The Anonymous PR Guy and a Greece Connection

When you write certain blog posts, you expect to receive a lot of comments from the Intertubes. If you can imagine a social mixer between a special ed school and the local insane asylum, you might have the physical equivalent of a blog’s comment area for certain posts. So I was a little surprised when PDF security guru Didier Stevens walked into the room and made a relevant observation about the PDF’s metadata. His comment: the PDF’s raw creation date further points to the Anonymous Press Release from yesterday being created in Greece, which happens to be the homeland of a graphic artist with the same name as the pdf’s author field, Alex Tapanaris.

Using Didier’s own pdf-parser.py, the PDF’s meta information for the creation date is as follows:

CreationDate with +2 timezone offset.


Note the +2, showing that the time given is a offset from UTC of +02. In December, under the EU DST (daylight savings time) rules, Greece uses a time offset from UTC of +02.

Countries in Blue are UTC+02 in December.


3d Game Character Artist – Greece

The web site alextapanaris.com states that he is a 3D Game Character Artist Greece.

Pretty sure it's not like Hugh Ass, Anita Bath, or Mike Rotch.


The information that has shown up on Pastebin further confirms there is a Alex Tapanaris in Greece, the phone number starts with +30, the country code for Greece.

Information gathered by Anonymous.


In Closing

We’ve gotten a number of comments on the last two posts, some make sense, some do not. Is it a given that someone named Alex Tapanaris is representing Anonymous and released their last press release? No, or at least I would not testify to it in court. But while it is well within the abilities of some members of Anonymous to realize to change these fields before sending out a PDF, and to frame someone else as the author, it is probably more probable that the document’s author simply forgot to modify the fields.

It’s hard to imagine any one person being an official spokesperson for this decentralized collective anyway.

Do I think Alex Tapanaris is a name like Heywood Jablome? Not really, I’d assume a group that has a reputation for uttering very funny lines would have come up with something better.

Writing and releasing press releases is not illegal, although I’m sure anyone doing it in this case would prefer to remain off of any law enforcement agencies’ radar, given that they may have participated in the distributed denial of service attacks using LOIC on payment companies in the last week, or could be seen to have lent material support to the attacks.

The other comment we’ve been getting is something like this: This is all a sideshow to the main story of Operation Payback.

And?

Filed Under: Forensics

Tags: , , ,

Comments (9)

Trackback URL | Comments RSS Feed

  1. Zach says:

    I posted some screenshots of the same Alex Tapanaris of Alextapanaris.com starting a thread on a forum he frequents mentioning the attacks and asking for donations.

  2. Just a thought: Even if it’s not illegal to write press releases, it’s still possible for those with the motive and clout to, well, resort to extra-legal measures to make Tapanaris’s life hell.

    Witness the “Wild West” attacks launched by powerful groups against Wikileaks even before Wikileaks has been charged with a single crime — the sort of attacks which, arguably, are the motivation behind the DDoS attacks on PayPal, Amazon, and others in the first place.

    frank

  3. anon says:

    Pandalabs interview with one of the botnet owners, they took it down during the last “attack”.

    http://img204.imageshack.us/img204/9074/67050355.jpg

  4. Seems the guy’s website is now down? Also somebody tried to flood PasteBin with sexistic comments against the guy to affect Google search

  5. llama says:

    Looks like Alex sure got told. I guess kiddies should think about this before they decide to become ‘elite hackers’. Heh

  6. Eponymous says:

    Anyone can produce a pdf, claiming to represent Anonymous, putting whatever metadata inside.

  7. [...] The PDF’s raw creation date further points to the Anonymous Press Release from yesterday being created in Greece, which happens to be the homeland of a graphic artist with the same name as the pdf’s author field, Alex Tapanaris. Praetorian Prefect [...]

  8. [...] homeland of a graphic artist with the same name as the pdf’s author field, Alex Tapanaris. Praetorian Prefect Posted in Informationsecurity | Tags: Anonymous, Connection, [...]

  9. [...] The PDF’s raw creation date further points to the Anonymous Press Release from yesterday being created in Greece, which happens to be the homeland of a graphic artist with the same name as the pdf’s author field, Alex Tapanaris. Praetorian Prefect [...]