The first trial against Anonymous in Spain finally moved forward last week. The three defendants known as RTS, YLDI and JMZF were arrested in simultaneous raids in June 2011 in Barcelona, Valencia and Almeria. The #JuicioAnon trial has been dragging on for five years.
The defense team and supporters of those arrested have stated unwaveringly since the case began that these arrests were an attempt to criminalize the 15M movement and that the alleged “virtual dome of Anonymous” in Spain are being used as scapegoats to destroy the social movement’s public image.
The Spanish National Police tweeted on June 9, 2011 that they had “dismantled the dome of Anonymous in Spain” and that those arrested had attacked the Central Electoral Board on May 18.
La Policía desarticula la cúpula de Anonymous en España. El 18 de mayo atacaron la Junta Electoral Central
— Policía Nacional (@policia) June 10, 2011
The police held a press conference the following day on June 10, 2011 to give more information on the arrests. Initial news reports accused the three defendants of launching coordinated cyber attacks against government, financial and business related websites around the world from Egypt to Chile. BBC’s report in English published on the same day alluded to other attacks associated with Anonymous such as attacks against PayPal, Mastercard and Amazon.
However, the three people arrested in Spain are only being prosecuted on two charges – neither have anything to do with other worldwide attacks attributed to Anonymous as initial media reports insinuated.
The three accused members of the “dome of Anonymous in Spain” are being tried on two charges: membership in a criminal group (Anonymous) and “continuing criminal damages” to the website of the Central Electoral Board in Spain via a DDoS attack which caused an estimated 700 euros ($780 USD) in damage. Police said the arrests were the result of an investigation that started in October 2010 and that a computer seized in the home of one of the accused was used in the hacks.
Los tres acusados de ser la ‘cúpula’ de Anonymous en España niegan todos los cargos. He hablado con uno de ellos. https://t.co/xDShpfQCxh
— pabloromero (@pabloromero) May 18, 2016
“The three accused of being the “dome” of Anonymous in Spain deny all the charges. I talked to one of them.”
The prosecutor is seeking more than 4 years in prison and heavy fines. The defense team argued that there have been many irregularities in the investigation that call into question the actions of police agents involved in the case.
One irregularity in the case involves an undercover agent who infiltrated online chat rooms posing as “Sprocket” and incited the DDoS. He also offered members of these rooms a botnet. He claims the botnet offering was just internet jargon he was using to gain their trust. The agent did not have a warrant which is required for an undercover agent to intervene in this manner.
The agent acknowledged he entered various IRC channels to “monitor the chats in which people belonging to Anonymous gathered.” His testimony as an expert witness in the trial has been highly criticized. He fully answered all questions raised by the prosecutor but responded to questions from the defense team with “I don’t remember”.
Below are two partial chat logs between Agent Sprocket and supposedly one of the defendants that were published by El Español. Translations are below each chat fragment.
13:47:52 sprocket: I’m delving into this
13:48:09 sprocket: and I need info about the attacks on the 20th
13:48:23 sprocket: I don’t know if we will
13:48:28 sprocket: but well
13:48:34 sprocket: theoretically
13:48:48 sprocket: with just a few we could do something big hehe
13:49:04 Mugen: well
13:49:08 Mugen: I don’t know how many we would be really
13:49:19 sprocket: but many parties are positioned
13:49:29 Mugen: could you use the botnet?
13:49:33 Mugen: for the 20th
13:49:51 sprocket: I talked to my colleague yesterday
13:49:53 sprocket: on that topic
13:50:21 Mugen: and what do they say?
13:50:23 sprocket: and we’ll see
13:50:31 sprocket: various people share the bot
13:50:37 Mugen: logical
13:50:50 sprocket: you have the option to ddos
13:57:48 sprocket: now
13:57:55 sprocket: the best way to spread
13:58:00 sprocket: is through google images
13:58:17 Mugen: how
13:58:25 Mugen: xD
13:58:34 sprocket: well
13:58:39 sprocket: roughly
13:58:46 sprocket: is to put malicious code
13:58:48 sprocket: on the page
13:58:54 sprocket: you when you go to images…
13:58:56 sprocket: you see the image
13:58:58 sprocket: and almost always
13:59:03 sprocket: you click to see it on the web
According to the prosecutor the defendants took down the website and email of the Central Electoral Board in May 2011.
“During local and regional elections in Spain the group referred to as Anonymous consisting of the three defendants, RTS, YLDI and JMZF, conducted DDoS attacks in order to disrupt the electoral process.” – Spanish police
The prosecution claims that for one DDoS attack, defendant RTS ran a network of servers called anonhispano1.dyndns.org from which the attacks were coordinated and instructions were given to YLDI and JMZF who were managers of an IRC channel where they both organized and coordinated “the hive” during the attack on the Central Electoral Board.
Another attack allegedly was supposed to target several Spanish political parties’ websites but never happened due to police intervention.
The prosecutor claims the cost to repair the damage caused by the DDoS was 700 euros however, a worker in the IT department of Congress fixed the problem. Since he was on the payroll doing his job and didn’t charge anything extra to recover the system, the “damages” caused by the DDoS on the Central Electoral Board’s website didn’t actually cost anything.
Many also noted that 700 euros is a laughable amount of money to have been caused by what police and Spanish media portrayed as a worldwide network of high profile cyber criminals.
It is notable that under Spanish law, any damages between 0 to 400 euros do not constitute a crime. This charge of 700 euros in damages has been heavily criticized and last week during the trial it was revealed that 700 euros was the “approximate cost to recover the system” – not the real cost.
The prosecutor continues to believe a felony was committed and said the amount of damages can’t be assessed and that they need to take into account other circumstances since the attack was against the website of the Central Electoral Board during an election.
Other irregularities have plagued the case. In addition to the actions and testimony from the undercover agent, the defense pointed out that files dated 2013 mysteriously appeared on hard drives that were taken into custody in 2012, demonstrating that the chain of evidence was not preserved properly. Also the server of the Central Electoral Board was reportedly never analyzed after the DDoS attack, adding further weight to the defense’s argument that the police investigation was flawed.
Defense attorney David Maeztu says the penalties are disproportionate and the charges accusing the defendants of belonging to a criminal group are not substantiated. The defense team maintains that their clients are innocent and agree they should be acquitted of all charges since the prosecution failed to prove they belong to a criminal group or organized the attacks. As there was no economic damage the defense stated the case never should have gone to trial. They believe the trial has been a political case from day one and that the police operation was an organized effort to destroy the image of 15M.
The sentencing portion of the #JuicioAnon trial ended on Friday May 20 and the case is now in the hands of the judge. We will update as information is available.