The intrusion into Doyen’s computer system will have resulted from a single attack conducted by one person and not several, defended this Wednesday the English cybersecurity consultant hired by the investment fund, in the Football Leaks case.
In the first part of the hearing held at the 36th session of the trial, at the Central Court of Criminal Instruction, in Lisbon, Jake Hockley assumed that there was no definitive forensic evidence on this aspect, but he reiterated that all evidence and description of the computer attack point to authored by a single person and that the source of an attempted IP attack in Hungary has been detected.
“There is no evidence in this process that says it was just one person, but it was a sequence of events and not separate events, which were linear, started in a Hungarian IP and ended up in full access to the server”, began by stating the expert, heard by video conference.
Drawing on over 20 years’ professional experience in this field, Jake Hockley added: “I’ve never seen an event like this that was done by different people. Considering the odds and coincidences, it doesn’t seem like several separate attacks, it seems to me a single attack. If it was made by one or more people, there is no technical evidence. This is just an attack.”
According to the witness, your company [Marclay Associates] was contracted to investigate the intrusion into Doyen’s computer system “at the end of 2015”, with the forensic information gathering earlier and belonging to another company. The cybersecurity consultant’s company worked on this collection, but was never able to identify how access to the system was carried out.
“I suspect – but I don’t know – that at one point someone in the Doyen structure was targeted for ‘phishing’. We only have the forensic material that was provided to us, we don’t have access to all the devices and materials that existed at Doyen,” he explained. Jake Hockley, who then described the attempt to enter a computer that belonged to Adam Gomes, a computer technician who worked at Doyen until the beginning of 2015 and who will have left a document containing numerous ‘passwords’ for the investment fund.
“Shortly before the incidents of September 20, 2015 we had attempts to access the TeamViewer program and about 30 minutes later we got access. We couldn’t say whether the successful access was made from Hungary, we weren’t trying to identify or assign the IP to a person and I don’t know if it was Adam Gomes or Rui Pinto. I can only say that we tried to assign the access or the attempt to access an IP”, he stressed.
Rui Pinto, 32, is responsible for a total of 90 crimes: 68 of improper access, 14 of violation of correspondence, six of illegitimate access, targeting entities such as Sporting, Doyen, the law firm PLMJ, the Portuguese Federation of Football (FPF) and the Attorney General’s Office (PGR), and also for computer sabotage to Sporting’s SAD and extortion, as attempted. This last crime concerns Doyen and it was also what led to the prosecution of lawyer Aníbal Pinto.
The creator of Football Leaks has been free since August 7, “due to his collaboration” with the Judiciary Police (PJ) and his “critical sense”, but he is, for security reasons, included in the protection program of witnesses in an undisclosed location and under police protection.
.
