CDirector of Public Prosecutions v White

Case No CR-19-02064

---

REASONS FOR SENTENCE
---

Subject:                  CRIMINAL LAW – Sentencing.

Catchwords:            Plea of guilty – Causing unauthorised impairment of electronic communication – Offender carried out cyber attacks on the websites of three victims – Offender’s conduct caused disruption and impaired computer systems – Prior criminal history – Relatively poor prospects of rehabilitation.

Legislation Cited:     Crimes Act 1914 ss 3E, 16A, 17A(1), 20(1)(b); Criminal Code (Cth) s 477.3(1); Sentencing Act 1991 s 6AAA.

Cases Cited:            The Queen v Stevens (1999) NSWCCA 69.

Sentence:                 Imprisonment for a period of 12 months, released forthwith on a   recognizance of $3000 and to be of good behaviour for a period of 2 years.

---

HIS HONOUR:

Introduction

1. Brett Bruce White, you have pleaded guilty to five charges of causing unauthorised impairment of electronic communication contrary to sub-section 477.3(1) of the Criminal Code (Cth), which carries a maximum penalty of
   10 years imprisonment on each charge (Charges 1, 2, 3, 4 and 5).

1. You have admitted your prior criminal history.

Circumstances of the offending

1. A prosecution opening was tendered on the plea and may be summarised as follows:

1. At the time of the offending you were 32 years of age and residing at 19 Streeton Road, Bayswater. You have no formal computer training and your skills are self-taught.  You are recorded as the owner and proprietor of the domain names darkartsmarketing.com.au and illuminatedmarketing.com.au.  At the time of the offending you used an Optus mobile phone service 0412 723 081 (hereafter referred to as ‘the 081 number’), which was subscribed in the name of Brett White, 6 Erinvale Close, Mooroolbark VIC.

Charges 1 and 2

1. The first victim in this matter, Phillip Learney, is a resident of the United Kingdom and a health and fitness professional.  Mr Learney has conducted an online fitness coaching and applied nutrition business, called Advanced Coaching Academy for approximately three years.  He conducts his business through the websites and type="1">

2. On 18 April 2018, Mr Learney received a WhatsApp message from the 081 number indicating that his website, ‘just got knocked offline’.  The unidentified user sent Mr Learney details of the admin account names and password login credentials for both of his websites.

1. Mr Learney contacted his internet hosting provider ‘IDeliver’, which confirmed that his website was currently down due to a Distributed Denial of Service (‘DDoS attack’).  A Denial of Service attack (‘DoS attack’) is a cyber-attack where a malicious actor targets a victim server or computer with a large volume of traffic in an attempt to cause a system failure.  A DDoS attack is a cyber-attack where traffic is directed at the victim from multiple locations (computers).  The effects of a DDoS attack can include noticeable slowing of service delivery and inability to access applications and can result in system overload and ultimate failure.

1. At the time Mr Learney received the WhatsApp message from the 081 number, the website of the Advanced Coaching Academy was subjected to an estimated 1,300,000 requests to access the website.  The server was unable to process this volume of requests which resulted in the website being taken down.

1. A short time later, Mr Learney received a Facebook friend request from a profile in the name of Brett White of South Yarra, Victoria, Australia.  At this time, Mr Learney did not know you.  Mr Learney exchanged WhatsApp messages with the 081 number during which the poor security of his two websites was specifically discussed.  Mr Learney received a message which detailed the admin accounts of his web server.  He then received further messages which stated:

·     ‘Once I've got your attention, we'll get to the glaring issues the site has’; and

·     ‘I hope you check these messages soon so we can get down to business and get your site secured and online generating money again!’

1. Using WhatsApp, Mr Learney replied to the 081 number enquiring as to the identity of the sender of the message.  He received the following reply:

Zero connection.  I was scanning WordPress sites for vulnerabilities earlier out of boredom and came across your website.  Specifically noticing 4 serious issues of never come across before.  I'm sure you notice I tested one earlier.  Site was down for 20 or so.

1. Using the 081 number, you sent Mr Learney a screenshot of the login credentials for his website and stated, ‘The next step he is to brute force each account password’.

