Britons accused of illicit filesharing have leaked in the past few days.

The details were exposed in files on the website belonging to ACS:Law, a firm of solicitors which has attracted the ire of a number of online forums due to its aggressive approach to people accused by its clients of filesharing. The site was the target of a “denial of service” attack over the weekend which made it collapse – and the files, which would normally be hidden from unauthorised access, became visible when the site was brought back online.

If the Information Commissioner determines that the data exposure was through ACS:Law’s fault in operating its website, rather than directly as the result of hacking, then it could levy a fine against the company.

Alex Hanff, of the pressure group Privacy International, said the data breach was “one of the worst ever in the UK” and that the group has launched legal proceedings against the firm.

ACS:Law has come under intense scrutiny from consumer watchdogs and industry bodies for its methods of tracking and pursuing broadband users, and a number of customers are preparing to take the company to court on a harassment charge, the Guardian understands.

The company apparently works from lists of alleged infringers who have been tracked from file downloads to computers’ IP addresses; physical names and addresses are then obtained by contacting the relevantinternet service provider (ISP). But this is not a surefire method of identifying infringers.

Today, the online advocacy organisation Open Rights Group warned that the “unwarranted private surveillance” of people accused of downloading is a direct outcome of the Digital Economy Act [DEA]. Jim Killock, executive director of the Open Rights Group, told the Guardian: “ACS:Law appears to be preparing to use DEA processes to target filesharers and Ofcom’s code is wide open for them using that process, so that’s a massive concern. This is all pretty terrible because, to be frank, Ofcom’s system is going to throw up these situations as they’re allowing private companies to exploit them.”

Killock described ACS:Law’s methods – in which a letter is sent to the person at the address it claims to have identified, demanding payment often of several hundred pounds for copyright infringement – as “notorious”. He suggested that the company likely finds success in embarrassing people into paying the fine, even if they are innocent. The company’s leaked records showed a list of more than 5,000 people it suspects of downloading pornographic films.

ACS:Law had no comment when contacted by the Guardian.

Hundreds of people contacted by the company claim to have been misidentified and the British Phonographic Industry has refused to endorse ACS:Law’s approach, prompting fears that the self-certification framework put in place by the Digital Economy Act and Ofcom allows no redress for the accused. A number of customers who claim to have been falsely accused of downloading are preparing to take the law firm to court for harassment. The company also faces a disciplinary tribunal after a long-running investigation into its practices by the Solicitors Regulation Authority.

Killock said: “The BPI [British Phonographic Industry] is also calling to have parts of the evidential system kept secret, but this incident shows that we need complete transparency in the way that evidence is gathered and the problems that everyone highlighted about privacy impact of the Digital Economy Act.

“We have private companies surveilling people without knowledge, collecting data and matching it with people through court orders. This has huge implications.”

Tony Dyhouse, director of cyber security at the Digital Systems Knowledge Transfer Network, said the apparent unreliability of the evidence gathered by private companies such as ACS:Law is grounds for a new wave of legal protection for the falsely accused. “It’s important to realise that IP addresses are a very unreliable way of attributing guilt to an individual in such cases,” he told the Guardian. “Very few people have static IP addresses and it is also very easy to use someone else’s computer if you gain access to their password, or can log into an unsecured wireless connection down the street. IP addresses are usually given out for a short period from a pool. They are easily faked.

“This is a perfect example of why the law needs to be changed in this country to allow victims of data breaches to sue for compensation on grounds of defamation, not just financial loss. At the moment, you can only seek compensation for loss of reputation once financial loss has been proven. This can’t be right. Imagine the consequences for a school teacher who erroneously appeared on this list.”

— By Akira The Don on Tuesday, September 28th, 2010

By Akira The Don on Saturday, September 25th, 2010

What were we saying the other day about NOT FEEDING THE TROLLS? Andrew Crossley, the naive lawyer who said “big whoop” about 4chan’s warning shots, is in the midst of LOSING HIS CAREER after round 2. Praise Jah, turns out he’s an evil scumbag who’s been scaring people into giving him money they didn’t actually need to give him, all in the name of FIGHTING “PIRACY”.

