LONDON — Trading jokes and swapping leads, investigators from the FBI and Scotland Yard spent the conference call strategizing about how to bring down the hacking collective known as Anonymous, responsible for a string of embarrassing attacks across the Internet.
Unfortunately for the cyber sleuths, the hackers were in on the call too — and now so is the rest of the world.
Anonymous published the roughly 15-minute-long recording of the call to the Internet on Friday, gloating in a Twitter message that “the FBI might be curious how we’re able to continuously read their internal comms for some time now.”
The humiliating coup exposed a vulnerability that might have had more serious consequences had someone else been listening in on the line.
“A law enforcement agency using unencrypted, unsecure communications is a major fumble,” said Marcus Carey, who spent years securing communications for the U.S. National Security Agency before joining security-risk assessment firm Rapid7.
“What if this event was talking about some terrorist plot to blow up something and ’they’ were listening in? It could’ve been much worse if it was related to an al-Qaida plot or something … So this is a lesson learned.”
The leak was one of a slew of Anonymous hacks that hit websites across the United States Friday, including in Boston, where the police site was defaced, and in Salt Lake City, where officials said that personal information of confidential informants and tipsters had been compromised.
Anonymous also claimed credit for defacing the Greek Justice Ministry’s website and stealing a mountain of data from the Virginia-based law firm that defended a U.S. Marine recently convicted for his role in the bloody 2005 raid in Iraq that became known as the Haditha massacre.
The hackers’ successful attempt to spy on the very people charged with tracking them down remained the most dramatic coup of the day, with sensitive police conversations broadcast across the world.
The FBI said the communication “was intended for law enforcement officers only and was illegally obtained,” but added that no FBI systems were breached. It said that “a criminal investigation is under way to identify and hold accountable those responsible.”
A law enforcement official, speaking on condition of anonymity because the matter is under investigation, told The Associated Press that authorities were looking at the possibility the message was intercepted from the private email account of one of the dozens of invited participants — who hailed from the U.K., Ireland, Germany, France, the Netherlands and Sweden.
Anonymous published just such an email Friday, complete with the date, time and password needed to access the call.
Graham Cluley, an expert with data security company Sophos, said that anyone with that information could have “rung in and silently listened to the call just like Anonymous did.”
In Paris, a French police official who was briefed on the interception said it could prompt international law enforcement bodies to be more circumspect about sharing information in conference calls. He spoke on condition of anonymity because he wasn’t authorized to speak on the record.
Scotland Yard said they had seen no immediate information that their operations had been compromised — but the discussions appear to be sensitive.
Amid jokes about a teenage hacking suspect (who one officer describes as “a bit of an idiot”) and lighthearted banter about McDonald’s, the investigators on the call discussed whether to delay the arrest of two hacking suspects to give the FBI more time to pursue its side of the investigation.
Updates were given on the status of inquiries stretching from Los Angeles and Baltimore to England and Ireland, with one member of Scotland Yard’s central e-crime unit telling the FBI that British police had identified a 15-year-old with possible connections to a recent breach at U.S. video game company Valve Corp.
“Yeah that’s fantastic,” an FBI official said in response. “We actually do have a pending investigation looking into that compromise.”
An email to the FBI official leading the call was not immediately returned Friday, while the e-crime investigator referred questions to Scotland Yard’s press office. The press office confirmed it had someone on the call but said it would have no further comment.
Most sensitive appears to be discussion of what legal strategy to pursue in the cases of Ryan Cleary and Jake Davis, two British suspects linked to Anonymous. The U.K. police official on the call said prosecutors were secretly going to court to delay procedures in order to give the FBI more time pursue a related case.
When the FBI official thanked his U.K. counterpart for the favour, the Briton said cheerily: “We’re here to help!”
Karen Todner, a lawyer for Cleary, said the recording could be “incredibly sensitive” and warned that such data breaches had the potential to derail the police investigation.
“If they haven’t secured their email it could potentially prejudice the investigation,” she told the AP.
Anonymous, an amorphous collection of Internet enthusiasts, pranksters and activists, has increasingly focused its attention on law enforcement agencies in general and the FBI in particular.
The hackers’ targets include the Church of Scientology, the music industry and financial companies such as Visa and MasterCard. It has recently expanded to include government, police, and military targets.
Dozens of suspected members and supporters have been arrested across the world.
Raphael Satter can be reached at: http://twitter.com/razhael