Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


FBI: Anonymous Not Same Since LulzSec Crackdown

Bureau says that after "dismantlement of the largest players" in LulzSec, domestic hacktivism remains a shadow of its former self.

The Syrian Electronic Army: 9 Things We Know
(click image for larger view)
The Syrian Electronic Army: 9 Things We Know
Anonymous just hasn't been the same since authorities took down LulzSec leader Sabu and other top hacktivists operating from the United States, the United Kingdom and Ireland.

So claimed Austin P. Berglas, assistant special agent in charge of the FBI's cyber division in New York, saying that the arrest of key members of LulzSec sowed the seeds of mistrust between the remaining members of Anonymous, creating a "huge deterrent effect" on would-be hacktivists.

"All of these guys [arrested] were major players in the Anonymous movement, and a lot of people looked to them just because of what they did," Berglas told Huffington Post. "The movement is still there, and they're still yacking on Twitter and posting things, but you don't hear about these guys coming forward with those large breaches," he said. "It's just not happening, and that's because of the dismantlement of the largest players."

One key to that deterrence effect is that, of the five key members of LulzSec arrested, four were caught with the help of Hector Xavier Monsegur, a.k.a. LulzSec leader Sabu, who was arrested by the bureau in June 2011 and quickly turned informer.

[ Hackers can't beat Mother Nature. See Natural Disasters Cause More Downtime Than Hackers. ]

While researchers at Backtrace Security reported identifying Sabu based on a clue in a log file that led to a post in Monsegur's name on a car-enthusiast's site, the bureau said it picked up his trail in February 2011 after he once failed to anonymize his IP address before logging into a chat room. "It's easy to sit behind a computer and think you're anonymous and do these illegal types of activity, whether it's hacking into a company or trading child pornography or buying and selling stolen identities," Berglas said. "But it's just a matter of time before these criminals make mistakes and we capture them. All it takes is just one time."

Before long, all of the main LulzSec players had been busted, including Jake Davis (Topiary), a teenager living on a remote Scottish island; Ryan Cleary (Viral), an English teenager with autism; former British soldier Ryan Ackroyd, 26, who pretended to be a 16-year-old girl named "Kayla" online; and Mustafa Al-Bassam, a.k.a. T-Flow, who at the time of the LulzSec attacks was a 16-year-old living in London, and who'd reportedly aided Tunisian revolutionaries in their quest to bypass government-imposed Internet restrictions.

Gabriella Coleman, a McGill University professor who studies Anonymous, said via email that the arrests of major U.S. and U.K. Anonymous members dealt an obvious blow to the group's central leadership. "No doubt that the FBI hit a central node of activity," she said.

But others might easily assume the mantle. "Since Anonymous doesn't need all that many resources except skill and desire, it could easily emerge again as a force to contend with," Coleman said. "Much in the same way that leaks have been sporadic but consistent, there is no reason why we can't see the same rhythm with Anonymous."

Still, the LulzSec arrests -- as well as Sabu turning informer -- are a reminder that any group based on anarchic principles with open membership remains at high risk of being infiltrated, and key members incarcerated. Even revolutionary groups that do vet members aren't immune to the immense resources that can be brought to bear by authorities. Last year, for example, an Irish police officer told a British tribunal that an estimated one in four members of the Irish Republican Army, including some of its highest-ranking members, were paid informers.

After LulzSec's 50-day hacking spree in 2011 -- dubbed the "summer of lulz" -- the group's biggest legacy may now be the significant jail time that key arrested members of Anonymous and LulzSec either face or are serving. At least, that's true in the United States, where some hacktivists were hit with substantial prison time, unlike their overseas counterparts. That sentencing disparity recently led Carole Cadwalladr to note in Britain's The Observer: "If you're going to be a hacker, kids, get the hell out of America. Jake Davis, a.k.a.. Topiary, has now served his sentence and is free, whereas Jeremy Hammond, who has pleaded guilty to hacking into Stratfor, a private intelligence agency working for the U.S. government, is potentially facing a 10-year sentence and possible multimillion-dollar fine."

How's this for freedom: Davis and Bassam are even on Twitter.

That isn't to say hacktivism doesn't remain alive and well. But it does increasingly appear to be moving offshore, thanks in part to geographically focused Anonymous groups.

Likewise, the Syrian Electronic Army, which bills itself as a band of hacktivists loyal to the regime of Syrian president Bashar al-Assad, but which many security experts suspect works directly for Assad, continues to hack media sites and Twitter feeds that it finds unfavorable to Assad.

Earlier this week, meanwhile, a twenty-something hacker known as "Mauritania Attacker," who has said that he fights to "defend the dignity of Muslims," leaked what appeared to be valid access credentials for more than 15,000 Twitter accounts.

Following the attention paid on American hacktivists, McGill's Coleman said that the nexus of future hacktivist activity may well remain outside U.S. borders. "Europe and non-American countries are really the only realistic places from which illegal activities can happen, given the stiff punishments handed out to the Americans -- far stiffer than even the U.K. boys who may have had long jail times, but no fines," she said.

Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
Stretcher Bearer
Stretcher Bearer,
User Rank: Apprentice
8/22/2013 | 11:52:14 PM
re: FBI: Anonymous Not Same Since LulzSec Crackdown
Hah..F.B.I. Credibility =0 to absurd at best. criminal ineptitude at worst. I stopped trusting anything I was told by the chumps when I was like 12. I think that they can't wrap their feeble little alcohol saturated, date rape and old football injury minds around how a Group worth no formal or centralized leadership could operate. I wonder just how much tax money ripped from the pockets of the poor goes to research this. it certainly doesn't go to wardrobe.I couldn't care less about What The F.B.I ,NSA,CIA say They're running dangerously close to nullifying their Status as Law Enforcement, but Circumventing, Ignoring, passing laws and in general Violating the Strict wrording of the Bill Of Rights, the Only Pillar that hasd any meaning in the constitution. They Continue they basically nullify their legality, therefore no law that they Enforce has any real meaning, they've breached the Contract with the people and become the Nazi Pigs they wet-dream about. I hope this goes into my ever growing file, NSA, Can't wait to se the bad suits in my neighborhood. Suckers.
Stretcher Bearer
Stretcher Bearer,
User Rank: Apprentice
8/23/2013 | 12:03:39 AM
re: FBI: Anonymous Not Same Since LulzSec Crackdown
Now I'm sure some Republo-Capitilo-fascists are going weep, "What About the Bad Guys in the turbans, and the bad Non_State Religion of Christianity of "Amerikkka" Being threatened By Robot Diarrheal Chem weapons from the Al Kyda the Brooklyn Mick From Jersey who Played in the Minor leagues for the Saints, and the weeping of Liberty Herself" if this attitude grows with it's Bolshevist Anarcho-Dadaist Leanings, I say Don't worry, Pull out that fat wallet made from the skin of dead Immigrant workers and give me a buck or to and I swear on the honor of the NSA TSA CIA And FBI and their overwhelming Papal
infallibility, I will Never say another word Criticizingly against Eine Fatherland and will get a real job and contribute to the overwhelming greatness of a Super Power Like America.. I'd leave it but The monkey smoking the cigar on a unicycle that is the summation of ALL politics in this Country is too damn Hypnotic...The Trained Poodles Elephants, Donkeys in essence the PINKS ...Praise" BoB", Connie and frop, Just legalize Pot and I'll shut up.
NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Hunny, I looked every where for the dorritos. 
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-01-21
Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods.
PUBLISHED: 2021-01-21
Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that conta...
PUBLISHED: 2021-01-21
Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot referenced a non-existing PersistentVolumeClaim and the VolumeSnapshot did not reference any VolumeSnapshotClass. - The snapshot-controller crashes, ...
PUBLISHED: 2021-01-21
Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executi...
PUBLISHED: 2021-01-21
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typicall...