From TorrentFreak:

Earlier this week, anti-piracy lawyers ACS:Law had their website taken down by a 4chan DDoS attack. Adding insult to injury, owner Andrew Crossley was harassed at home in the middle of the night by prank phone calls. Now, through a fault with his website, hundreds of megabytes of private emails have been exposed to the public and uploaded to The Pirate Bay. To those hoping that this is a MediaDefender-type fiasco all over again, trust us – it is.

Keep checking back every few minutes, we’re going to be updating this through the night and throughout the weekend.

Of course, as with our coverage of the MediaDefender leaked emails back in 2007, TorrentFreak’s coverage of this debacle will be extensive.

After coordinating DDoS attacks against the MPAA, RIAA and anti-piracy company AiPlex Software this week, 4chan turned to a new target.

Anti-piracy lawyers ACS:Law, who send out tens of thousands of letters demanding cash-settlements from often innocent Internet subscribers, became the new target. The company, which is headed up by lone principal Andrew Crossley, is widely hated among file-sharers and innocents alike and with 4chan’s Operation Payback now in full swing, payback is the operative word.

After prank telephone calling Crossley in the middle of the night during the week, it now seems that 4chan are aiming to tear his professional life apart, as they have obtained and are distributing a 350mb file of the company’s website which includes countless company emails.

So how were they obtained?

“Their site came back online [after the DDoS attack] – and on their frontpage was accidentally a backup file of the whole website (default directory listing, their site was empty), including emails and passwords,” a leader of the attacking group told TorrentFreak. “The email contains billing passwords and some information that ACS:Law is having financial problems.”

Financial problems? Interesting. Many tens of thousands of people who received letters from ACS:Law are also experiencing the same problem, having already paid up several hundred pounds each to make non-existent lawsuits go away.

“We’re still sorting through it. There’s a lot of stuff here to go through. But, basically, we were told we were less important than a 10 minute late train, or a queue for coffee by Andrew,” the attackers’ spokesman told us, adding:

“Payback is a bitch, isn’t it Andrew?”

The file is currently seeding on The Pirate Bay but most leechers are stuck with less than 60%. It is, however, available publicly on the web already. We have managed to secure one of those copies and are examining it now.

A little taster from emails read so far:

– ACS:Law and USCG (of Hurt Locker fame) appear to be cooperating
– Crossley boasts that his retained lawyer “literally wrote the SRA rules!”
– Crossley accuses Which? of ‘defamation’ and articles designed to “demean” and “denigrate”
– Crossley gives veiled warnings to Which? that he could sue them for libel
– Internal documents reveal intentions to take down Slyck.com
– Email from ACS:Law client which states the following:


Thank you for your email.

Our client remains concerned over the accuracy of the data that you provide and the methods used to obtain such data. It has been closely monitoring the recent press that your Firm has attracted regarding complaints to Which, in relation to demand letters that have incorrectly been sent to innocent internet subscribers, accused of copyright infringement. Your letter of 30 October 2009 was not satisfactory, in that it did not fully deal with the concerns raised in our letter of 21 July 2009, save as to state that you and your client disagree. Clearly there are flaws in your data gathering process. These are important and valid concerns that need to be satisfactorily addressed, so as to protect the rights of our client and innocent customers.

– Crossley brags about his financial status:

Spent much of the weekend looking for a new car. Finances are much better so can put £20-30k down. May go for a Lambo or Ferrari. I am so predictable!

