LONDON:They trade jokes, chuckle and talk shop about a hacker plot called “Project Mayhem.”
But at the heart of the conference call between the FBI and Scotland Yard was a strategy aimed at bringing down the hacking collective known as Anonymous, which has launched a series of embarrassing attacks across the Internet.
Unfortunately for the cyber sleuths, the hackers were listening, too _ and now so is the rest of the world.
Anonymous published the roughly 15-minute-long recording of the call to the Internet early on Friday, gloating in a Twitter message that “the FBI might be curious how we’re able to continuously read their internal comms for some time now.”
The FBI said the information “was intended for law enforcement officers only and was illegally obtained” but that no FBI systems were breached. It added that “a criminal investigation is under way to identify and hold accountable those responsible.”
It’s not entirely clear how the hackers got their hands on the recording, which appears to have been edited to bleep out the names of some of the suspects being discussed.
Amid the material published by Anonymous was an email purportedly sent by an FBI agent to international law enforcement agencies. It invites his foreign counterparts to join the call to “discuss the ongoing investigations related to Anonymous … and other associated splinter groups” on Jan 17 at 4pm.
The message _ addressed to law enforcement officials in the UK, Ireland, the Netherlands, Sweden and France _ contained a phone number and password for accessing the call.
A law enforcement official, speaking on condition of anonymity because the matter is under investigation, said that authorities were looking at the possibility that the message was intercepted after a private email account of one of the invited participants was compromised.
Graham Cluley, an expert with data security company Sophos, said that knowing the time, telephone number and passcode for the call meant it was all too easy to spy on the investigators.
“Even my ironing lady could have rung in and silently listened to the call just like Anonymous did,” Cluley said in an email, calling the fiasco “highly embarrassing for the cops.”
Scotland Yard said that they had seen no immediate information that their operations had been compromised _ but the discussions appear to be sensitive.
Amid jokes about a teenage hacking suspect and light-hearted banter about McDonalds, the investigators seem to discuss whether to delay the arrest of two hacking suspects in order to give the FBI more time to pursue its side of the investigation.
Updates are given on the status of inquiries stretching from Los Angeles to Baltimore to England’s West Midlands and Ireland, with one member of Scotland Yard’s central e-crime unit telling the FBI that British police had recently arrested a 15-year-old they might be interested in with relation to a recent breach at U.S. videogame company Valve Corp.
“Yeah that’s fantastic,” an FBI official says in response. “We actually do have a pending investigation looking into that compromise.”
An email to the FBI official leading the call was not immediately returned, while the e-Crime investigator referred questions to Scotland Yard’s press office. The press office confirmed that it had someone on the call but said it would be making no further comment.
Most sensitive appears to be discussion of what legal strategy to pursue in the cases of Ryan Cleary and Jake Davis _ two British suspects linked to Anonymous. The UK police official on the call said that prosecutors were secretly going to court to delay procedures in order to give FBI more time to do more work on a related case.
When the FBI official thanks his UK counterpart for the favor, the Briton says cheerily: “We’re here to help!”
Karen Todner, a lawyer for Cleary, said that the recording could be “incredibly sensitive” and warned that such data breaches had the potential to derail the police’s work.
“If they haven’t secured their email it could potentially prejudice the investigation,” she said.
The breach is likely to act as a wakeup call to law enforcement agencies globally, said Marcus Carey, who spent years securing communications for the NSA before joining security-risk assessment firm Rapid7.
“A law enforcement agency using unencrypted, unsecure communications is a major fumble,” Carey said. “What if this event was talking about some terrorist plot to blow up something and ‘they’ were listening in? It could’ve been much worse if it was related to an al-Qaida plot or something … So this is a lesson learned.”
In Paris, a French police official who was briefed on the interception said that it could prompt international law enforcement bodies to be more circumspect about sharing information in conference calls. He spoke on condition that his name be withheld, saying he wasn’t authorized to speak on the record.
Anonymous appears to have had a busy Friday. The group also claimed credit for defacing the Boston Police Department’s website, saying it was retaliating for police brutality at against Occupy Wall Street protesters.
Anonymous, an amorphous collection of Internet enthusiasts, pranksters and activists, has increasingly focused its attention on law enforcement agencies in general and the FBI in particular.
The hackers’ traditional targets include the Church of Scientology, the music industry, and financial companies such as Visa and MasterCard but has since expanded to include government, police, and military targets.
Dozens of suspected members and supporters have been arrested across the world.