Risk
8/22/2013
11:11 AM
50%
50%

FBI: Anonymous Not Same Since LulzSec Crackdown

Bureau says that after "dismantlement of the largest players" in LulzSec, domestic hacktivism remains a shadow of its former self.

The Syrian Electronic Army: 9 Things We Know
(click image for larger view)
The Syrian Electronic Army: 9 Things We Know
Anonymous just hasn't been the same since authorities took down LulzSec leader Sabu and other top hacktivists operating from the United States, the United Kingdom and Ireland.

So claimed Austin P. Berglas, assistant special agent in charge of the FBI's cyber division in New York, saying that the arrest of key members of LulzSec sowed the seeds of mistrust between the remaining members of Anonymous, creating a "huge deterrent effect" on would-be hacktivists.

"All of these guys [arrested] were major players in the Anonymous movement, and a lot of people looked to them just because of what they did," Berglas told Huffington Post. "The movement is still there, and they're still yacking on Twitter and posting things, but you don't hear about these guys coming forward with those large breaches," he said. "It's just not happening, and that's because of the dismantlement of the largest players."

One key to that deterrence effect is that, of the five key members of LulzSec arrested, four were caught with the help of Hector Xavier Monsegur, a.k.a. LulzSec leader Sabu, who was arrested by the bureau in June 2011 and quickly turned informer.

[ Hackers can't beat Mother Nature. See Natural Disasters Cause More Downtime Than Hackers. ]

While researchers at Backtrace Security reported identifying Sabu based on a clue in a log file that led to a post in Monsegur's name on a car-enthusiast's site, the bureau said it picked up his trail in February 2011 after he once failed to anonymize his IP address before logging into a chat room. "It's easy to sit behind a computer and think you're anonymous and do these illegal types of activity, whether it's hacking into a company or trading child pornography or buying and selling stolen identities," Berglas said. "But it's just a matter of time before these criminals make mistakes and we capture them. All it takes is just one time."

Before long, all of the main LulzSec players had been busted, including Jake Davis (Topiary), a teenager living on a remote Scottish island; Ryan Cleary (Viral), an English teenager with autism; former British soldier Ryan Ackroyd, 26, who pretended to be a 16-year-old girl named "Kayla" online; and Mustafa Al-Bassam, a.k.a. T-Flow, who at the time of the LulzSec attacks was a 16-year-old living in London, and who'd reportedly aided Tunisian revolutionaries in their quest to bypass government-imposed Internet restrictions.

Gabriella Coleman, a McGill University professor who studies Anonymous, said via email that the arrests of major U.S. and U.K. Anonymous members dealt an obvious blow to the group's central leadership. "No doubt that the FBI hit a central node of activity," she said.

But others might easily assume the mantle. "Since Anonymous doesn't need all that many resources except skill and desire, it could easily emerge again as a force to contend with," Coleman said. "Much in the same way that leaks have been sporadic but consistent, there is no reason why we can't see the same rhythm with Anonymous."

Still, the LulzSec arrests -- as well as Sabu turning informer -- are a reminder that any group based on anarchic principles with open membership remains at high risk of being infiltrated, and key members incarcerated. Even revolutionary groups that do vet members aren't immune to the immense resources that can be brought to bear by authorities. Last year, for example, an Irish police officer told a British tribunal that an estimated one in four members of the Irish Republican Army, including some of its highest-ranking members, were paid informers.

After LulzSec's 50-day hacking spree in 2011 -- dubbed the "summer of lulz" -- the group's biggest legacy may now be the significant jail time that key arrested members of Anonymous and LulzSec either face or are serving. At least, that's true in the United States, where some hacktivists were hit with substantial prison time, unlike their overseas counterparts. That sentencing disparity recently led Carole Cadwalladr to note in Britain's The Observer: "If you're going to be a hacker, kids, get the hell out of America. Jake Davis, a.k.a.. Topiary, has now served his sentence and is free, whereas Jeremy Hammond, who has pleaded guilty to hacking into Stratfor, a private intelligence agency working for the U.S. government, is potentially facing a 10-year sentence and possible multimillion-dollar fine."

How's this for freedom: Davis and Bassam are even on Twitter.

