FBI confirms legitimacy of 16-minute call, posted by hacktivists, that discussed sentencing and future arrests of LulzSec and Anonymous participants.

Mathew J. Schwartz, Contributor

February 3, 2012

4 Min Read

Anonymous released audio transcripts Friday from an "Anon-Lulz International Coordination Call" conducted between cyber-crime experts at the FBI and its law enforcement counterparts abroad on Jan. 17.

The AnonymousIRC channel--a reliable source of Anonymous-related information--on Twitter announced the disclosure Friday: "#Anonymous #AntiSec intercepts #FBI comms pastebin.com/8G4jLha8 stay tuned folks for more today!!"

"The assumption has to be that an Anonymous hacker had access to one of the recipients' email accounts, and thus had secret access to the confidential call," said Graham Cluley, senior technology consultant at Sophos, in a blog post.

Indeed, the FBI and British police confirmed Friday that the leaked conference call was legitimate. That led the AnonymousIRC channel on Twitter to declare: "The #FBI might be curious how we're able to continuously read their internal comms for some time now. #OpInfiltration."

[ Hackers are set to outstrip terrorists as the biggest threat to U.S. security, say officials. See Cyber Attacks Becoming Top Terror Threat, FBI Says. ]

A Pastebin post, uploaded Friday, contained a copy of the invitation email, which provides clues to the identities of the call participants. Notably, FBI supervisory special agent Timothy Lauster Jr. sent the invitation for the Jan. 17, conference call, which included a dial-in number and access code. Invitees included the FBI's cybercrime-specialist counterparts in the French government, London's Metropolitan police, the Swedish government, and the Netherlands, including a representative from the European Union's criminal intelligence agency, Europol.

Anonymous has posted to YouTube a video containing the complete audio of the 16-minute conference call. On the call--parts of which have been bleeped out--British law enforcement agents discuss with the FBI various Anonymous and LulzSec-related cases, and agree on timetables.

One of the people discussed was Ryan Cleery, who was arrested in June 2011 on charges of launching a distributed denial of service (DDoS) attack in October 2010 against the British Phonographic Industry website, as well as an AntiSec botnet-driven DDoS attack against the United Kingdom's Serious Organized Crime Agency website in 2011. According to LulzSec, Cleery also ran one of the group's chat servers.

But according to an unnamed British law enforcement official on the call, Cleery will have to face other charges first. "We have got Ryan Cleery's indecent images, which have been found partly by our guys, and partly by the USA team that looked at his hard drive, so what we're going to propose is that they get dealt with first," the British official said on the call.

Interestingly, that legal strategy appears to have been designed to buy authorities more time for investigating two other core LulzSec members: Kayla and Tflow. Kayla, allegedly a 20-something British man with a penchant for posing as a teenage girl, was reportedly arrested by British police last year. Meanwhile, Tflow, an unnamed 16-year-old boy, was arrested by British authorities last year, and released on bail. According to the British law enforcement agent on the call, "we've set back the further arrests of Kayla and T-Flow, until we know what's happening," alluding to some type of upcoming FBI operation.

In addition, said the British law enforcement official, "we've set back the arrest of [beeped] and [beeped]" by six to eight weeks, suggesting that more arrests relating to Anonymous or LulzSec are imminent.

Interestingly, The Real Sabu--the purported leader of the now-defunct LulzSec hacktivist group--was criticized by a Twitter user on January 27, for not having mentioned his LulzSec counterpart, Topiary, on the eve of Topiary's return to court. "So much for loyalty huh," tweeted the critic. Topiary's real name, allege British police, is Jake Davis, and they arrested him in July 2011 on charges of participating in multiple online attacks, as well as for possessing 750,000 passwords.

In response, Sabu said, "If you actually knew anything you'd know his case is getting postponed tomorrow. My loyalty is unquestionable." Interestingly, that case delay wasn't public knowledge, but it was detailed during the FBI conference call on January 17.

But the FBI conference-call invitation email was apparently sent to just 44 people, all of them government officials or members of the international law enforcement community. Apparently, however, one of them has a PC that has been hacked.

It's no longer a matter of if you get hacked, but when. In this special retrospective of news coverage, Monitoring Tools And Logs Make All The Difference, Dark Reading takes a look at ways to measure your security posture and the challenges that lie ahead with the emerging threat landscape. (Free registration required.)

About the Author(s)

Mathew J. Schwartz

Contributor

Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights