Saturday, August 24, 2013

FBI's claim that it dismantled Anonymous met with a massive data leak

The FBI has its collective foot in its mouth right about now.

On Wednesday, Austin P. Berglas, assistant special agent in charge of the FBI’s cyber division, gave an interview in which he boasted that the 2012 arrests of LulzSec members had "destroyed" the leadership of Anonymous, rendering it effectively neutralized.

He told the Huffington Post, "The movement is still there, and they're still yacking on Twitter and posting things, but you don't hear about these guys coming forward with those large breaches. It's just not happening, and that's because of the dismantlement of the largest players."

You can guess what happened next.


OpLastResort, the operation formerly dubbed OpAngel, and aimed at striking back at the government forces that drove Aaron Swartz to suicide, sprang back to life.

As the Global Post reported Wednesday night, OpLastResort began tweeting out links to an apparently hacked restaurant site, TheFederalGrill, uploading vast amounts of data apparently taken directly from FBI servers. Then they issued a challenge to readers and reporters:


(Actually that last one is almost certainly the old "take credit for the heck of it” trick. It might just fool some of the people, some of the time.)

Nonetheless, they do seem to have accessed FBI servers with recent data from the Regional Forensics Computer Laboratory (RFCL), and to have posted it as hidden PDF files and pages on the hacked site. The most recent data is from January of this year, although much is from last year. When asked on Twitter why that site, OpLastResort said there could be no better place to grill the Feds than the (apparently long-closed) Federal Grill. Because they are uploaded as PDFs rather than Web pages, they must be downloaded to be viewed, and one might hesitate before downloading hacked FBI files from Anonymous hosted on hacked websites.

If one were more cautious than a reporter, that is.

The documents include, for example, slides from a presentation in Orange County that includes the numbers of cases handled in the lab, the referring law enforcement agencies, resolutions, etc.

The hacktivists have a point: Clearly the arrests of LulzSec and AntiSec members, and the exposure of leader Sabu as an FBI collaborator, have not destroyed Anonymous. Rather, the arrests have instead taught them hard lessons about IP anonymizing and VPNs, about basic opsec strategies like not tweeting out successful hacks under the same username you used to make the hack in the first place, and about the risks of separation from the Hive. Remember, it was frustration with the anonymity and long lead times of Anonymous itself that led LulzSec, CabinCr3w, and other crews to break away from the collective.

Interestingly, a persistent rumor seems to indicate that this latest action may be the work of Sabu himself, perhaps contrite for the years of prison time his crew are currently serving or facing. One file released by OpLastResort is titled "When Sabu Met Michelle" and contains the apparent email for Michelle Obama, on whom Sabu had a very public crush.

We contacted three well-placed sources in Anonymous who confirmed the rumor, and one was willing to speak on the record. S/he told us that s/he and others believe, “It was too big and quick of project to not be Feds and bears Sabu signatures.” In other words, there’s no way a hack could have been organized and gotten to the heart of the FBI in only five or so hours. The files had to have been gathered previously, and just lain unused.

"He definitely has the same Lulz 9000 rhetoric. He's not stupid, but the most charitable info is that he's done all this under duress. OpLastResort is on about the capability of creating a fuckton of soiled underwear; producing a single really shit-disturbing document would ease a lot of minds.”

So the FBI presumably allowed him to have and leak the files, which are not tremendously damaging except in a propaganda sense. The most recent, after all, dates to January of this year. The $64,000 question is why.

Sabu’s sentencing for his role in LulzSec has been pushed back repeatedly because of his “continued cooperation”; the most recent delayed date was this morning. After Sabu's outing as a collaborator, it emerged that one reason he could seemingly take the FBI website down at will was that he had the FBI's cooperation. Perhaps they now wish they'd asked for their keys back.

Certainly the self-aware and humorous tone is similar in the tweets.


You don't hear quite so much about finite hacking crews or leaders anymore, because they have learned the hard way that the minute you take credit, you also draw fire—and the FBI has pretty good aim. But Anonymous dismantled? Not so fast.

SOURCE

0 comments: