Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

FBI: Anonymous Not Same Since LulzSec Crackdown

Bureau says that after "dismantlement of the largest players" in LulzSec, domestic hacktivism remains a shadow of its former self.

The Syrian Electronic Army: 9 Things We Know
(click image for larger view)
The Syrian Electronic Army: 9 Things We Know
Anonymous just hasn't been the same since authorities took down LulzSec leader Sabu and other top hacktivists operating from the United States, the United Kingdom and Ireland.

So claimed Austin P. Berglas, assistant special agent in charge of the FBI's cyber division in New York, saying that the arrest of key members of LulzSec sowed the seeds of mistrust between the remaining members of Anonymous, creating a "huge deterrent effect" on would-be hacktivists.

"All of these guys [arrested] were major players in the Anonymous movement, and a lot of people looked to them just because of what they did," Berglas told Huffington Post. "The movement is still there, and they're still yacking on Twitter and posting things, but you don't hear about these guys coming forward with those large breaches," he said. "It's just not happening, and that's because of the dismantlement of the largest players."

One key to that deterrence effect is that, of the five key members of LulzSec arrested, four were caught with the help of Hector Xavier Monsegur, a.k.a. LulzSec leader Sabu, who was arrested by the bureau in June 2011 and quickly turned informer.

[ Hackers can't beat Mother Nature. See Natural Disasters Cause More Downtime Than Hackers. ]

While researchers at Backtrace Security reported identifying Sabu based on a clue in a log file that led to a post in Monsegur's name on a car-enthusiast's site, the bureau said it picked up his trail in February 2011 after he once failed to anonymize his IP address before logging into a chat room. "It's easy to sit behind a computer and think you're anonymous and do these illegal types of activity, whether it's hacking into a company or trading child pornography or buying and selling stolen identities," Berglas said. "But it's just a matter of time before these criminals make mistakes and we capture them. All it takes is just one time."

Before long, all of the main LulzSec players had been busted, including Jake Davis (Topiary), a teenager living on a remote Scottish island; Ryan Cleary (Viral), an English teenager with autism; former British soldier Ryan Ackroyd, 26, who pretended to be a 16-year-old girl named "Kayla" online; and Mustafa Al-Bassam, a.k.a. T-Flow, who at the time of the LulzSec attacks was a 16-year-old living in London, and who'd reportedly aided Tunisian revolutionaries in their quest to bypass government-imposed Internet restrictions.

Gabriella Coleman, a McGill University professor who studies Anonymous, said via email that the arrests of major U.S. and U.K. Anonymous members dealt an obvious blow to the group's central leadership. "No doubt that the FBI hit a central node of activity," she said.

But others might easily assume the mantle. "Since Anonymous doesn't need all that many resources except skill and desire, it could easily emerge again as a force to contend with," Coleman said. "Much in the same way that leaks have been sporadic but consistent, there is no reason why we can't see the same rhythm with Anonymous."

Still, the LulzSec arrests -- as well as Sabu turning informer -- are a reminder that any group based on anarchic principles with open membership remains at high risk of being infiltrated, and key members incarcerated. Even revolutionary groups that do vet members aren't immune to the immense resources that can be brought to bear by authorities. Last year, for example, an Irish police officer told a British tribunal that an estimated one in four members of the Irish Republican Army, including some of its highest-ranking members, were paid informers.

After LulzSec's 50-day hacking spree in 2011 -- dubbed the "summer of lulz" -- the group's biggest legacy may now be the significant jail time that key arrested members of Anonymous and LulzSec either face or are serving. At least, that's true in the United States, where some hacktivists were hit with substantial prison time, unlike their overseas counterparts. That sentencing disparity recently led Carole Cadwalladr to note in Britain's The Observer: "If you're going to be a hacker, kids, get the hell out of America. Jake Davis, a.k.a.. Topiary, has now served his sentence and is free, whereas Jeremy Hammond, who has pleaded guilty to hacking into Stratfor, a private intelligence agency working for the U.S. government, is potentially facing a 10-year sentence and possible multimillion-dollar fine."

How's this for freedom: Davis and Bassam are even on Twitter.

That isn't to say hacktivism doesn't remain alive and well. But it does increasingly appear to be moving offshore, thanks in part to geographically focused Anonymous groups.

