FBI Agent: We've Dismantled The Leaders Of Anonymous

[Jake Kouns <jkouns () opensecurityfoundation org>]

http://www.huffingtonpost.com/2013/08/21/anonymous-arrests-fbi_n_3780980.html

The hacker collective Anonymous has not produced as many high-profile
cyber attacks as it once did, a drop-off that can be directly
attributed to the arrests of the group's core members, an FBI official
told The Huffington Post this week.

Starting in late 2010, Anonymous captured worldwide attention through
a series of attacks against U.S. companies and government agencies,
stealing data and defacing or crashing websites.

But the arrests last year of five members of Lulz Security, an
influential splinter group of hackers, had a "huge deterrent effect"
on Anonymous by creating an "added layer of distrust" within the
hacking group, according to Austin P. Berglas, assistant special agent
in charge of the FBI's cyber division in New York.

“All of these guys [arrested] were major players in the Anonymous
movement, and a lot of people looked to them just because of what they
did,” Berglas said in an interview with HuffPost.

The 2012 arrests relied on the help of a key informant, Hector
Monsegur, aka "Sabu," who was caught and then cooperated with the FBI.
The fear that one of their own could turn them in has sowed distrust
within the hacking collective, according to Berglas.

"The movement is still there, and they're still yacking on Twitter and
posting things, but you don't hear about these guys coming forward
with those large breaches," he said. "It's just not happening, and
that's because of the dismantlement of the largest players."

Gabriella Coleman, a professor at McGill University who studies
Anonymous, said there was "no doubt" the arrests dealt a major blow to
"a central node of activity" within the group. But Anonymous is still
very much alive, she said.

"They could easily emerge again as a force to contend with," she told
HuffPost in an email.

The arrests of members of Anonymous last year were among several
highlights to come out of the FBI's cyber division in New York. (The
five core members of Lulz Security have pleaded guilty.) In another
case, the FBI in New York led an investigation that resulted in the
arrests earlier this year of three alleged operators of the Gozi
virus, which infected at least 1 million computers and stole millions
of dollars from banks around the world.

A former Army captain, 41-year-old Berglas leads the FBI's cyber
division in New York, one of the busiest of the FBI's 56 field
offices. His office overlooks the skyline of lower Manhattan, the
center of the financial world and a frequent target of hackers. Last
month, a Russian man was charged with breaking into the servers of the
Nasdaq stock exchange and deleting, changing and stealing data.

The cyber division in New York is divided into five teams of
investigators. One unit is tasked with getting digital evidence off
cell phones, cameras, computers and tablets to support investigations
into a wide range cases, from organized crime to computer hacking to
child pornography. Berglas said the investigators for the Computer
Analysis Response Team have become increasingly adept at breaking
encryption methods used by suspects to conceal the contents of
computer files.

The other four teams divide their attention to cybercrime based on the
hackers' country of origin. Since most hackers attack U.S. computers
from overseas, the FBI often works with law enforcement in other
countries, Berglas said. Sometimes, investigators find evidence of
hackers from several different countries inside the network of a
single U.S. company.

"We call it the dirty pond environment," he said. "You think it might
just be one actor responsible for the intrusion, and once you get in
and start looking at the company there's remnants of a whole host of
actors -- from week-old activity to multiple years they've been inside
some companies and they just don’t know about it."

Cybercriminals have a variety of motives, but their methods are often
the same. Most break into computer systems by tricking people to click
on malicious links in emails that appear to come from trusted sources,
a technique known as "spear phishing," Berglas said.

"It’s the number one most common intrusion vector we see in any type
of attack,” Berglas said. "Major financial companies spend millions
and millions of dollars on security, and all [hackers] have to do is
get someone with credentials to click on a spear-phishing site and
that’s how they get in.”

Cybercriminals have become adept at hiding their IP addresses -- the
string of numbers assigned to individual computers -- to disguise
their locations from law enforcement. But eventually, even the most
skilled hackers get sloppy, Berglas said.

Hector Monsegur, aka "Sabu," the FBI informant whose cooperation led
to the arrests of LulzSec last year, left his IP address exposed. The
error allowed investigators to track his location to an apartment in
Manhattan's Lower East Side and eventually led to his arrest.

It's that type of misstep that the FBI is looking for.

"It’s easy to sit behind a computer and think you're anonymous and do
these illegal types of activity, whether it’s hacking into a company
or trading child pornography or buying and selling stolen identities,"
he said. "But it’s just a matter of time before these criminals make
mistakes and we capture them. All it takes is just one time."
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.