Featured Post

The white-Left Part 1: The two meanings of white

Wednesday, March 7, 2012

Anonymous Lulzsec "Sabu" was an #FBI agent

From statement by AnonOps Communications on Sabu's treachery:
99% don´t worry. There is Anonymous for a long time.
Anonymous is an idea, not a group. There is no leader, there is no head. It will survive, before, during, and after this time.
This is a follow up to Radical Def's diary yesterday Sabu Busted, Turned...Anonymous Stunned.

The statement from AnonOps also said:
Last week Anonymous were arrested in Argentina, Chile, Columbia and Spain by the Interpol. Yesterday we released that Sabu was an FBI agent and betrayed several partners. One in Chicago, two in Britain and two in Ireland.

After what happened, this communication team met to talk. We decided we will continue reporting news about the Anonymous´s activities.

Anonymous will continue fighting for freedom in the world, but we also understand that people around the world should stand up and claimed by what is right.

We think that it is also important to start removing the old power structures that oppress people. The FBI does work for politicians after all, who are kept in office by the campaign donations of Corporations. No longer represent the people. It is time for a change.

Suggestion to the FBI: Maybe you should spend a little less time pursuing Anonymous and put more effort into bringing to justice the white-collar criminals who crashed the economy in 2008 and 2011. Maybe in this way people begin to believe in you. Stop working for the 1%.

Sabu was "flipped" by the FBI last summer and according to DJ Pangburn it didn't take long before some Anons became suspicious:
There has been a widespread belief that Sabu was a rat for quite some time within the hacking community—an August 2011 chat between Sabu and Virus, for instance. Virus quite prophetically wrote in that infamous chat: “I’m absolutely positive, you already got raided, and are setting your friends up and when they’re done draining you for information and arrests they’ll sentence you and it’ll make nose.”

From Inside the hacking of Stratfor: the FBI's case against Antisec member Anarchaos Sean Gallagher fills in some details about the FBI operation:
On December 6, 2011, a hacker using the handle "sup_g" private-messaged Hector Xavier Monsegur, otherwise known as "Sabu," on Anonymous's IRC server to tell him of a server he had gained access to. But "sup_g"—alleged by the government to be Jeremy Hammond—didn't know that the whole conversation was being logged by the FBI, and that Monsegur had turned confidential informant. "Yo, you round? working on this new target."

The target was the server of Stratfor, the Austin-based global intelligence company that would soon become synonymous with the hacker phrase, "pwned." Over the course of the Anonymous cell Antisec's hacking and exploiting of the company's IT infrastructure, the group of hackers would expose credit card and other personal information of over 60,000 Stratfor customers and a vast archive of e-mail correspondence between the company's employees and customers in the private and government sectors. And it all started with a control panel hack.

According to the FBI, Hammond, also more widely known by the handle "Anarchaos," sent Monsegur a link on a TOR network hidden server to a screenshot of Stratfor's administrative panel for its website. Antisec has used panel hacks to exploit a number of other sites, including the Federal Trade Commission's sites hosted on Media Temple.

Using SQL injection exploits against interfaces to the Web administration application, hackers have been able to gain low-level control over sites and do with them what they will. But in the process of exploiting the control panel, Hammond found there was potential for more than just a simple Web defacement in the Stratfor site. "This site is a paid membership where they gain access to articles," he messaged Monsegur . "It stores billing as well - cards. It's encrypted though. I think I can reverse it though but the encryption keys are store[d] on their server (which we can use mysql to read)."

Hammond said that once he found the keys, he could write a script to export the data "en mass[e]."

As it turns out, the credit card numbers were not encrypted, but stored in plaintext in Stratfor's MySQL database. So once Hammond gained access to the database, he and others were able to export all of the data. Next, he turned to the e-mail system and other server applications running Stratfor's intranet—all of which ran within the same hosting service at Austin-based Core NAP.

By December 14, according to the FBI's investigation, Hammond had managed to "root" Stratfor's mail server as well. In a chat on an IRC channel named #lulzxmas, he told another Anonymous member, "we in business baby…time to feast upon their spools."
Gallagher also tells how the FBI was able to ID Anarchaos as Jeremy Hammond:
The FBI tracked down Hammond with information he had shared in IRC logs from different aliases, and by tying those aliases together with the help of Monsegur. Hammond gave away his location by revealing last August that friends of his had been arrested at the "Midwest Rising" protest in St. Louis on August 15. In another chat, he revealed that he had been arrested in New York City in 2004 during the Republican National Convention. And he also revealed information that indicated he had served time in a federal prison.

Using federal criminal records and other data, FBI investigators were able to narrow the field of suspects rapidly. The FBI had dealt with Hammond before—he had been arrested in March of 2005 for hacking into the site of Protest Warrior, a conservative political activist group, and stealing its database, including credit card information. He served two years in federal prison, followed by three years of supervised release.

Alastair Stevenson, writing in International Business Times AntiSec Will Survive OpAntiSec's Demise:
Questions regarding the future of Operation AntiSec erupted across the internet immediately after the initial Fox News article emerged reporting Sabu as an FBI rat on Tuesday.

"This news certainly looks like the endgame for the splinter group known as LulzSec and possibly AntiSec too. It should certainly be expected that law enforcement have gathered all evidence they feel is necessary to proceed effectively against those individuals they are currently charging. Sabu was certainly not their only source of intelligence, but undoubtedly their most important," read one statement by Trend Micro's director of security research and communications, Rik Ferguson.

Speaking to the International Business Times UK, other analysts have since argued that while LulzSec's specific version of AntiSec may die, the older, 1990s born Anti Security movement (AntiSec) will likely survive.

"They aren't the same. And to me, the AntiSec movement is something that's worth an academic debate. But #OpAntiSec never made much sense to me, nor did Sabu's vocalization of the OpAntiSec ideal - but I guess we now know why..." commented F-Secure security expert Sean Sullivan.
I know this is quick and dirty but I only have a little time before I have to leave for another occupy meeting and I wanted to add to the info presented yesterday with these tidbits. This is still very much a fast developing story so look for more on this topic. One of the things that now needs a close second look is the much vaulted unity last summer between Anonymous and LulzSec. Sabu started LulzSec and now that we know that he was turned by the FBI, that whole episode needs another look.

More, later.

No comments:

Post a Comment