Likewise, the Syrian Electronic Army, which bills itself as a band of hacktivists loyal to the regime of Syrian president Bashar al-Assad, but which many security experts suspect works directly for Assad, continues to hack media sites and Twitter feeds that it finds unfavorable to Assad.

Earlier this week, meanwhile, a twenty-something hacker known as "Mauritania Attacker," who has said that he fights to "defend the dignity of Muslims," leaked what appeared to be valid access credentials for more than 15,000 Twitter accounts.

Following the attention paid on American hacktivists, McGill's Coleman said that the nexus of future hacktivist activity may well remain outside U.S. borders. "Europe and non-American countries are really the only realistic places from which illegal activities can happen, given the stiff punishments handed out to the Americans -- far stiffer than even the U.K. boys who may have had long jail times, but no fines," she said.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Stretcher Bearer
50%
50%
Stretcher Bearer,
User Rank: Apprentice
8/23/2013 | 12:03:39 AM
re: FBI: Anonymous Not Same Since LulzSec Crackdown
Now I'm sure some Republo-Capitilo-fascists are going weep, "What About the Bad Guys in the turbans, and the bad Non_State Religion of Christianity of "Amerikkka" Being threatened By Robot Diarrheal Chem weapons from the Al Kyda the Brooklyn Mick From Jersey who Played in the Minor leagues for the Saints, and the weeping of Liberty Herself" if this attitude grows with it's Bolshevist Anarcho-Dadaist Leanings, I say Don't worry, Pull out that fat wallet made from the skin of dead Immigrant workers and give me a buck or to and I swear on the honor of the NSA TSA CIA And FBI and their overwhelming Papal
infallibility, I will Never say another word Criticizingly against Eine Fatherland and will get a real job and contribute to the overwhelming greatness of a Super Power Like America.. I'd leave it but The monkey smoking the cigar on a unicycle that is the summation of ALL politics in this Country is too damn Hypnotic...The Trained Poodles Elephants, Donkeys in essence the PINKS ...Praise" BoB", Connie and frop, Just legalize Pot and I'll shut up.
Stretcher Bearer
50%
50%
Stretcher Bearer,
User Rank: Apprentice
8/22/2013 | 11:52:14 PM
re: FBI: Anonymous Not Same Since LulzSec Crackdown
Hah..F.B.I. Credibility =0 to absurd at best. criminal ineptitude at worst. I stopped trusting anything I was told by the chumps when I was like 12. I think that they can't wrap their feeble little alcohol saturated, date rape and old football injury minds around how a Group worth no formal or centralized leadership could operate. I wonder just how much tax money ripped from the pockets of the poor goes to research this. it certainly doesn't go to wardrobe.I couldn't care less about What The F.B.I ,NSA,CIA say They're running dangerously close to nullifying their Status as Law Enforcement, but Circumventing, Ignoring, passing laws and in general Violating the Strict wrording of the Bill Of Rights, the Only Pillar that hasd any meaning in the constitution. They Continue they basically nullify their legality, therefore no law that they Enforce has any real meaning, they've breached the Contract with the people and become the Nazi Pigs they wet-dream about. I hope this goes into my ever growing file, NSA, Can't wait to se the bad suits in my neighborhood. Suckers.
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18198
PUBLISHED: 2019-10-18
In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753.
CVE-2019-18197
PUBLISHED: 2019-10-18
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclo...
CVE-2019-4409
PUBLISHED: 2019-10-18
HCL Traveler versions 9.x and earlier are susceptible to cross-site scripting attacks. On the Problem Report page of the Traveler servlet pages, there is a field to specify a file attachment to provide additional problem details. An invalid file name returns an error message that includes the entere...
CVE-2019-13545
PUBLISHED: 2019-10-18
In Horner Automation Cscape 9.90 and prior, improper validation of data may cause the system to write outside the intended buffer area, which may allow arbitrary code execution.
CVE-2019-13541
PUBLISHED: 2019-10-18
In Horner Automation Cscape 9.90 and prior, an improper input validation vulnerability has been identified that may be exploited by processing files lacking user input validation. This may allow an attacker to access information and remotely execute arbitrary code.