NBC News and Glenn Greenwald report: A secret British spy unit created to mount cyber attacks on Britain’s enemies has waged war on the hacktivists of Anonymous and LulzSec, according to documents taken from the National Security Agency by Edward Snowden and obtained by NBC News.
The blunt instrument the spy unit used to target hackers, however, also interrupted the web communications of political dissidents who did not engage in any illegal hacking. It may also have shut down websites with no connection to Anonymous.
According to the documents, a division of Government Communications Headquarters (GCHQ), the British counterpart of the NSA, shut down communications among Anonymous hacktivists by launching a “denial of service” (DDOS) attack – the same technique hackers use to take down bank, retail and government websites – making the British government the first Western government known to have conducted such an attack.
The documents, from a PowerPoint presentation prepared for a 2012 NSA conference called SIGDEV, show that the unit known as the Joint Threat Research Intelligence Group, or JTRIG, boasted of using the DDOS attack – which it dubbed Rolling Thunder — and other techniques to scare away 80 percent of the users of Anonymous internet chat rooms.
The existence of JTRIG has never been previously disclosed publicly.
The documents also show that JTRIG infiltrated chat rooms known as IRCs and identified individual hackers who had taken confidential information from websites. In one case JTRIG helped send a hacktivist to prison for stealing data from PayPal, and in another it helped identify hacktivists who attacked government websites.
Intelligence sources familiar with the operation say that the British directed the DDOS attack against IRC chat rooms where they believed criminal hackers were concentrated. Other intelligence sources also noted that in 2011, authorities were alarmed by a rash of attacks on government and corporate websites and were scrambling for means to respond.
“While there must of course be limitations,” said Michael Leiter, the former head of the U.S. government’s National Counterterrorism Center and now an NBC News analyst, “law enforcement and intelligence officials must be able to pursue individuals who are going far beyond speech and into the realm of breaking the law: defacing and stealing private property that happens to be online.”
“No one should be targeted for speech or thoughts, but there is no reason law enforcement officials should unilaterally declare law breakers safe in the online environment,” said Leiter.
But critics charge the British government with overkill, noting that many of the individuals targeted were teenagers, and that the agency’s assault on communications among hacktivists means the agency infringed the free speech of people never charged with any crime.
“Targeting Anonymous and hacktivists amounts to targeting citizens for expressing their political beliefs,” said Gabriella Coleman, an anthropology professor at McGill University and author of an upcoming book about Anonymous. “Some have rallied around the name to engage in digital civil disobedience, but nothing remotely resembling terrorism. The majority of those embrace the idea primarily for ordinary political expression.” Coleman estimated that the number of “Anons” engaged in illegal activity was in the dozens, out of a community of thousands. [Continue reading...]
The Guardian reports: The Anonymous hacktivist sentenced on Friday to 10 years in federal prison for his role in releasing thousands of emails from the private intelligence firm Stratfor has told a Manhattan court that he was directed by an FBI informant to break into the official websites of several governments around the world.
Jeremy Hammond, 28, told a federal court for the southern district of New York that a fellow hacker who went under the internet pseudonym “Sabu” had supplied him with lists of websites that were vulnerable to attack, including those of many foreign countries. The defendant mentioned specifically Brazil, Iran and Turkey before being stopped by judge Loretta Preska, who had ruled previously that the names of all the countries involved should be redacted to retain their secrecy.
Within a couple of hours of the hearing, the three countries had been identified publicly by Forbes, the Huffington Post and Twitter feeds serving more than a million followers. “I broke into numerous sites and handed over passwords and backdoors that enabled Sabu – and by extension his FBI handlers – to control these targets,” Hammond told the court.
The 28-year-old hacker has floated the theory in the past that he was used as part of an effective private army by the FBI to target vulnerable foreign government websites, using the informant Sabu – real name Hector Xavier Monsegur – as a go-between. Sabu, who was a leading figure in the Anonymous-affiliated hacking group LulzSec, was turned by the FBI into one of its primary informants on the hacker world after he was arrested in 2011, about six months before the Stratfor website was breached. [Continue reading...]
Aarti Shahani reports: With online relationships, it’s complicated.
The billionaire founder of eBay, Pierre Omidyar, is bankrolling a new media company with reporters who have used WikiLeaks to break giant stories.
But the eBay-owned subsidiary PayPal is working with the Justice Department to prosecute a handful of WikiLeaks supporters. The defendants could serve decades in prison, and their convictions could decide if “hacktivism” is free speech or a felony offense.
On Oct. 31, 14 defendants are scheduled to walk into a federal court in San Jose, Calif. They are known as the PayPal 14, and prosecutors will ask them to plead guilty to attacking PayPal, the online payment service based in that city.
In December 2010, PayPal, Visa, Mastercard and major banks became targets of a spate of cyberattacks, but not by criminals who wanted to steal credit card numbers.
When the companies stopped processing online donations for WikiLeaks founder Julian Assange, supporters — some associated with the hacker group Anonymous — responded with a novel form of protest.
In the case of PayPal, they sent thousands of packets of data to the company’s servers at such a speed, its system nearly crashed.
“It was serious,” said PayPal spokesman Anuj Nayar, who recalled that deflecting the traffic felt like a chess game.
PayPal estimates the attacks cost $3.5 million in technology upgrades. The company gave prosecutors a list of the top 1,000 attackers. From that list, the Department of Justice indicted a handful as part of its ongoing crackdown against Anonymous.
The DOJ cannot comment on pending cases but relies on prosecution guidelines that consider how likely a person is to repeat an alleged offense. Attorney Peter Leeming, who represents one of the defendants, says the selection “seemed arbitrary to me.”
Leeming, based in Santa Cruz, Calif., has represented political protesters for decades and is developing a boutique practice around hacktivism, or online attacks that are politically or socially motivated and not driven by financial gain.
“They’re a relatively new creature,” he said. “Is demonstrating and shutting down a street any different from shutting down a line of commerce on the Internet?” [Continue reading...]
Salon: When Anonymous posted some 40,000 emails of the HBGary’s computer security executive Aaron Barr — as detailed in this story — the emails revealed a proposed campaign by several security firms to take on Wikipedia and its supporters on behalf of Bank of America. The campaign also included a plan to pressure and attack journalists, including Salon’s Glenn Greenwald. Read Glenn on the proposed smear campaign here, and PowerPoint slides detailing the specifics of the attack can be seen here.
Excerpted from “WE ARE ANONYMOUS: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency” by Parmy Olson.
Across America on February 6, 2011, millions of people were settling into their couches, splitting open bags of nachos and spilling beer into plastic cups in preparation for the year’s biggest sporting event. On that Super Bowl Sunday, during which the Green Bay Packers conquered the Pittsburgh Steelers, a digital security executive named Aaron Barr watched helplessly as seven people whom he’d never met turned his world upside down. Super Bowl Sunday was the day he came face-to-face with Anonymous.
By the end of that weekend, the word “Anonymous” had new ownership. Augmenting the dictionary definition of being something with no identifiable name, it seemed to be a nebulous, sinister group of hackers hell-bent on attacking enemies of free information, including individuals like Barr, a husband and a father of twins who had made the mistake of trying to figure out who Anonymous really was.
The real turning point was lunchtime, with six hours to go until the Super Bowl kickoff. As Barr sat on the living room couch in his home in the suburbs of Washington, D.C., dressed comfortably for the day in a T-shirt and jeans, he noticed that his iPhone hadn’t buzzed in his pocket for the last half hour. Normally it alerted him to an email every 15 minutes. When he fished the phone out of his pocket and pressed a button to refresh his mail, a dark blue window popped up. It showed three words that would change his life: Cannot Get Mail. The email client then asked him to verify the right password for his email. Barr went into the phone’s account settings and carefully typed it in: “kibafo33.” It didn’t work. His emails weren’t coming through.
He looked down at the small screen blankly. Slowly, a tickling anxiety crawled up his back as he realized what this meant. Since chatting with a hacker from Anonymous called Topiary a few hours ago, he had thought he was in the clear. Now he knew that someone had hacked his HBGary Federal account, possibly accessing tens of thousands of internal emails, then locked him out. This meant that someone, somewhere, had seen nondisclosure agreements and sensitive documents that could implicate a multinational bank, a respected U.S. government agency, and his own company.
One by one, memories of specific classified documents and messages surfaced in his mind, each heralding a new wave of sickening dread. Barr dashed up the stairs to his home office and sat down in front of his laptop. He tried logging on to his Facebook account to speak to a hacker he knew, someone who might be able to help him. But that network, with his few hundred friends, was blocked. He tried his Twitter account, which had a few hundred followers. Nothing. Then Yahoo. The same. He’d been locked out of almost every one of his Web accounts, even the online role-playing game World of Warcraft. Barr silently kicked himself for using the same password on every account. He glanced over at his Wi-Fi router and saw frantic flashing lights. Now people were trying to overload it with traffic, trying to jam their way further into his home network.
He reached over and unplugged it. The flashing lights went dead. [Continue reading...]
The Associated Press reports: The website of a U.S. company whose tear gas has been used against demonstrators in Egypt is the latest to be broken into by the Anonymous movement, hackers claimed Tuesday.
In a statement posted to the Internet, hackers accused Combined Systems of being war profiteers who sell “mad chemical weapons to militaries and cop shops around the world.”
The company did not respond to calls and emails ahead of U.S. business hours Tuesday.
Anonymous has claimed a series of Web attacks worldwide and has increasingly focused on security companies, law enforcement and governmental organizations. The group has often worked in tandem with the Occupy protest movement in the United States and has expressed solidarity with the pro-democracy protests across the Arab world.
On Tuesday, Anonymous said it had targeted Combined Systems because it was supplying weaponry used to “to repress our revolutionary movements.”
The hackers also claimed to have stolen and published personal information belonging to clients and employees of the Jamestown, Pennsylvania-based firm. Allegedly intercepted emails were pasted onto the bottom of the statement; one of them appeared to be a warning that Combined Systems’ site had been sabotaged.
“Looks like our web hosts got hacked,” the email says.
Neither the hackers’ claims nor the authenticity of the emails could be immediately verified, although the website was down Tuesday. Messages left for half a dozen employees and technical support staff were not immediately returned.
The company says sells a variety of security wares, including aerosol grenades, sprays and handcuffs. Journalists and activists have reported finding the company’s tear gas canisters at Egypt’s Tahrir Square, where authorities have repeatedly cracked down on demonstrators with deadly force.
On Friday, Anonymous accused Israel of engaging in “piracy on the high seas” after the Israeli navy intercepted the latest flotilla heading for Gaza and warned that it would “strike back”.
Today the following Israeli government websites crashed: Shin Bet, Mossad, IDF, IDF Spokesperson’s Unit, Health Ministry, Justice Ministry, Construction and Housing Ministry, Science and Sport’s Ministry, the President’s Residence, Immigration Authority, the Israel Land Administration and Israel Atomic Energy Commission.
The Deputy Director of the Israeli government’s Information Technology Unit, Ziv Slater, said: “It has nothing to do with an attack, no threat and no hacking. It’s just a systems malfunction.”
“If you continue blocking humanitarian vessels to Gaza or repeat the dreadful actions of May 31st, 2010 against any Gaza Freedom Flotillas then you will leave us no choice but to strike back. Again and again, until you stop,” Anonymous has warned.
Is today’s “system’s malfunction” the first of what will become many?
The Washington Post reports:
The group calling itself Anonymous claimed credit Thursday for hacking into NATO servers and stealing 1 gigabyte of sensitive information as part of its campaign to harass and humiliate prominent targets.
The group has attempted to post online some documents collected in the incident and vows to post more soon, but it also said it has decided to withhold some others because posting them would be “irresponsible.” NATO did not confirm the group’s account.
“NATO is aware that a hackers group has released what it claims to be NATO classified documents on the Internet,” Damien Arnaud, a spokesman for the trans-Atlantic military alliance, said in an e-mail. “NATO security experts are investigating these claims. We strongly condemn any leak of classified documents, which can potentially endanger the security of NATO allies, armed forces and citizens.”
Groups calling themselves “hacktivists” — which target Web sites and servers in pursuit of political agendas — have joined the list of cyber threats identified by government and corporate security officials.
“It is one of the up-and-coming biggest concerns for the FBI,” said Robert E. Nickel, unit chief in the FBI’s Public Private Alliance Unit, speaking at a cyber conference last week.
The New York Times reports:
In the most visible law enforcement response to a recent spate of online attacks, the Federal Bureau of Investigation on Tuesday announced the arrests of 16 people across the country in connection with strikes carried out by a loose, secretive federation of hackers called Anonymous.
In an indictment unsealed Tuesday afternoon in United States District Court in San Jose, Calif., 14 people were charged in connection with an attack on the Web site of the payment service PayPal last December, after the company suspended accounts set up for donating funds to WikiLeaks. The suspects, in 10 separate states, are accused of conspiring to “intentionally damage protected computers.”
Anonymous had publicly called on its supporters to attack the sites of companies it said were turning against WikiLeaks, using tools that bombard sites with traffic and knock them offline.
A Florida man was also arrested and accused of breaching the Web site of Tampa InfraGard, an organization affiliated with the F.B.I., and then boasting of his actions on Twitter. And in New Jersey, a former contractor with AT&T was arrested on charges that he lifted files from that company’s computer systems; the information was later distributed by LulzSec, a hacker collective that stemmed from Anonymous.