Anonymous' release of a phone call between the Met police and the FBI has embarrassed the authorities |
For Anonymous, the posting on YouTube of the 18-minute audio from the call was a particular triumph, indicating that it can worm its way even into the most powerful organisations in the land. "The FBI might be curious how we're able to continuously read their internal comms for some time now," said one account controlled by the group on Twitter.
The call reveals British police and the FBI discussing the delay of court proceedings against two alleged members of the LulzSec hacking group, which attacked a number of sites in 2011 including the US Congress and UK Serious Organised Crime Agency.
It's worrying for anyone to discover that their email has been hacked – but when it happens to the police in not one but two countries, and to the two most sensitive arms of those forces, dealing with hackers, it becomes a source for deep concern.
For Anonymous, though, it is a return to prominence after it burst into worldwide attention with its attacks on PayPal and Visa in January 2011 after those sites stopped allowing payments to WikiLeaks. Anonymous has no leaders and no clear membership, and forms decisions collectively. Its general ethos is to defend what members see as the "free" internet from repression and restriction of freedom of speech.
After a series of arrests in spring 2011, and a number of arrests relating to other hacking attacks through the year, the group seemed to have lost direction. But the rise of the "Occupy Wall Street" movement, and now its attacks on far-right and authority figures, appears to have revitalised it.
The police call, recorded on 17 January ahead of arraignment hearings for two Britons accused of a number of offences related to hacking, includes two British and two FBI police officers discussing the members of the groups and another British hacker who they describe as a "wannabe", and who is alleged to have leaked details of 32,000 users of the online game platform Steam.
"He's doing it for attention," one of the Met officers says. "He got arrested for DDOSing [knocking out the computers at] his school and then he hacked a credit union in Jamaica." The hacker, whose identity is known to the Guardian, denies having been arrested, and says he attended a police interview voluntarily.
For Anonymous, though, it is the latest in a run of triumphs over those it sees as its enemies. Early in January, the group targeted the leader of Gemany's far-right NPD party. Then they hit websites belonging to the US Department of Justice, Universal Music and the Motion Picture Association of America (MPAA) as part of a protest over the closure on criminal charges of the MegaUpload filesharing site.
The latest embarrassment for the authorities was recorded after someone hacked the email of at least one of the 44 recipients on an email headed "Anon-Lulz International Coordination Call" sent on 13 January by Timothy Lauster of the FBI. It detailed the conference call number and dial-in code to "discuss the on-going [sic] investigation related to Anonymous, LulzSec, Antisec and other associated splinter groups".
With the message having gone to police forces in the UK, Ireland, France, Germany, Sweden and the US, tracking down the hacked account – or accounts – will be a serious headache. Security experts said the interception is unlikely to have required a highly complex operation.
"Clearly looks like someone on that list has had their email compromised. It's very serious," a security expert, Graham Cluley, told the Guardian. "It is one thing taking down a website but to actually be listening in on the conference call where police are discussing charges ... there must be a lot of questions being asked right now."
Cluley said it was unlikely that the hacker collective had interfered with the systems of the company that hosted the conference call. The FBI said that its computer systems were not breached as part of the incident.
The solicitor for Ryan Cleary, who is charged with five offences of hacking websites, told the Guardian that the recording raises concerns that US authorities are seeking to extradite the Essex teenager. "My concern is whether the co-operation between officers [in the US and UK] was to assist them in an extradition request," said Karen Todner, the managing director of solicitors' firm Kaim Todner.
She warned that future breaches of security on this scale have the potential to "blow apart" criminal charges against those arrested in connection with previous hacks. "This is the FBI and the Met's e-crime unit [that have been breached] and the Crown Prosecution Service are in April about to go completely digital and the whole cases could be blown apart on it."
In the decision the detectives is heard discussing numerous members of the LulzSec cluster, and therefore the progress of cases against Ryan Cleary, who has been charged with 5 offences with reference to hacking websites, and Jake Davis, who has been charged over the hacking of the Soca web site. 2 folks that are speculated to be members of LulzSec, who have previously been arrested and bailed by UK police, are mentioned within the decision. Their names are bleeped out by the one who uploaded the decision to YouTube.