WingNews logo WingNews GitHub [2]
top | item 3547598

Anonymous intercepts confidential conference call between FBI and Scotland Yard

262 points| tmrhmdv | 14 years ago |online.wsj.com | reply

YouTube link: www.youtube.com/watch?v=pl3spwzUZfQ&feature=youtu.be

96 comments

order
[+] jgrahamc|14 years ago|reply
The most likely explanation is that they didn't 'intercept' the call but simply dialed into the conference call system and recorded the call.

The question then becomes how did they get the conference call dial in information? Perhaps they managed to get into the email of one of the participants. That would seem to be even more worrying than the interception of this single call.

Also, on many conference systems I've used standing meetings use the same dial in information from week to week. If this is a regular meeting it's possible that Anonymous has been listening in every week.

[+] bradleyland|14 years ago|reply
What's interesting is that the sophistication of the attack is immaterial to the fact that they achieved a significant security disclosure. You don't have to be a sophisticated hacker to perpetrate meaningful hacks, you just have to be more sophisticated than the target of your attack.

This is what makes the Anonymous movement so fascinating to me. In Anonymous culture, being "dox'd" is a big deal. That's kind of end-game stuff for hackers. Once you're outed, you're out. Coincidentally, the same rules apply for espionage.

What makes this doubly interesting is that Anonymous is made up of young, tech-savvy individuals. The establishment (government, large corporations, etc) increasingly rely on tools that are created, or at least well understood, by their attackers. It's a classical asymmetric battlefield problem. The attackers aren't big, but they have some very specific domain knowledge, and are increasing in sophistication over time.

That previous paragraph is probably way to generous in my evaluation of the skill level represented inside Anonymous, but that's a large part of the problem. We don't really know much about the insides of Anonymous by design. As the establishment pushes harder and harder (SOPA, PIPA, ACTA) to enforce the status quo, who will turn? There's a tipping point at which the establishment can no longer wage the battle. Acquiring the talent becomes too expensive and breaks their business model.

[+] samstave|14 years ago|reply
>"If this is a regular meeting it's possible that Anonymous has been listening in every week."

I find this to be one of the more beautifully hilarious things I have read in quite a while!

The idea that Anon has been slurping info from a regular conf call between two intelligence/LEO orgs is just downright amazing.

Imagine though if Anon had forgot to put themselves on mute at one point and were being addressed by others on the call:

"Whomever is working from home with the dog in the background, please mute. Thanks. Anyway - as I was saying, these Occupy Protesters need to go down...."

It would also be great if, at the end of these calls, when everyone is saying "thanks" and "bye" is Anon also said "thanks" and "bye" as they hung up :)

[+] InclinedPlane|14 years ago|reply
There's no such thing as "cheating" when it comes to subverting security measures. If you have gained access to something that is supposed to be secure then you've compromised its security measures. It doesn't matter if you bribed someone, found the password in the trash, duplicated a key via a cell phone picture from across the street, or got conference call info from a compromised email account. In the end the result is the same. The weakest link in a chain determines its strength.

You better believe that this is how spycraft works with the big boys too. You attack security measures at the weakest point, period. Doing it any other way is just making a hobby of it.

[+] stef25|14 years ago|reply
"Anonymous also published an e-mail purportedly sent by an FBI agent that gave details and a password for accessing the call."

That explains how they "intercepted" the call.

[+] hornokplease|14 years ago|reply
In many cases calls can be recorded by the conference call service provider. Couldn't it be that the recording of the call was later accessed? An anon need not have been listening in on the call live.
[+] mjwalshe|14 years ago|reply
Or alternativly the Met did not learn the lessons from 15 years ago when they left the default passwords enabled on their main switch.

Huge bills where run up by phone preaks dialing in and then out again - I even got asked to post to alt.2600 as BT's official spokesman (the Met where claiming it was our fault) but BT Security stooped that.

worrying after the NI revelations I do wonder if its time for the UK to have a proper FBI style police force for serious crimes (and the Grunt end of CT work) and demote the Met to the same level as any other constabulary

[+] stfu|14 years ago|reply
Anonymous is an amorphous collection of Internet enthusiasts, pranksters and activists whose targets have included the Church of Scientology, the music industry, and financial companies such as Visa and MasterCard.

First time I see a news outlet describing Anonymous in a somewhat suitable fashion.

[+] Historiopode|14 years ago|reply
I agree on the quality of the description, but only to a certain point. I think that neglecting to state that their actions are largely retaliatory could have been used to not-too-subtly tinge them as "pranksters" rather than "activists".

As far as I know most of them could well be within the former cateogory, but their most visible attacks were not enacted "just for the lulz"; rather, they were guerrilla tactics employed in response to perceived threats to their Internet homeland, as stated in above comments.

[+] AceJohnny2|14 years ago|reply
The group is a loose affiliation of hackers and activists with no formal structure or membership.

Indeed, this is the first time I actually read a proper description, and certainly didn't expect so from the WSJ! Kudos to the journalist, Evan Perez.

[+] jgrahamc|14 years ago|reply
The BBC has an odd comment on this:

  It was unclear how Anonymous had managed to obtain the 
  recording but a lawyer for one of the suspects discussed 
  told the BBC it appeared to have been taken as an audiofile 
  from an intercepted email, rather than having been  
  eavesdropped on.
So how did he interpret that from the video plus the email? Odd.

http://www.bbc.co.uk/news/world-us-canada-16875921

[+] johrn|14 years ago|reply
Interesting, all of the 'subscribe' and 'login' buttons in the article area are served by the doubleclick network. So anyone with adblock enabled just sees a partial article with no indication that there is a way to access the rest.
[+] avree|14 years ago|reply
Ah, I was wondering why the article ended with "The recording's authenticity ..."
[+] cwp|14 years ago|reply
The article doesn't seem to address the obvious question: If Anonymous can spy on the people investigating them, why the heck are they making that fact public? Ok, taunting the FBI is probably worth something, but surely continuing to spy on them is worth more.
[+] srl|14 years ago|reply
Anonymous's strategy for "defeating" the FBI etc. is to publicly humiliate them and expose them to be harmful and largely worthless[1] - that goal is better served by showing off the FBI's incompetence than by guarding their own rear ends.

