FBI Bust, Aided by 'Anonymous' Snitch, Reveals Left-Hacker Alliance
Just on the heels of last week's arrests of 25 suspected members of the hacktivist collective Anonymous in four countries, three members of the Anonymous splinter group LulzSec were arrested Tuesday morning, while two others were charged with conspiracy. The following morning, media began reporting that Anonymous hacked a private security software company and posted a message to one of those named in a related indictment, a prominent Anon the group has now labeled a "snitch."
Meanwhile, as lawmakers prepare to debate the proposed Cybersecurity Act of 2012, a briefing held on Capitol Hill Wednesday afternoon on the potential for cyberattacks on the nation's critical infrastructure seems to be an indicator that the wide universe of cyberwarfare is finally garnering attention.
Tuesday's Anonymous bust was largely aided by one of its own, the infamous hacker known online as @AnonymouSabu, or "Sabu," whose real name is Hector Xavier Monsegur. FOX News has reported that Sabu had turned FBI informant after being arrested last year.
The offshoot of the loose network of hackers, Anonymous, believed to have caused billions of dollars in damage to governments, international banks and corporations, was allegedly led by a shadowy figure FoxNews.com has identified as Hector Xavier Monsegur. Working under the Internet alias “Sabu,” the unemployed, 28-year-old father of two allegedly commanded a loosely organized, international team of perhaps thousands of hackers from his nerve center in a public housing project on New York’s Lower East Side. After the FBI unmasked Monsegur last June, he became a cooperating witness, sources told FoxNews.com.
As an influential member of Anonymous and two other splinter groups known as" LulzSec" and "Internet Feds," Monsegur is alleged to have spearheaded multiple cyberattacks against various business and governments in the US and elsewhere in the world, according to the unsealed indictment. Among those attacks:
- Visa, Mastercard and PayPal, in retaliation for their refusal to process donations to Wikileaks
- HB Gary and HB Gary Federal, a private cyber security firm contracted by Hunton and Williams to produce a proposal to protect the law firm's clients, Bank of America and the US Chamber of Commerce, against attacks from Wikileaks and anti-Chamber activists
- FOX Broadcasting
- The Tribune Company, which owns the LA Times and Chicago Tribune, among other media entities
- PBS computers in Alexandria, VA, in retaliation for the station's "unfavorable coverage" on Wikileaks
- Sony Music and Sony Pictures
- Infraguard (Atlanta chapter), a "partnership between the FBI and the private sector to share information and intelligence to prevent hostile acts against the United States"
- Unveillance, a private botnet monitoring service that was allegedly targeted solely for extortion
- Bethesda Softworks, a game development studio
- US Senate computer systems
- Computers of the governments of Tunisia, Algeria, Yemen and Zimbabwe
Five other prominent hackers with LulzSec were also exposed by Monsegur.
From FOX News:
As a result of Monsegur’s cooperation, which was confirmed by numerous senior-level officials, the remaining top-ranking members of LulzSec were arrested or hit with additional charges Tuesday morning. The five charged in the LulzSec conspiracy indictment expected to be unsealed were identified by sources as: Ryan Ackroyd, aka “Kayla” and Jake Davis, aka “Topiary,” both of London; Darren Martyn, aka “pwnsauce” and Donncha O’Cearrbhail, aka “palladium,” both of Ireland; and Jeremy Hammond aka “Anarchaos,” of Chicago.
Hammond was arrested on access device fraud and hacking charges and is believed to have been the main person behind the devastating December hack on Stratfor, a private company that provides geopolitical analysis to governments and others. Millions of emails were stolen and then published on Wikileaks; credit card numbers and other confidential information were also stolen, law enforcement sources told FoxNews.com.
Hammond has reportedly been a fixture of the Chicago anarchist scene and is said to have been active with numerous left-leaning groups. He was previously sentenced to two years in prison for hacking into the website of a conservative group known as "Protest Warrior," which organizes counterprotests to those of anti-war activists. He has also been arrested numerous times over the last nine years; the Chicago Tribune notes that those convictions range from disorderly conduct to computer hacking to felony mob action. The Tribune article details Hammond's extensive background in "hacking to fight for social justice" and liberal activism. (Side note: the article also notes that Hammond's mother is a Tea Party activist!).
Perhaps the most notable incident mentioned in the Monsegur indictment, however, is the hacking of HB Gary Federal, a private cybersecurity company with corporations and government agencies on its roster of clients. The attack was the first of its kind to have such wider reaching impacts, both for Anonymous in its future tactics and goals, and for the economic and political environment in the US.
In early 2011, key members of Anonymous published tens of thousands of HB Gary Federal's emails after one of Monsegur's co-conspirators, Ryan Ackroyd aka "Kayla", also named in a related indictment, was said to have socially engineered his way into the server. The attack was vicious, launched in retaliation against HB Gary Federal's CEO Aaron Barr for threatening to expose the identities of key Anonymous members. The hackers also broke into the company's servers and defaced its websites and Barr's Twitter account, and published the user registration database from another of the HB Gary owner's websites . HB Gary Federal had been pitching its services to the law firm Hunton and Williams, which had been assessing how to protect two of its clients, Bank of America and the US Chamber of Commerce, from Wikileaks, Anonymous and other political adversaries.