1. The following exchange then took place:

Mr Learney: ‘So you're blackmailing me?’

You: ‘Absolutely not, I'm also educating you lol.’

Mr Learney: ‘I just don't get why at 11.15 p.m.’

You: ‘I'm from Australia.’

1. Mr Learney then sent a number of messages to the 081 number questioning your intentions, to which you replied:

·     ‘Well, I'd fix this or tell your team how to fix it.  In exchange for a payment.  Same as anyone else in this industry.  They're called bug bounty payments’;

·     ‘If I went into your website that would be illegal without your permission’; and

·     ‘Got most of your issues fixed I see :) Sites not looking good mate’.

1. Mr Learney replied, ‘you need to stop what you're doing right now.’  At this time the Advanced Coaching Academy's website was again taken down by a DDoS attack which lasted approximately two hours.

1. Mr Learney received the following messages:

·     ‘If I were you, I wouldn't think of doing anything fuck and stupid. Otherwise, every course of yours will be released for free’.

·     ‘I've got all of your server files so I'll just release them to everyone for free since you wanna play gains.  Silly man.’

·     ‘Next is gyms of the world ltd.’

·     ‘Time for Phillearney.com site. There she goes, you just going to ignore me thinking I will get bored and moved on?’

1. At this time, Mr Learney noticed he was unable to access his website phillearney.com.  During these WhatsApp exchanges, you threatened to contact all Mr Learney's competitors and customers offering the courses for free and providing free login details.

1. On 25 April 2018 you messaged Mr Learney using the same 081 number, stating, ‘Haven't forgotten about you mate :)’ and ‘Your site is about to go down.’  At this time, Mr Learney was unable to confirm whether his websites were taken down or not.

Charges 3 and 4

1. The second victim in this matter, Terence Newton, is a self employed businessman who operates a pool cleaning business and a separate lawn maintenance business.  Mr Newton's businesses operate through the websites and

1. Mr Newton met you when he carried out pool maintenance at residential premises at 1 Dawayne Street Burwood, which you were renting at the time.

1. On 25 March 2018, Mr Newton hired you to conduct Search Engine Optimisation (‘SEO’) work for his websites.  He agreed to pay you for your services, and over a period, transferred $2,910 into your Commonwealth Bank of Australia (‘CBA’) account.  You provided Mr Newton with the 081 number as your contact phone number.

1. Between 21 and 24 May 2018, Mr Newton sent SMS messages to you indicating that he was unhappy with the services that you had provided and requested a refund.  Mr Newton subsequently received a SMS from the 081 number stating, ‘you're making a serious mistake that will cost you more than you think you're owed.’  Approximately two hours later, both of Mr Newton's websites were inaccessible due to a DDoS attack.

1. On 25 May 2018 both of Mr Newton's websites were again the subject of a DDoS attack.  This attack was periodic and both websites went back online sometime later.

1. On 28 May 2018, Mr Newton sent you an SMS to the 081 number, again requesting a refund.  A short time later, both sites were rendered inaccessible due to DDoS attack.

1. On 29 May 2018, Mr Newton sent two emails to you at your email address [email protected] demanding a refund of the money he had paid for the SEO work.  On the same day Mr Newton's website was rendered inaccessible by a DDoS attack.

1. On 30 May 2018, Mr Newton accessed both of his websites and observed that the homepages had been deleted.  He contacted his hosting provider's technical support unit, which indicated that the cPanel on his account had been reset with a blank WordPress document.

1. On 5 October 2018, Australian Federal Police (‘AFP’) technical specialist analysed Mr Newton's website and noted that:

·     On 28 May 2018, there were a total of 156,325 website requests and one blocked request;

·     On 29 May 2018, there were a total of 107,640,054 website requests and 10,403,321 blocked requests;

·     On 30 May 2018, there were a total of 20,807,634 website requests and 724,686 blocked requests; and

·     On 31 May 2018, there were a total of 26,710 website requests and 184,873 blocked requests.

