Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


FBI: Anonymous Not Same Since LulzSec Crackdown

Bureau says that after "dismantlement of the largest players" in LulzSec, domestic hacktivism remains a shadow of its former self.

The Syrian Electronic Army: 9 Things We Know
(click image for larger view)
The Syrian Electronic Army: 9 Things We Know
Anonymous just hasn't been the same since authorities took down LulzSec leader Sabu and other top hacktivists operating from the United States, the United Kingdom and Ireland.

So claimed Austin P. Berglas, assistant special agent in charge of the FBI's cyber division in New York, saying that the arrest of key members of LulzSec sowed the seeds of mistrust between the remaining members of Anonymous, creating a "huge deterrent effect" on would-be hacktivists.

"All of these guys [arrested] were major players in the Anonymous movement, and a lot of people looked to them just because of what they did," Berglas told Huffington Post. "The movement is still there, and they're still yacking on Twitter and posting things, but you don't hear about these guys coming forward with those large breaches," he said. "It's just not happening, and that's because of the dismantlement of the largest players."

One key to that deterrence effect is that, of the five key members of LulzSec arrested, four were caught with the help of Hector Xavier Monsegur, a.k.a. LulzSec leader Sabu, who was arrested by the bureau in June 2011 and quickly turned informer.

[ Hackers can't beat Mother Nature. See Natural Disasters Cause More Downtime Than Hackers. ]

While researchers at Backtrace Security reported identifying Sabu based on a clue in a log file that led to a post in Monsegur's name on a car-enthusiast's site, the bureau said it picked up his trail in February 2011 after he once failed to anonymize his IP address before logging into a chat room. "It's easy to sit behind a computer and think you're anonymous and do these illegal types of activity, whether it's hacking into a company or trading child pornography or buying and selling stolen identities," Berglas said. "But it's just a matter of time before these criminals make mistakes and we capture them. All it takes is just one time."

Before long, all of the main LulzSec players had been busted, including Jake Davis (Topiary), a teenager living on a remote Scottish island; Ryan Cleary (Viral), an English teenager with autism; former British soldier Ryan Ackroyd, 26, who pretended to be a 16-year-old girl named "Kayla" online; and Mustafa Al-Bassam, a.k.a. T-Flow, who at the time of the LulzSec attacks was a 16-year-old living in London, and who'd reportedly aided Tunisian revolutionaries in their quest to bypass government-imposed Internet restrictions.

Gabriella Coleman, a McGill University professor who studies Anonymous, said via email that the arrests of major U.S. and U.K. Anonymous members dealt an obvious blow to the group's central leadership. "No doubt that the FBI hit a central node of activity," she said.

But others might easily assume the mantle. "Since Anonymous doesn't need all that many resources except skill and desire, it could easily emerge again as a force to contend with," Coleman said. "Much in the same way that leaks have been sporadic but consistent, there is no reason why we can't see the same rhythm with Anonymous."

Still, the LulzSec arrests -- as well as Sabu turning informer -- are a reminder that any group based on anarchic principles with open membership remains at high risk of being infiltrated, and key members incarcerated. Even revolutionary groups that do vet members aren't immune to the immense resources that can be brought to bear by authorities. Last year, for example, an Irish police officer told a British tribunal that an estimated one in four members of the Irish Republican Army, including some of its highest-ranking members, were paid informers.

After LulzSec's 50-day hacking spree in 2011 -- dubbed the "summer of lulz" -- the group's biggest legacy may now be the significant jail time that key arrested members of Anonymous and LulzSec either face or are serving. At least, that's true in the United States, where some hacktivists were hit with substantial prison time, unlike their overseas counterparts. That sentencing disparity recently led Carole Cadwalladr to note in Britain's The Observer: "If you're going to be a hacker, kids, get the hell out of America. Jake Davis, a.k.a.. Topiary, has now served his sentence and is free, whereas Jeremy Hammond, who has pleaded guilty to hacking into Stratfor, a private intelligence agency working for the U.S. government, is potentially facing a 10-year sentence and possible multimillion-dollar fine."

How's this for freedom: Davis and Bassam are even on Twitter.

That isn't to say hacktivism doesn't remain alive and well. But it does increasingly appear to be moving offshore, thanks in part to geographically focused Anonymous groups.

Likewise, the Syrian Electronic Army, which bills itself as a band of hacktivists loyal to the regime of Syrian president Bashar al-Assad, but which many security experts suspect works directly for Assad, continues to hack media sites and Twitter feeds that it finds unfavorable to Assad.

Earlier this week, meanwhile, a twenty-something hacker known as "Mauritania Attacker," who has said that he fights to "defend the dignity of Muslims," leaked what appeared to be valid access credentials for more than 15,000 Twitter accounts.

Following the attention paid on American hacktivists, McGill's Coleman said that the nexus of future hacktivist activity may well remain outside U.S. borders. "Europe and non-American countries are really the only realistic places from which illegal activities can happen, given the stiff punishments handed out to the Americans -- far stiffer than even the U.K. boys who may have had long jail times, but no fines," she said.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Stretcher Bearer
Stretcher Bearer,
User Rank: Apprentice
8/23/2013 | 12:03:39 AM
re: FBI: Anonymous Not Same Since LulzSec Crackdown
Now I'm sure some Republo-Capitilo-fascists are going weep, "What About the Bad Guys in the turbans, and the bad Non_State Religion of Christianity of "Amerikkka" Being threatened By Robot Diarrheal Chem weapons from the Al Kyda the Brooklyn Mick From Jersey who Played in the Minor leagues for the Saints, and the weeping of Liberty Herself" if this attitude grows with it's Bolshevist Anarcho-Dadaist Leanings, I say Don't worry, Pull out that fat wallet made from the skin of dead Immigrant workers and give me a buck or to and I swear on the honor of the NSA TSA CIA And FBI and their overwhelming Papal
infallibility, I will Never say another word Criticizingly against Eine Fatherland and will get a real job and contribute to the overwhelming greatness of a Super Power Like America.. I'd leave it but The monkey smoking the cigar on a unicycle that is the summation of ALL politics in this Country is too damn Hypnotic...The Trained Poodles Elephants, Donkeys in essence the PINKS ...Praise" BoB", Connie and frop, Just legalize Pot and I'll shut up.
Stretcher Bearer
Stretcher Bearer,
User Rank: Apprentice
8/22/2013 | 11:52:14 PM
re: FBI: Anonymous Not Same Since LulzSec Crackdown
Hah..F.B.I. Credibility =0 to absurd at best. criminal ineptitude at worst. I stopped trusting anything I was told by the chumps when I was like 12. I think that they can't wrap their feeble little alcohol saturated, date rape and old football injury minds around how a Group worth no formal or centralized leadership could operate. I wonder just how much tax money ripped from the pockets of the poor goes to research this. it certainly doesn't go to wardrobe.I couldn't care less about What The F.B.I ,NSA,CIA say They're running dangerously close to nullifying their Status as Law Enforcement, but Circumventing, Ignoring, passing laws and in general Violating the Strict wrording of the Bill Of Rights, the Only Pillar that hasd any meaning in the constitution. They Continue they basically nullify their legality, therefore no law that they Enforce has any real meaning, they've breached the Contract with the people and become the Nazi Pigs they wet-dream about. I hope this goes into my ever growing file, NSA, Can't wait to se the bad suits in my neighborhood. Suckers.
Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.