(later emails reveal he bought a Jeep Compass 2.4CVT)

– Email evidence that ACS:Law deliberately does not target two UK ISPs, TalkTalk and Virgin Media
– Crossley writes to monitoring company NG3Sys and says the following:

You are going to receive on average about £1,000.00 per 150 letters sent. This can be seen from the first tiny batch. Because we have good quality product being monitored and captures are high on the data we have, when the letters get sent out the figures therefore equate as follows:-

Phase 1: 2,500 letters, estimated revenue to you: £16,666.00
Phase 2: est. 4,000 letters, estimated revenue to: £26,666.00
Phase 3: est. 18,000 letters, estimated revenue to you: £120,000.00
That is data collated to date! I have more titles to give you, more data will be captured.

Please stay with this.

After falling out with NG3Sys, ACS:Law sent this out to other potential monitoring company:

Dear Sirs,

I own and operate the most prominent law firm in the UK that carries out file sharing litigation. We are one of only two law firms in the UK currently carrying out this work.

We have a number of copyright clients and we have one client in particular,with a large number of copyright titles that have been collecting good numbrs of IP addresses. We have two phases run through and the latest phase has been collecting circa 20,000 IP addresses a month for UK alone. Germany also is gathering good figures.

Our current UK-based data monitoring company has let us down and we need to find another monitoring company to supply our IP data from now. There are currently 300 titles (all adult film titles – all legal and UK certificated) that were being actively monitored.

If you are interested in monitoring for us and to do so quickly, please let us know and we can talk further. We will be able to supply much more data if this works and would like to push the data into Germany also.

We are proposing to pay 10% of net revenues (after ISP costs and postage costs of letter=) to the data monitoring company. On current figures that equates to circa £8,800.00 (€9,750.00) to the monitoring company per 1,000 letters sent. Our next phase we anticipate 10,000 letters to be sent in the UK alone. These are estimates only, but based on current collections are accurate.

I look forward to hearing from you.

– Series of highly abusive emails from Crossley to his ex-wife, where in part he tells her to “Fuck off and keep out of my life” and accuses her of being with a “drug addled hermit”.

– Crossley tells his assistant Terence Tsang to “be more discreet with this stuff” when referring to our article where we revealed ACS:Law looked to buy anti-piracy tracking software on the cheap.

— By Akira The Don on Saturday, September 25th, 2010

By Akira The Don on Thursday, September 23rd, 2010

Uh oh. Someone’s gonna get PUBED. As ZP just said in his email, “DON’T FEED THE TROLLS!”

From The Register:

ACS:Law, the firm of solicitors being investigated by authorities over thousands of threatening letters to alleged unlawful filesharers, was attacked by net activists linked to 4chan overnight.

The firm’s website was brought back online at about 10.45am, following a Distributed Denial of Service (DDoS) strike.

It follows similar action against music and film industry websites over the weekend under the auspices of “Operation: Payback Is A Bitch”, coordinated over IRC by members of 4chan, the anarchic message board.

Andrew Crossley, the head of ACS:Law, told The Register the attack was “typical rubbish from pirates”.

“Big whoop,” he added.

“It was only down for a few hours. I have far more concern over the fact of my train turning up 10 minutes late or having to queue for a coffee than them wasting my time with this sort of rubbish.”

ACS:Law obtains court orders to force ISPs to reveal the identities of customers linked to IP addresses observed sharing copyright files in BitTorrent swarms. It then sends letters demanding payment of several hundred pounds to avoid a civil lawsuit.

The files are typically video games or pornographic films, with copyrights held by Digiprotect, a specialist German monitoring firm that aims to profit from piracy. ACS:Law does not usually take anyone who refuses to pay to court, however, and is currently under investigation by the Solicitor’s Regulatory Authority. A tribunal is expected next year.

Crossley claimed this morning that the only victims of the DDoS attack were the targets of his letters. “We provide an awful lot of resources to help people,” he said.

ACS:Law joins the MPAA and RIAA as a brief casualty of “Operation: Payback Is A Bitch”. The BPI, which was also targeted, managed to stay online.

The attacks have been linked to Anonymous, an ad-hoc activist group that came to prominence via 4chan as an anti-Scientology campaign.

— By Akira The Don on Thursday, September 23rd, 2010