FBI: Anonymous Not Same Since LulzSec Crackdown

Bureau says that after "dismantlement of the largest players" in LulzSec, domestic hacktivism remains a shadow of its former self.

Mathew J. Schwartz, Contributor

August 22, 2013

5 Min Read

The Syrian Electronic Army: 9 Things We Know

The Syrian Electronic Army: 9 Things We Know

(click image for larger view)
The Syrian Electronic Army: 9 Things We Know

Anonymous just hasn't been the same since authorities took down LulzSec leader Sabu and other top hacktivists operating from the United States, the United Kingdom and Ireland.

So claimed Austin P. Berglas, assistant special agent in charge of the FBI's cyber division in New York, saying that the arrest of key members of LulzSec sowed the seeds of mistrust between the remaining members of Anonymous, creating a "huge deterrent effect" on would-be hacktivists.

"All of these guys [arrested] were major players in the Anonymous movement, and a lot of people looked to them just because of what they did," Berglas told Huffington Post. "The movement is still there, and they're still yacking on Twitter and posting things, but you don't hear about these guys coming forward with those large breaches," he said. "It's just not happening, and that's because of the dismantlement of the largest players."

One key to that deterrence effect is that, of the five key members of LulzSec arrested, four were caught with the help of Hector Xavier Monsegur, a.k.a. LulzSec leader Sabu, who was arrested by the bureau in June 2011 and quickly turned informer.

[ Hackers can't beat Mother Nature. See Natural Disasters Cause More Downtime Than Hackers. ]

While researchers at Backtrace Security reported identifying Sabu based on a clue in a log file that led to a post in Monsegur's name on a car-enthusiast's site, the bureau said it picked up his trail in February 2011 after he once failed to anonymize his IP address before logging into a chat room. "It's easy to sit behind a computer and think you're anonymous and do these illegal types of activity, whether it's hacking into a company or trading child pornography or buying and selling stolen identities," Berglas said. "But it's just a matter of time before these criminals make mistakes and we capture them. All it takes is just one time."

Before long, all of the main LulzSec players had been busted, including Jake Davis (Topiary), a teenager living on a remote Scottish island; Ryan Cleary (Viral), an English teenager with autism; former British soldier Ryan Ackroyd, 26, who pretended to be a 16-year-old girl named "Kayla" online; and Mustafa Al-Bassam, a.k.a. T-Flow, who at the time of the LulzSec attacks was a 16-year-old living in London, and who'd reportedly aided Tunisian revolutionaries in their quest to bypass government-imposed Internet restrictions.

Gabriella Coleman, a McGill University professor who studies Anonymous, said via email that the arrests of major U.S. and U.K. Anonymous members dealt an obvious blow to the group's central leadership. "No doubt that the FBI hit a central node of activity," she said.

But others might easily assume the mantle. "Since Anonymous doesn't need all that many resources except skill and desire, it could easily emerge again as a force to contend with," Coleman said. "Much in the same way that leaks have been sporadic but consistent, there is no reason why we can't see the same rhythm with Anonymous."

Still, the LulzSec arrests -- as well as Sabu turning informer -- are a reminder that any group based on anarchic principles with open membership remains at high risk of being infiltrated, and key members incarcerated. Even revolutionary groups that do vet members aren't immune to the immense resources that can be brought to bear by authorities. Last year, for example, an Irish police officer told a British tribunal that an estimated one in four members of the Irish Republican Army, including some of its highest-ranking members, were paid informers.

After LulzSec's 50-day hacking spree in 2011 -- dubbed the "summer of lulz" -- the group's biggest legacy may now be the significant jail time that key arrested members of Anonymous and LulzSec either face or are serving. At least, that's true in the United States, where some hacktivists were hit with substantial prison time, unlike their overseas counterparts. That sentencing disparity recently led Carole Cadwalladr to note in Britain's The Observer: "If you're going to be a hacker, kids, get the hell out of America. Jake Davis, a.k.a.. Topiary, has now served his sentence and is free, whereas Jeremy Hammond, who has pleaded guilty to hacking into Stratfor, a private intelligence agency working for the U.S. government, is potentially facing a 10-year sentence and possible multimillion-dollar fine."

How's this for freedom: Davis and Bassam are even on Twitter.

That isn't to say hacktivism doesn't remain alive and well. But it does increasingly appear to be moving offshore, thanks in part to geographically focused Anonymous groups.

Likewise, the Syrian Electronic Army, which bills itself as a band of hacktivists loyal to the regime of Syrian president Bashar al-Assad, but which many security experts suspect works directly for Assad, continues to hack media sites and Twitter feeds that it finds unfavorable to Assad.

Earlier this week, meanwhile, a twenty-something hacker known as "Mauritania Attacker," who has said that he fights to "defend the dignity of Muslims," leaked what appeared to be valid access credentials for more than 15,000 Twitter accounts.

Following the attention paid on American hacktivists, McGill's Coleman said that the nexus of future hacktivist activity may well remain outside U.S. borders. "Europe and non-American countries are really the only realistic places from which illegal activities can happen, given the stiff punishments handed out to the Americans -- far stiffer than even the U.K. boys who may have had long jail times, but no fines," she said.

About the Author(s)

Mathew J. Schwartz


Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights