Threat Management, Network Security, Threat Management

FBI call gives clues into Anonymous, LulzSec probes

At one point during a nearly 17-minute conference call that took place in January between the FBI and Scotland Yard, the moderator -- an FBI special agent -- suggests that the call will be short because fewer than expected people ended up joining.

Little did he know that there was someone else listening in. They just didn't say so.

The call, which was recorded and subsequently posted Friday on YouTube, involves FBI and Scotland Yard authorities discussing the case statuses of a number of alleged Anonymous and LulzSec operatives. In total, six people were on the call, but only five introduced themselves. The other was a member of the Anonymous hacking collective, who somehow had gotten a hold of the credentials to join the call.

The hijacked call began with a member of the FBI's London office, named "Bruce," bantering with "Stewart" of London's Metropolitan Police Service, commonly known as Scotland Yard. The pair exchanged laugh-filled chitchat about a McDonald's in the Pentagon and the lack of anything notable in Sheffield, U.K., the site of the upcoming ACPO National Cyber Crime Conference, taking place next week in the city.

Then, the conference call's organizer, Timothy Lauster, of FBI headquarters in Washington, D.C., joined, along with a member of the FBI's Los Angeles field office. Another Scotland Yard official was sitting with Stewart.

Stewart, the Yard representative, updated participants on the cases of Ryan Cleary and Jake Davis, two alleged members of the LulzSec group, which went on a hacking spree last spring and summer, infiltrating companies like Sony and PBS. The Yard rep also discussed wanting to delay the apparent further arrests of two other alleged LulzSec hackers – Tflow and Kayla – to give FBI agents more time to examine Cleary's hard drive. (The real names of Tflow and Kayla were censored in the recording, presumably to protect the pair).

"We're looking to try and build some time in to allow some operational matters to fulfill on your side of the water," he said. "So, we've set back the further arrests of Kayla and Tflow. We've got our prosecution counsel making an application in chambers, without defense knowing, to seek a way to try and factor some time that won't look suspicious."

The Yard rep also brought up the case of an alleged hacker using the alias "Tehwongz," a 15-year-old who was  arrested in December for launching a distributed denial-of-service attack against his school in the U.K. and defacing a Manchester, U.K. credit union. He's the face behind CSLsec (Can't Stop Laughing Security), a supposed three-member offshoot of LulzSec, the official said.

"He's basically just doing all of this for attention and [he's] a bit of an idiot," said the Yard rep, who then added that his team has found writings in which Tehwongz explains how he became a hacker and claims responsibility for breaching the online gaming network Steam.

Lauster explained that the FBI's Baltimore office is investigating that incident, which took place late last year.

"I'll put you two in contact," Lauster told the Yard official.

[hm-iframe width="560" height="315" frameborder="0" src="https://www.youtube.com/embed/pl3spwzUZfQ"]

Along with the recording, Anonymous also leaked a Jan. 13 email announcing the call, called the "Anon-Lulz International Coordination Call," which took place on Jan. 17. The email, which was sent to more than 40 people, including law enforcement based in France and Ireland, contained the dial-in details for the call.

Graham Cluley, senior technology consultant at security firm Sophos, said a hacker likely found the email by compromising one of the recipient's email accounts – and then called in themselves to eavesdrop and record the call.

"The assumption has to be that an Anonymous hacker had access to one of the recipients' email accounts, and thus had secret access to the confidential call," Cluley wrote in a blog post.

According to a New York Times report, which quoted an unnamed FBI official, one of the email recipients forwarded the message to his personal email account, which was then accessed by hackers.

The Anonymous hacking collective, in a tweet Friday morning from its flagship account, implied that it has been intercepting FBI conversation for some time.

The FBI is taking the matter seriously.

"The information was intended for law enforcement officers only and was illegally obtained," said a statement emailed to SCMagazine.com. "A criminal investigation is under way to identify and hold accountable those responsible."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.