Anonymous responds to FBI claims of victory with record leaks

After the FBI said their investigations into, and subsequent arrests of, several Anonymous supports led to the dismantling of the loosely associative group and a decline in their activities, Anonymous responds by leaking thousands of compromised records.

Austin Berglas, the assistant special agent in charge of the FBI's cyber division in New York, told Huffington Post last week that the agency dismantled Anonymous' leadership, leading to a drop in action from the multi-faceted collective.

"The movement is still there, and they're still [yakking] on Twitter and posting things, but you don't hear about these guys coming forward with those large breaches. It's just not happening, and that's because of the dismantlement of the largest players...," Berglas said.

As recorded on Twitter, the public voice for many Anons, the initial reaction was laughter. One commenter compared the claim to President George W. Bush's "Mission Accomplished" moment. Another shared his thoughts with an image that resonated with dozens of Anons and supporters - a picture of Tom Cruise laughing.

But for those who watch Anonymous and their interactions with law enforcement, including Gabriella Coleman, an anthropologist whose work focuses on hackers and activism, the FBI's statements came as no surprise.

"The FBI and transgressive hackers have long been locked in a battle of taunts although hackers have a lot more leeway in expressing their true feelings when they want and how they want to. The FBI has been awfully careful and restrained in their statements about LulzSec and Anonymous and it seems like someone finally just broke down and spoke their mind," Coleman explained to CSO, when asked for her thoughts on the incident.

At the same time, she added, it was a big deal to nab many of the LulzSec and a few of the AntiSec hackers. In 2011, especially early on in the summer months, the two groups ran roughshod over the networks of law enforcement, government contractors, and private business. It was only a matter of time before someone was arrested for their actions, or relation to those committing them.

"Nevertheless, despite the mantra that LulzSec was composed of 6 individuals, there were more participants. My sense is that some have receded into the shadows to refuel and do work more discretely. The most recent hack was just a reminder that they are still around and can spring into action if need be," Coleman said.

With the FBI's apparent challenge issued, Anonymous responded by releasing several documents, with thousands of lines of personal information. Adding insult to injury, the collective used a restaurant's compromised website, Texas' The Federal Grill, to host them.

The restaurant was unknowingly mirroring the leaked data for days before someone took action and removed the files. Calls to the restaurant itself confirmed that most of the staff were unaware of the incident.

Still, the fact that the Federal Grill's website was selected to host the documents wasn't an accident. There was lulz, or amusement, to be gained by hosting the stolen data on server with that specific domain name.

"...where better to grill the fedz than at the federal grill (sic)," commented one Anonymous Twitter account, OpLastResort, when asked about the choice to use a compromised domain to host the documents.

While lulzy, Coleman said, hosting the data on a compromised domain also makes the point that there are "many places [Anonymous] can enter and take a seat at the counter, if need be."

When it comes to the files, the source of the records appears to be the FBIs Regional Forensics Computer Laboratory (RFCL). One document contains a list of first and last names, email addresses, location (state), InfraGard status, Operating system type, browser type, and IP address. The document appears to be a registration list taken from a website's database for a law enforcement webinar. A majority of those listed are active law enforcement.

Moreover, there's a sorted list of 19,329 law enforcement email addresses. This list spans several states and agencies, and many of the email addresses are formatted with the person's name, but others use what seems to be a badge number. An extracted SQL file, taken from the RFCL database, contains additional addresses. After that, a list of names, agency assignment, and cell phone numbers (claimed to be BlackBerry), were also published.

In addition to personal and sensitive information, Anonymous also published a copy of a field guide on forensics, focused on live capture (Live Capture Field Guide: What every law enforcement officer must know), and a computer system seizure worksheet.

Outside of law enforcement, the leaked data also included what was claimed to be the full details of every single employee at Federal Reserve Bank of America.

The file, a spreadsheet titled SWAG, contains email addresses, phone numbers, and full names for Federal Reserve employees, as well as other information such as employment assignments. In a statement the Fed said that the leaked data was likely stolen during a breach earlier this year, details of which were made public in February.

Before the Fed issued a statement noting that the data wasn't from a recent breach, others who viewed the leaked law enforcement information questioned its age, speculating that it was taken some time ago and only recently released.

Even if the data is old, it was still compromised. The lesson for business leaders and administrators is clear, it is entirely possible for an organization to be breached and not know about it until long after the fact, if at all.

For their part, most Anons have moved on from the FBI's victory dance. As usual, different groups of people in various parts of the world, from all walks of life, are turning their attentions to things that drive their passions. These days, human rights causes and privacy protections are taking priority over network security.

But if the past teaches anything, those who support Anonymous can and will shift their focus on a dime, so from a risk perspective it isn't wise to assume that a few arrests have ended their existence.

Read more about data protection in CSOonline's Data Protection section.

Join the CSO newsletter!

Error: Please check your email address.

Tags hacktivismapplicationshacktivistsLulzsecsoftwaretwitterfbidata protectionAnonymous

More about BlackBerryBushCSOFBI

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Steve Ragan

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place