Shortly after the hacktivist collective's "Operation Payback" campaign in late 2010 against PayPal, Visa and Mastercard, Bank of America had been targeted for its refusal to process Wikileaks related transactions. Anonymous also released emails leaked from a former employee of a BoA subsidiary, but the documents were later said to be misrepresented as something they were not, an assertion that even Wikileaks held in deciding not to release the documents at that time. The leak was generally considered a flop, but the threats against BoA continued, raising concerns that Wikileaks could be a larger threat to the US economy. Similarly, the US Chamber of Commerce had been under assault from disinformation propagated by left-wing activists with Think Progress, the SEIU and Velvet Revolution.
When Anonymous hacked HB Gary Federal, it also compromised the reputations of people and companies with which HB Gary Federal – and partnering firms Palantir Technologies and Berico (collectively known as "Team Themis") - was interacting. Buried in the tens of thousands of leaked emails was a report on the Wikileaks Threat that the cybersecurity firm developed in the hopes of presenting it to Hunton and Williams, along with a proposal intended for the US Chamber of Commerce. HB Gary Federal had collected information on the target adversaries from public social media profiles, and used it to craft a series of potential tactics that ranged from "combating the messaging propaganda" to creating "fake insider personas" online to gather intelligence. Media and political activists quickly grabbed onto the story, dubbing HB Gary's proposal a "dirty tricks campaign" and a plot to "spy" on American citizens. In fact, the story moved so quickly and with such force that it became disinformation in itself to some extent, hobbling all defense of Hunton and Williams, BoA and the US Chamber of Commerce.
While it was largely consumed by tech-oriented audiences, the story of HB Gary Federal has become a working model over time that Anonymous has since turned into a tremendous political weapon in rationalizing its tactics against government entities, defense/intelligence contractors and corporations, and those who oppose them.
With the arrival of the Occupy movement and the increasing political push to demonize corporations and law enforcement as Occupy's plans for an "American Spring" draw closer, many are expressing concern that cyberattacks like HB Gary and the others detailed in the Monegur indictment will also increase. Given that Anonymous has become so closely aligned with Occupy and various elements of the activist left - most notably the anti-war and anti-imperialism movements, a trend that we noted here at Big Government as the "New Institutional Left," it seems a valid concern.
In an interview with Defense Technology International just last week, prominent Anonymous front man Barrett Brown alluded to the significance of the HB Gary hacking in the movement.
After December 2010, when Anonymous first attacked Mastercard, Visa and PayPal, a couple of companies in [the intel contracting] sector were brought in to look at us. They [were referred] to Team Themis, which at the time was HB Gary, Palantir and Berico. They prepared some reports on us, and Endgame Systems created a report on us and on Wikileaks in late 2010. And of course we came upon these when we hacked HB Gary Federal in February 2011. There's also a program called Romas COIN.
[Releasing personal information] is going to be very small beer compared to what's going to happen in the near future. We're closing in on a very unprecedented situation, whereby the Internet has provided for a low-impact sort of civil war. We have people on the streets every day being attacked by cops…I won't beat to death the fact that we're under assault and we're reacting, but I would just say that we didn't start the fire in this case. There's nothing that's been done through Anonymous that has not been done by the US government – not a single thing. And the people [within Anonymous] that are doing things are not getting paid, like the police or the FBI. They're doing it on their own, with their own time, at their own risk. I've got a lot of friends who've already been arrested and charged, and others who may be, and I will eventually be charged myself.
Incidentally, Brown tweeted Tuesday and Wednesday that the FBI has also raided his apartment and his mother's home, and directed followers to the article above as explanation for "why certain things are being done" right now.
Late yesterday, in response to the news of Monsegur's apparent betrayal, Anonymous hacked the website of antivirus firm Panda Security and defaced it by replacing it with a message accusing Panda of working with law enforcement in last week's arrest of 25 Anonymous members. The group also included a message specifically for Monsegur, according to Forbes:
In a short note at the top of the site, the hacker collective took a moment to address Sabu in what reads like a bitter goodbye letter. “Yeah yeah, we know, Sabu snitched on us. As usually happens FBI menaced him to take his sons away. We understand, but we were your family too. (Remember what you liked to say?),” the note reads, likely referencing Sabu’s habit of rallying his radical hacktivist “brothers” on Twitter. “It’s sad and we can’t imagine how it feels having to look at the mirror each morning and see there the guy who shopped their friends to police.”
Monsegur faces a maximum sentence of 124 1/2 years in prison.
Big Government will continue to follow developments in this story, as well as any potential relation to the Occupy movement and the current universe of political activism as a whole.