Anonymous responds to FBI claims of victory with record leaks
- 26 August, 2013 18:13
After the FBI said their investigations into, and subsequent arrests of, several Anonymous supports led to the dismantling of the loosely associative group and a decline in their activities, Anonymous responds by leaking thousands of compromised records.
Austin Berglas, the assistant special agent in charge of the FBI's cyber division in New York, told Huffington Post last week that the agency dismantled Anonymous' leadership, leading to a drop in action from the multi-faceted collective.
"The movement is still there, and they're still [yakking] on Twitter and posting things, but you don't hear about these guys coming forward with those large breaches. It's just not happening, and that's because of the dismantlement of the largest players...," Berglas said.
As recorded on Twitter, the public voice for many Anons, the initial reaction was laughter. One commenter compared the claim to President George W. Bush's "Mission Accomplished" moment. Another shared his thoughts with an image that resonated with dozens of Anons and supporters - a picture of Tom Cruise laughing.
But for those who watch Anonymous and their interactions with law enforcement, including Gabriella Coleman, an anthropologist whose work focuses on hackers and activism, the FBI's statements came as no surprise.
"The FBI and transgressive hackers have long been locked in a battle of taunts although hackers have a lot more leeway in expressing their true feelings when they want and how they want to. The FBI has been awfully careful and restrained in their statements about LulzSec and Anonymous and it seems like someone finally just broke down and spoke their mind," Coleman explained to CSO, when asked for her thoughts on the incident.
At the same time, she added, it was a big deal to nab many of the LulzSec and a few of the AntiSec hackers. In 2011, especially early on in the summer months, the two groups ran roughshod over the networks of law enforcement, government contractors, and private business. It was only a matter of time before someone was arrested for their actions, or relation to those committing them.
"Nevertheless, despite the mantra that LulzSec was composed of 6 individuals, there were more participants. My sense is that some have receded into the shadows to refuel and do work more discretely. The most recent hack was just a reminder that they are still around and can spring into action if need be," Coleman said.
With the FBI's apparent challenge issued, Anonymous responded by releasing several documents, with thousands of lines of personal information. Adding insult to injury, the collective used a restaurant's compromised website, Texas' The Federal Grill, to host them.
The restaurant was unknowingly mirroring the leaked data for days before someone took action and removed the files. Calls to the restaurant itself confirmed that most of the staff were unaware of the incident.
Still, the fact that the Federal Grill's website was selected to host the documents wasn't an accident. There was lulz, or amusement, to be gained by hosting the stolen data on server with that specific domain name.
"...where better to grill the fedz than at the federal grill (sic)," commented one Anonymous Twitter account, OpLastResort, when asked about the choice to use a compromised domain to host the documents.
While lulzy, Coleman said, hosting the data on a compromised domain also makes the point that there are "many places [Anonymous] can enter and take a seat at the counter, if need be."
When it comes to the files, the source of the records appears to be the FBIs Regional Forensics Computer Laboratory (RFCL). One document contains a list of first and last names, email addresses, location (state), InfraGard status, Operating system type, browser type, and IP address. The document appears to be a registration list taken from a website's database for a law enforcement webinar. A majority of those listed are active law enforcement.
Moreover, there's a sorted list of 19,329 law enforcement email addresses. This list spans several states and agencies, and many of the email addresses are formatted with the person's name, but others use what seems to be a badge number. An extracted SQL file, taken from the RFCL database, contains additional addresses. After that, a list of names, agency assignment, and cell phone numbers (claimed to be BlackBerry), were also published.
In addition to personal and sensitive information, Anonymous also published a copy of a field guide on forensics, focused on live capture (Live Capture Field Guide: What every law enforcement officer must know), and a computer system seizure worksheet.
Outside of law enforcement, the leaked data also included what was claimed to be the full details of every single employee at Federal Reserve Bank of America.
The file, a spreadsheet titled SWAG, contains email addresses, phone numbers, and full names for Federal Reserve employees, as well as other information such as employment assignments. In a statement the Fed said that the leaked data was likely stolen during a breach earlier this year, details of which were made public in February.
Before the Fed issued a statement noting that the data wasn't from a recent breach, others who viewed the leaked law enforcement information questioned its age, speculating that it was taken some time ago and only recently released.
Even if the data is old, it was still compromised. The lesson for business leaders and administrators is clear, it is entirely possible for an organization to be breached and not know about it until long after the fact, if at all.
For their part, most Anons have moved on from the FBI's victory dance. As usual, different groups of people in various parts of the world, from all walks of life, are turning their attentions to things that drive their passions. These days, human rights causes and privacy protections are taking priority over network security.
But if the past teaches anything, those who support Anonymous can and will shift their focus on a dime, so from a risk perspective it isn't wise to assume that a few arrests have ended their existence.
Read more about data protection in CSOonline's Data Protection section.