Charge 5

1. Openpay is a payment services provider which allows customers to take out short term, interest free consumer credit loans to fund the purchase of goods and services.  Customers can purchase on the Openpay App on their mobile device, online or physically in store.

1. On 26 February 2018 at approximately 1.40 am you created an account using the Openpay app and provided the following personal details:

Name: Brett Bruce White
Phone Number: 412723081 (partial Australian mobile number)
Email: [email protected]
Address: 1210 12-14 Claremont Street South Yarra VIC 3141
Year of Birth: 1986

1. On the same day, you sought preapproval for various amounts of credit ranging from $1,200 to $5000.  On each occasion, the application was rejected due to failing the external credit checks.

1. On 27 February 2018 at 12:24 pm, you attended the Nike store in Eastland Shopping Centre and purchased goods to the value of $495 using Openpay's in store facility.  No credit check was completed due to the purchase being under $500.

1. During the Openpay application, you provided your driver's licence number 085126280 and the following details:

Name: Brett White
Phone Number: 0412723081/0449031925
Email: [email protected]
Address: 1 Dawayne Street Burwood East Vic 3151.

1. For the purchase of the Nike goods, you entered into a consumer credit contract with Openpay.  The sum of $495 was to be repaid by fortnightly payments over eight weeks and a $2.50 account management fee was also charged.  You nominated CBA account number 28646707 as the account from which payments were to be deducted.

1. During the term of the contract you were often in arrears.  Openpay's contract conditions have an automatic payment collection system which means that if your CBA account did not have sufficient funds on the due date, the payment system would attempt to withdraw the monies owed over the following consecutive days.

1. By late March 2018, your Openpay account had defaulted on two payments. Openpay's automatic payment system successfully retrieved funds from the CBA account on 12 and 18 April 2018.

1. On 18 April 2018, you contacted the Openpay online customer service employee Jason Bevilacqua on Facebook Messenger and stated, ‘so, you cunts like stealing money from people… cards do you ha-ha wrong person to do it to.’

1. Mr Bevilacqua confirmed your account status and attempted to pacify you. During the exchange, you informed Mr Bevilacqua that the Openpay website was down, that ‘it doesn't look like it's going to be back online anytime soon’ and that you were ‘completely satisfied now’ that Openpay would be losing a lot more money because of it.  You went on to critique Openpay's poor website infrastructure and the associated WordPress vulnerabilities.

1. On 18 April 2018 the website experienced multiple DDoS attacks.  Further attacks occurred on 19 April 2018 and 2, 9 and
   10 May 2018.  The dates of the DDoS attacks against Openpay in May 2018 correspond to the dates in which Openpay attempted to retrieve monies owed from your bank account and when you communicated with the Openpay online customer support.

Arrest and search

1. On 18 June 2018 the AFP spoke with Mr Newton who informed them that both his websites had been subjected to DDoS attacks and that he had spoken with you.

1. On 14 November 2018 the AFP executed a search warrant at the CBA branch at 325 Collins Street, Melbourne, Victoria.  The AFP obtained bank statements relating to the accounts held by you.  In those statements, the AFP identified transactions relating to payments from Mr Newton to you.  The documents established that Brett White of Unit 1210, 14 Claremont Street, South Yarra was the account holder of the CBA account number 28646707.

1. On 5 April 2019 the AFP attended in the vicinity of the Ringwood Magistrates' Court and executed a search warrant on you, pursuant to s 3E of the
   Crimes Act 1914 (Cth). They located an iPhone 5s with service number 01412 723 081 containing contacts for Mr Learney and Mr Newton.

1. At 11.40am, the AFP executed a search warrant at your address in Bayswater in your presence.  Police located a MacBook laptop computer which was running Structured Query Language (‘SQL’) injection script.  Further examination of the MacBook showed various discussions by the administrator of the computer to booter.io.  Booter.io is a subscription based service used to conduct DDoS activity.

1. At 3.41 pm you were taken to the Ringwood Police Station.  An initial interview was conducted before you indicated you were fatigued, and the AFP decided not to interview you further at that time.  You were subsequently charged and bailed.  

1. You were polite and cooperative at all times when dealing with the AFP and complied with requests for electronic application passwords so no compulsory s 3LA orders were required.

Forensic analysis

1. Your mobile phone and MacBook were forensically analysed, and the data downloaded.

1. The following content was located on the 081 phone:

·     A digital image from 23 April 2018 shows various messages to and from the 081 phone, which includes an SMS to an unknown user stating ‘Ddosing poor man's site so it pays lol’;

·     A digital image of login credentials: ‘Admin’ with the names ‘Phil’, ‘phillearney’ with the name ‘Phil’; ‘r-bakare’ with the name ‘steve’ and ‘hanhty’ with the name Hanan.  This screen capture is identical to the image received by Phil Learney on WhatsApp;

·     Thumbnail images relating to conversations with Learney and Newton;

·     Website history with links to booter.pw and Kronosbooter.com.  These sites are subscription based, on demand DDoS services;

·     Images of Facebook group chat in the name of DDoS gang; and

·     Images of booter.io access and dashboard including the login name: lam0d666.

1. The MacBook contained various screenshots of messaging and gateway error codes relating to Mr Learney and advancedcoachingacademy.com, as well as various screenshots relating to Mr Newton and cleanpools.com.au.

Nature and gravity of the offending

1. The offences to which you have pleaded guilty involve three different victims. In each case your conduct in simple terms, disrupted their businesses by effectively making their websites inoperable for a period of time.  In relation to Charges 1 and 2, you sought payment to restore the website to normal functionally and in the process, you also made further threats of disruption.  In relation to Charges 3, 4, and 5 you made threatening and menacing comments to the victims as part of the process of impairing their computer systems.

1. For businesses that rely heavily on their websites to obtain work and communicate with customers, to have their websites interfered with unnecessarily is not only frustrating and disruptive to the business but as is clear from the victim impact statements, your conduct also caused great anxiety to the individual business owners.  Further, your conduct resulted in expense to the victims and potential loss of income.

1. It is clear that Parliament views your conduct seriously as the charge to which you have pleaded guilty carries a maximum penalty of 10 years imprisonment.

1. Mr Dane, who appeared with Ms Wallace on your behalf, submitted that the offending falls towards the ‘lower end’ based on the fact that the demands were not for large amounts of money, that the damage was minimal and that the impairment to the websites was for relatively short periods of time.  Further, in relation to each victim nothing of value was transferred to you as a result of your demands.

1. Mr Saunders who appeared on behalf of the Commonwealth Director of Public Prosecutions submitted that the objective seriousness of the offending is high. He highlighted the fact that you impaired the operation of the victims' businesses through their computer systems, ultimately causing expense and distress for the victims for what appeared to be for financial gain and malice.

1. Mr Saunders referred the Court to the New South Wales Court of Criminal Appeal in The Queen v Stevens[1] where Stein JA stated:

The maximum penalty of 10 years imprisonment is indicative of the seriousness with which the legislature views such crime.  There is little doubt about the crucial role which computer technology plays in today's society.  Considerations of deterrence are required, both of the offender and other hackers who might be tempted, not always for reasons of monetary gain but sometimes sheer maliciousness.

1. In my view while your conduct may not be at the high end where for example large sums of money are demanded or the disruption is to a government institution, however, in my view your conduct is nonetheless serious.  Your offending extended to three separate victims and caused disruption to businesses and stress to the individuals involved.

Victim Impact Statements

1. Victim impact statements were prepared by Mr Learney the owner of the Advanced Coaching Academy and Edward Bunting, the company secretary of Openpay, and tendered on the plea.

1. Mr Learney speaks of the anxiety he experienced as a result of your attack to his website, and the threat it posed to his business, livelihood, and family.  He articulates that your offending has had an ongoing financial cost on his business and adversely affected the business' relationship with customers.  He states that he now has an ongoing sense of worry, suspicion, and caution in terms of his online security.

1. Mr Bunting states that your offending caused disruption to Openpay by rendering the website unavailable for multiple hours.  Mr Bunting speaks of the significant expense, reputational damage, and loss of productive time which flowed from that disruption.  Mr Bunting also describes the hurt and distress your correspondence caused.

