When you write certain blog posts, you expect to receive a lot of comments from the Intertubes. If you can imagine a social mixer between a special ed school and the local insane asylum, you might have the physical equivalent of a blog’s comment area for certain posts. So I was a little surprised when PDF security guru Didier Stevens walked into the room and made a relevant observation about the PDF’s metadata. His comment: the PDF’s raw creation date further points to the Anonymous Press Release from yesterday being created in Greece, which happens to be the homeland of a graphic artist with the same name as the pdf’s author field, Alex Tapanaris.
Using Didier’s own pdf-parser.py, the PDF’s meta information for the creation date is as follows:
Note the +2, showing that the time given is a offset from UTC of +02. In December, under the EU DST (daylight savings time) rules, Greece uses a time offset from UTC of +02.
3d Game Character Artist – Greece
The web site alextapanaris.com states that he is a 3D Game Character Artist Greece.
The information that has shown up on Pastebin further confirms there is a Alex Tapanaris in Greece, the phone number starts with +30, the country code for Greece.
We’ve gotten a number of comments on the last two posts, some make sense, some do not. Is it a given that someone named Alex Tapanaris is representing Anonymous and released their last press release? No, or at least I would not testify to it in court. But while it is well within the abilities of some members of Anonymous to realize to change these fields before sending out a PDF, and to frame someone else as the author, it is probably more probable that the document’s author simply forgot to modify the fields.
It’s hard to imagine any one person being an official spokesperson for this decentralized collective anyway.
Do I think Alex Tapanaris is a name like Heywood Jablome? Not really, I’d assume a group that has a reputation for uttering very funny lines would have come up with something better.
Writing and releasing press releases is not illegal, although I’m sure anyone doing it in this case would prefer to remain off of any law enforcement agencies’ radar, given that they may have participated in the distributed denial of service attacks using LOIC on payment companies in the last week, or could be seen to have lent material support to the attacks.
The other comment we’ve been getting is something like this: This is all a sideshow to the main story of Operation Payback.
Filed Under: Forensics