Brett White pleads guilty to Openpay cyber attack over Nike Eastland debt
A disgruntled Wantirna computer hacker falling behind on a $495 Nike repayment launched a crippling cyber-attack on Openpay after it came to collect. But the website wasn’t his only victim.
Outer East
Don't miss out on the headlines from Outer East. Followed categories will be added to My News.
A sinister computer hacker attempted to extort cash after launching crippling cyber-attacks on multiple businesses including Openpay.
Brett White, 34, pleaded guilty in the County Court on Wednesday, November 11, to five counts of cause unauthorised impairment to electronic communication.
White launched “distributed denial-of-service” (DDoS) cyber attacks on Openpay, a Melbourne pool company and a UK-based online training business between April and May 2018.
The court was told a DDoS is a cyber attack targeting a victim server or computer with a large volume of traffic in an attempt to cause a system failure.
White targeted Openpay after falling behind on repayments for a $495 purchase made at the Nike Store Eastland.
Openpay deducted money from White’s account so he abused a customer service employee through Facebook Messenger.
“So, you c***s like stealing money from people … cards do you ha-ha wrong person to do it to,” White said.
White said the Openpay website was “down” and it “doesn’t look like it’s going to be back online anytime soon”.
White said he was “completely satisfied” Openpay would be “losing a lot more money” because of his cyber attack.
The hacker also critiqued Openpay’s “poor website infrastructure” and “WordPress vulnerabilities.”
Openpay confirmed multiple DDoS attacks on its website on between April 18 and May 10.
The attacks happened on dates Openpay attempted to deduct money from White’s bank account.
Also on April 18, White launched a DDoS attack on websites owned by UK health and fitness professional Phillip Learney.
White attempted to extort cash from Mr Learney through Snapchat.
“Once I’ve got your attention, we’ll get to the glaring issues the site has,” White said.
“I hope you check these messages soon so we can get down to business and get your site secured and online generating money again.”
White then sent Mr Learney screenshots of his account passwords.
“So you’re blackmailing me,” Mr Learney said.
“Absolutely not, I’m also educating you lol,” White replied.
“Well, I’d fix this or tell your team how to fix it … In exchange for a payment … same as anyone else in this industry … they’re called bug bounty payments.”
Mr Learney replied: “You need to stop what you’re doing right now.”
White then took down Mr Learney’s websites by a DDoS attack, which lasted two hours.
“If I were you, I wouldn’t think of doing anything f*** and stupid … otherwise, every course of yours will be released for free,” White said.
“I’ve got all of your server files so I’ll just release them to everyone for free since you Wanna (sic) play gains … silly man.”
White contacted Mr Learney again on April 25.
“Haven’t forgotten about you mate :) and Your (sic) site is about to go down,” White said.
White launched DDoS attacks – with more than 100 million requests – on two Melbourne pool and garden maintenance websites owned by the same victim between May 24 and May 30.
The pair fell out over shoddy programming work White completed for the victim.
Federal Police launched an investigation in October 2018 but White wasn’t arrested until April 2019.
Mr Learney’s victim statement read to the court said White had committed “sinister” offending which caused him and his business much distress.
Openpay representative Ed Bunting also submitted a victim impact statement.
The court heard White had no formal computer training but was “self-taught” and “socially deprived”.
The father ran ‘Dark Arts Marketing’ for four years until April 2018, but was now on the dole.
White, who now lives Wantirna, told the court he was employed as “network penetration tester” and “information security consultant”.
White, represented in court by a junior and senior counsel and his solicitor Zarah Garde-Wilson, also operates a “successful” online security company.
The court was told White is contracted as a “bug bounty programmer” to detect weaknesses in websites.
White has criminal priors including use a carriage service to menace, make threat to kill, stalk another person and threat to inflict serious injury.
“He does have a bit of a common pattern which is relevant to the menacing nature of this offending,” Judge Trevor Wraight said.
White’s bail was extended for sentencing on November 20.
MORE: FIEND CHIPPY EXPOSED AS SOCIAL MEDIA SEX FIEND
PARTY OVER FOR DRUG DEALER INSTAGRAM GLAMOUR GIRL