LulzSec arrest, security experts see limited impact from that

Tuesday, March 6th 2012. | Internet News

lulzpix_610x593For the last year, a group of hackers known as “LulzSec” had frequent occasion to taunt government pursuers as it published sensitive data purloined from myriad public and corporate Web sites. But the authorities may be close to dismantling the group that has proved such a thorn in their side.

Police on Tuesday charged five men in the U.K., Ireland, New York and Chicago with hacking-related offenses while announcing that their alleged LulzSec leader, known as Sabu, had entered a guilty plea August 15 to 12 counts of computer hacking conspiracies and other crimes. According to the U.S. Attorney’s Office in New York, Hector Xavier Monsegur, 28, had been arrested and released in June on $50,000 bond. One of the men charged, Jake Davis, also known as Topiary, was arrested in the United Kingdom last July.

The alleged members of LulzSec are accused in computer attacks against Fox Broadcasting, Sony Pictures Entertainment, PBS, and global intelligence firm Stratfor. The group is accused of stealing confidential information–including passwords–and releasing it publicly, hijacking e-mail accounts and even secretly listening in on a conference call in which the FBI and Scotland Yard talked about trying to catch them. They allegedly operated under the names of “LulzSec,” “Internet Feds” and “AntiSec,” all offshoots of online activist collective Anonymous.

Officials quickly declared a victory over the arrested hackers but were reluctant to call it a major blow to the collective of hackers known as Anonymous. “It’s not often you get a case involving more than one million victims,” one official said at a news conference today held by the U.S. Attorney General’s office.

But while LulzSec may be silenced–at least for now–network security experts believe that it’s unlikely to spell the end of the spate of high-profile, politically motivated hacks carried out by the hacking group’s brethren in Anonymous.

Josh Corman, director of security intelligence for Akamai who has been studying the hackers, said it was too soon to tell if this is going to hurt the Anonymous movement long term or help it.

“It may improve their operational security” to keep identities more hidden in case of infiltrators, he said.

Speaking with CNET on condition of anonymity, a member of Anonymous indeed downplayed the importance of the arrests.

“People get arrested from Anonymous all the time, including 25 last week,” by Interpol. “It’s not like these arrests will bring the entire group down. They were involved but they weren’t kingpins like the FBI says.”

In search of Sabu
Officials have declined to comment on a Fox report that Monsegur served as an informant after he was arrested, but there had been rumors that he was snitching. A hacker using the moniker “Virus” posted a chat log to Pastebin on August 16 between Sabu and others that Virus claims is proof that Sabu had snitched after he was tricked. “Be careful who you are friends with because they will sell you out very quickly,” Virus warns.

Sabu dismissed those claims in a subsequent post in October, saying “Am I snitch/informant? Let’s be real–I don’t know any identities of anyone in my crew… And the last thing I’d ever do is take down my own people. I am a grown ass man I can handle my own issues,” he wrote. “I’ve been to jail before–I don’t fear it. In fact there is very little I am afraid of especially these days.”

Monsegur, an unemployed father of two, would have had plenty of time to spend boasting of activities and dissing the feds via his Twitter account, “The Real Sabu.” “The federal government is run by a bunch of [expletive] cowards. Don’t give in to these people. Fight back. Stay strong,” the account tweeted yesterday.

Sabu was so high profile and antagonistic that other hackers tried to uncover his identity last summer. In fact, a Pastebin post from last June named Monsegur as Sabu, so it could be that rival hackers did the leg work for the feds. Other chat logs that have been posted publicly revealed that Sabu was the leader. “He was the Pablo Escobar of the LulzSec team,” famed hacker Kevin Mitnick said.

Monsegur is accused of being the “rooter,” the hacker who identifies vulnerabilities in computer networks that can then be exploited. And despite officials referring to the group’s “sophisticated hacking” skills, the group relied mostly on run-of-the-mill SQL injection and distributed denial-of-service (DDoS) attacks.

“They were pretty stupid about a lot of things,” said Scot Terban, a security analyst and consultant. This included using a stolen credit card number to order car engines and having them delivered to his home address, logging into Internet Relay Chat with his real IP address instead of going through a proxy like TOR, and using aliases that could be linked to him on the Web from other activities, Terban said, referencing court documents.

Are these the tweets of an informant? The Twitter account of “The Real Sabu” had this to say yesterday. A final tweet overnight, ahead of arrests of alleged members of hacking group LulzSec, says in German: The revolution says I am, I was, I will be.”
The real nasty hacking targeting feds may stop, at least for a while, Terban said. “In general I think it’s going to break the back of the AntiSec mentality of going around and hacking things and dumping data,” Terban said. “Now they’ve all learned that they can’t necessarily just skate and get away with it.”

Mitnick knows from first-hand experience just what hacker groups like Lulz and Anonymous are up against. One of the most celebrated early hackers, Mitnick got busted on hacking charges after leading the FBI on a goose chase about 25 years ago.

“If you poke the tiger, eventually the tiger is going to bite you,” Mitnick said. “When you screw with law enforcement, they take it personal–and these guys were doing that, compromising police Web sites and publishing home addresses and phone numbers.”

Recounting his personal chronology of being on the lam, Mitnick recalled that he kept his circle of acquaintances to one or two hacking partners at most, and he still wound up getting informed upon.

“The larger your circle the greater your risk…If I was a member of Anonymous, which I’m not, I would be really concerned about the same thing happening to me. How many people know my real world identity?”

Related For LulzSec arrest, security experts see limited impact from that