That isn't to say hacktivism doesn't remain alive and well. But it does increasingly appear to be moving offshore, thanks in part to geographically focused Anonymous groups.

Likewise, the Syrian Electronic Army, which bills itself as a band of hacktivists loyal to the regime of Syrian president Bashar al-Assad, but which many security experts suspect works directly for Assad, continues to hack media sites and Twitter feeds that it finds unfavorable to Assad.

Earlier this week, meanwhile, a twenty-something hacker known as "Mauritania Attacker," who has said that he fights to "defend the dignity of Muslims," leaked what appeared to be valid access credentials for more than 15,000 Twitter accounts.

Following the attention paid on American hacktivists, McGill's Coleman said that the nexus of future hacktivist activity may well remain outside U.S. borders. "Europe and non-American countries are really the only realistic places from which illegal activities can happen, given the stiff punishments handed out to the Americans -- far stiffer than even the U.K. boys who may have had long jail times, but no fines," she said.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Stretcher Bearer
50%
50%
Stretcher Bearer,
User Rank: Apprentice
8/23/2013 | 12:03:39 AM
re: FBI: Anonymous Not Same Since LulzSec Crackdown
Now I'm sure some Republo-Capitilo-fascists are going weep, "What About the Bad Guys in the turbans, and the bad Non_State Religion of Christianity of "Amerikkka" Being threatened By Robot Diarrheal Chem weapons from the Al Kyda the Brooklyn Mick From Jersey who Played in the Minor leagues for the Saints, and the weeping of Liberty Herself" if this attitude grows with it's Bolshevist Anarcho-Dadaist Leanings, I say Don't worry, Pull out that fat wallet made from the skin of dead Immigrant workers and give me a buck or to and I swear on the honor of the NSA TSA CIA And FBI and their overwhelming Papal
infallibility, I will Never say another word Criticizingly against Eine Fatherland and will get a real job and contribute to the overwhelming greatness of a Super Power Like America.. I'd leave it but The monkey smoking the cigar on a unicycle that is the summation of ALL politics in this Country is too damn Hypnotic...The Trained Poodles Elephants, Donkeys in essence the PINKS ...Praise" BoB", Connie and frop, Just legalize Pot and I'll shut up.
Stretcher Bearer
50%
50%
Stretcher Bearer,
User Rank: Apprentice
8/22/2013 | 11:52:14 PM
re: FBI: Anonymous Not Same Since LulzSec Crackdown
Hah..F.B.I. Credibility =0 to absurd at best. criminal ineptitude at worst. I stopped trusting anything I was told by the chumps when I was like 12. I think that they can't wrap their feeble little alcohol saturated, date rape and old football injury minds around how a Group worth no formal or centralized leadership could operate. I wonder just how much tax money ripped from the pockets of the poor goes to research this. it certainly doesn't go to wardrobe.I couldn't care less about What The F.B.I ,NSA,CIA say They're running dangerously close to nullifying their Status as Law Enforcement, but Circumventing, Ignoring, passing laws and in general Violating the Strict wrording of the Bill Of Rights, the Only Pillar that hasd any meaning in the constitution. They Continue they basically nullify their legality, therefore no law that they Enforce has any real meaning, they've breached the Contract with the people and become the Nazi Pigs they wet-dream about. I hope this goes into my ever growing file, NSA, Can't wait to se the bad suits in my neighborhood. Suckers.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2208
Published: 2014-12-28
CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbitrary commands by entering a \n (newline) character before the end of a string.

CVE-2014-2209
Published: 2014-12-28
Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypass intended access restrictions by leveraging group permissions for a file or directory.

CVE-2014-5386
Published: 2014-12-28
The mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 does not seed the random number generator, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging the use of a single initial...

CVE-2014-6228
Published: 2014-12-28
Integer overflow in the string_chunk_split function in hphp/runtime/base/zend-string.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted arguments to the chunk_split ...

CVE-2014-6229
Published: 2014-12-28
The HashContext class in hphp/runtime/ext/ext_hash.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 incorrectly expects that a certain key string uses '\0' for termination, which allows remote attackers to obtain sensitive information by leveraging read access beyond the end of the string,...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.