[1] That's not to be interpreted as a claim on my part that they are. This sentence, however, may freely be interpreted as such.

(Firefox's spellcheck isn't working for me atm (nightly, so no surprise) - please accept my apologies for any embarrassing typos above.)

[+] InclinedPlane|14 years ago|reply
Anonymous is existentially committed to "lols". They have the power to commit cyberwarfare on an amazing scale (think about China's intrusions into google, data breaches at RSA and ssl certificate authorities, as well as things like stuxnet). But that doesn't fit their goals and culture.
[+] tomelders|14 years ago|reply
There are easier ways to stop Anonymous. You could try addressing their concerns for a start, and "not being total arses" couldn't hurt either.
[+] jerf|14 years ago|reply
Historically speaking, groups that are given everything they demand don't dissolve; they ask for more stuff. This is regardless of the "goodness" or "badness" of the demands.
[+] 7952|14 years ago|reply
A few years ago this (phone hacking) would have been considered journalism by the British press.
[+] MaysonL|14 years ago|reply
And specifically that portion of the British press owned by the same company which own the WSJ.
[+] timjahn|14 years ago|reply
Don't forget to google the article first and then click through there so you can see the full text on the WSJ site.
[+] srl|14 years ago|reply
An interesting feature for HN to have: when there's a paywall of this sort, link to the google redirect instead.
[+] charlieok|14 years ago|reply
It's odd to me that conferences between the FBI and Scotland Yard apparently happen on the same public telephone network used by the commercial and residential world, rather than on a completely separate system.
[+] United857|14 years ago|reply
What a lapse. One would expect that the FBI and their international counterparts would be doing any conference call over a secure, classified network... not POTS.

Is this really par for the course?

[+] jrockway|14 years ago|reply
Probably. As a taxpayer, do you want to pay for a brand new phone network and conference call service, or would you prefer that the government just contract that out?
[+] ck2|14 years ago|reply
This is going to make a great movie someday, but I fear in reality it's going to end up with another Bradley Manning (remember him rotting away?)
[+] xp84|14 years ago|reply
Well, didn't he commit a crime? Correct me if I'm wrong.
[+] Jach|14 years ago|reply
The real security gaffe here seems to be sending passwords in non-PGP encrypted email...
[+] Kadin|14 years ago|reply
They'd be much more likely to use S/MIME than PGP, if they were going to use anything. The infrastructure for S/MIME is already deployed in much of the Federal IT space, while PGP is only used for some small niche applications as far as I'm aware.[1]

But that wouldn't have been a guarantee -- the message wasn't intercepted in transit, it was apparently intercepted by compromising the receiver's account. It's not clear how this was accomplished, but if it was by a trojan it could easily have end-run the message encryption, had it been in use.

Honestly, the security at most large organizations is so bad, they're not even at the level where their lack of email encryption presents the weakest link.

[1] Actually the only place I've ever seen a PGP key used in connection with a Federal agency, was by the NSA for reporting SELinux bugs / vulns. And that was a long time ago.

[+] jakejake|14 years ago|reply
Kinda interesting they beeped out some names when the officers would say them.
[+] drcube|14 years ago|reply
They bleeped out names of alleged Anonymous members. Sort of protecting their own. Did they also bleep out FBI agents' names?
[+] joezydeco|14 years ago|reply
Perhaps it's a checksum/safeguard? You could prove you were the real recorder of the call by providing those names later.
[+] jebblue|14 years ago|reply
Anonymous is a group of people who uses technology. Technology has tentacles. Tentacles can be located, observed and followed to the root. My guess is the FBI was monitoring them.
[+] shareme|14 years ago|reply
FBI's problem is that they assume that their 'victims' have worse tools than them..most of us HN readers probably have better mail encryption software than any FBI field agent. Not to mention software to encrypt a hard-drive.

Using encryption and Ciphers is not a crime FBI..just ask Phil Zimmermann

[+] maeon3|14 years ago|reply
The FBI is using a 40 year old technology that can be hacked by whistling 2600 hz into a phone and get all bent out of shape when someone records it?

sounds like an agenda to setup the stage to get censorship back on the table. The FBI wants these breaches, then they can point to it and say "we need censorship to take down these videos because we cant be bothered with any security precautions".

[+] lawnchair_larry|14 years ago|reply
The FBI is using a 40 year old technology that can be hacked by whistling 2600 hz into a phone and get all bent out of shape when someone records it?

No.

[+] Karunamon|14 years ago|reply
>The FBI is using a 40 year old technology that can be hacked by whistling 2600 hz into a phone and get all bent out of shape when someone records it?

Systems haven't been susceptible to that attack for years, and it doesn't matter anyways! They could have been using a fucking private satellite protected with three layers of the best ciphers known to man, it still would have been broken by them getting the conference number and password, like they did here.

[+] SkyMarshal|14 years ago|reply
Why are these two guys using a conference calling system for a 1-to-1 phone call? Why not just a direct call?
[+] aes256|14 years ago|reply
Because it was a conference call, not a 1-to-1 call!