1. I take the contents of both victim impact statements into account.

Personal circumstances

1. You are 34 years of age and were 32 at the time of the offending.

1. You were born to very young parents; your mother was 16 and your father 17. Unknown to you until you were 15 years of age, was that your father left your mother when you were an infant.

1. Your mother re-partnered and ultimately had four further children now aged between 30 and 16.  You have little contact with those step siblings.

1. When you discovered that your stepfather was not your biological father, your relationship with him broke down.  You were asked to leave the family home and went to live with your grandmother.  You later moved to live with your biological father at approximately 15 years of age, however, due to your father being a heavy drinker, you moved again in less than a year.  I was told that you then moved between friends and family homes over the next few years.

1. You left school after completing year nine and it seems your employment history has been associated with computers.

1. You have had a fascination with computers from a very early age and are self taught.  In 2016 you commenced a new business called ‘Dark Arts Marketing’ which you operated until 2018.  You also taught ‘network penetration’ which can be a legitimate form of work to enable business to identify potential threats to their operating systems.

1. In 2017 you worked for a company called Auscoin who were involved in importing automatic teller machines for use in cryptocurrency exchange.  That work lasted until 2018.

1. As to your relationship history, you met the mother of your two children in 2013.  You had your first son in 2013, however, the relationship broke down when your son was approximately six months of age and you separated.  At the time you and your partner were regularly using methamphetamine. Nonetheless, your relationship resolved, and your second son was born in 2015.  In 2018, the relationship deteriorated further resulting in your partner restricting access to your children.  I was not provided with detail in relation to the present status of the children, however, in a report prepared by community corrections, you indicated that you currently have the care of one of your children.

1. As a result of not having any work and your relationship breakdown, your ice use continued, and you became a recluse spending all of your time on the computer.  It was in this context that the offending occurred.  You also stated to the writer of the community corrections report that your current use of methamphetamine is 0.5 grams per day.  In a letter you provided to the court following the plea, you confirm that you are still drug dependent.

1. At the plea I was not provided with any detail as to mental health history, however, in the community corrections report you stated to the writer that you have in the past suffered from a ‘personality disorder and narcistic psychopathy.’  Reading your prior criminal history, it is apparent that in many of the previous community correction orders you were placed on, a mental health treatment condition was included.  In the letter you wrote to the court you say that many years ago you were diagnosed with a severe and pervasive personality disorder.  That said, as noted, your counsel did not provide any detail of your mental health history and did not seek to rely on it in any way in relation to the offending.

1. You have a number of prior criminal convictions including matters of assault, making threats to kill or injure, using a carriage service to menace, and contravening a family violence intervention order.  You have also been placed on a number of community correction orders and have served terms of imprisonment.

Sentencing considerations

1. As the charge to which you have pleaded guilty is a Commonwealth charge, I am required to take into account a number of matters pursuant to s 16A of the Crimes Act 1914 (Cth). In his written submissions, Mr Saunders highlighted a number of the matters in s 16A(2) that must be given weight and I have taken those submissions into account.

1. You pleaded guilty to this offending at a committal mention on 11 October 2019 which can be considered a plea at the earliest opportunity.  Your early plea has not only spared court time and expense but most importantly, has avoided the need for the victims to have to give evidence.  A trial may have involved overseas witnesses and expert evidence which has been avoided by your plea.  Further, as a result of jury trials being suspended due to the pandemic, your plea brings to a conclusion a matter which may have been delayed for a significant period of time before a trial could be conducted.  

   
   

   I also take into account that upon arrest you were cooperative with police and provided passwords to access your devices.

1. While a plea of guilty may be indicative of remorse, in your case there is little evidence of genuine remorse.  When you were asked about the impact of the offending on the victims you stated to the writer of the community corrections report that ‘for two of the three, I do not give a crap about what happened to them, but listening to the victim impact statement of the other guy did not make me feel the best.’  You also stated that ‘each victim had done wrong by me, except the man in the UK.’

