The Brief — A threat was made against an Australian state police service that
included an attack against its online resources and the publishing of serving member
database information. This threat, if carried out, would have cost untold tens, if not
hundreds of thousands of dollars; as well as severely compromising reputation,
confidentiality, safety and operational criteria of active members.
Rexxfield brief was to use the limited intelligence the Police Service had available to
determine if it were possible to build a better profile and identify threat originators
from anonymous personas and online accounts they had created. The Police Service
had made no headway in over 10 plus days.
The Outcome — Rexxfield was able to:
- Positively identify operational personas and true identities of the key
participants, resolve network infrastructure, geolocation and other identifying
details. The lead hacker was identified within three hours.
- Map additional communications channels and methodologies used by
- Identify a nest of HACTivists in the form of a group of 1000+ friends within
an obscure social networking platform, used for covert communications and
private messaging, outside of mainstream and highly scrutinized social
networking platforms. This discovery was a mother lode of intelligence.
- Build an archive of communications conducted and exchanged by the key
perpetrator, in effect recovering deleted communications, retrieving
conversations believed to have been private and collecting existing public
- Create a walk-through cheat sheet for Police Service personnel which
essentially reduced the Rexxfield work product to only the essential
investigation steps by eliminating the superfluous elements. In doing so a
Police Service sworn officer was able to duplicate Rexxfield intelligence
gathering and evidence preservation steps required to positively identify the
key perpetrator and inexorably link all relevant communications to that
individual. Thus enabling the officer to testify under oath as necessary to
obtain warrants and eventually testify before the jury rather than requiring
Rexxfield consultants to go public with its methods and involvement.