1. In the letter sent to the Court following the plea hearing, you seek to clarify some of the comments you made to the corrections officer who assessed you. You state that since the plea hearing, you now have a greater appreciation of the impact of your conduct on the victims.  While I hope that you are beginning to appreciate the impact of your offending, it is curious that only now, in the days prior to sentence, you seek to convey to the court that you have insight into the offending.  In the circumstances I give little weight to your letter.

1. It is clear that you have shown resistance over the years to addressing the issues that contribute to your criminal behaviour.  You have been subject to six prior community-based dispositions between 2008 and 2019, all of which were breached.  The previous orders provided you with therapeutic support in relation to your mental health and your drug use, however, you failed to avail yourself of the assistance being offered.

1. As to your prospects of rehabilitation, given your extensive criminal history and your failure to demonstrate any engagement with services to assist your rehabilitation over the years, your prospects of rehabilitation can only be assessed as relatively poor.  It was submitted that you have not re-offended in this way since your arrest, demonstrating that you can refrain from offending. While that may be true in this instance, it is clear that you still have a number of issues to grapple with.

1. General deterrence must feature in the sentencing discretion in cases such as this, as referenced above by Stein JA in the decision of The Queen v Stevens.  I also note the comments of Studdert J in the same decision where it was stated:

Computer technology plays an important role in modern society.  The potential for harm by computer abuse of the type that occurred in this case, in a society which is becoming increasingly dependent upon computers, requires that considerations of deterrence, not only of the offender but of others who might be tempted to offend in a similar way, should be adequately reflected when it comes to sentence.[2]

1. Those comments were made more than 10 years ago, however, apply with equal force today.  Most members of the community rely heavily on computers and websites to conduct their daily lives either in business or as private citizens.  Hacking into a private or business computers must be discouraged, and I concur with the comments of Studdert J in Stevens.

1. Your counsel conceded that specific deterrence also has a role to play.  Given your prior history and the fact that you have been given numerous opportunities in the past to address the issues that were in play at the time of this offending, in my view, specific deterrence must be given weight in the sentencing equation.

1. Mr Dane submitted that in all the circumstances a community correction order is the most appropriate disposition.  I had you assessed for such an order and I have repeated above some of your comments made to the writer of the report.  As noted, you have been subject to six community correction orders in the past, all of which were contravened.  Further, the writer assessed your risk of reoffending as ‘high’ for general offending.  Ultimately, you were assessed as unsuitable for a further order.

1. Mr Saunders submitted that given the objective seriousness of the offending and the need for general and specific deterrence, some period of immediate imprisonment is the only available sentencing option.

1. In my view, having weighed the applicable sentencing considerations, pursuant to s 17A(1) of the Crimes Act 1914, I am satisfied that no other sentence is appropriate other than a term of imprisonment. However, I am also of the view that the term of imprisonment I impose is able to be served in the community as part of a recognizance release order.

Sentence

1. Brett White, on Charges 1, 2, 3, 4 and 5, causing unauthorised impairment of electronic communication, you are convicted and sentenced to 8 months imprisonment on each charge.

1. I direct that the sentence on Charges 1 and 2 will begin today and are concurrent.  The sentence on Charges 3 and 4 are also concurrent with each other, however, both begin 2 months after the commencement of the sentence on Charges 1 and 2.  The sentence on Charge 5 will begin 2 months after the commencement of the sentences on Charges 3 and 4.  The intention is that 2 months of the sentences in relation to each victim be cumulative making for a total effective sentence of 12 months imprisonment.

1. Pursuant to s 20(1)(b) of the Crimes Act 1914, I direct that you be released forthwith upon giving a recognisance in the amount of $3000, and to be of good behaviour for a period of 2 years.

1. I am required to explain to that you that while you have received sentence of 12 months imprisonment, you will be released today.  You must be of good behaviour for a period of two years.  That means that if you commit another offence during the 2 year period you may be resentenced, and you may forfeit the $3000.  Do you understand?

1. ACCUSED:  Yes.

1. Pursuant to s 6AAA of the Sentencing Act 1991, if not for your plea of guilty I would heave sentenced you to a period of imprisonment of 18 months to be released on a recognizance release order after serving a period of 9 months. 

---