The FBI announced the arrests of five individuals belonging to the hacking group Anonymous on March 6 following a sting operation performed with an informant and ex-member of the organization. Four alleged hackers were charged in the United Kingdom and Ireland, and an additional American hacker was arrested the day before.
Following his arrest last summer on 12 counts of conspiracy to hack computers and other crimes, 28-year-old Hector Xavier Monsegur of New York cooperated with the FBI as part of a plea deal. Known online as “Sabu,” Monsegur stayed in contact with other members of Anonymous and its spinoffs while under the observation of authorities.
Four of the arrested hackers are accused of hacking on behalf of the Anonymous-linked group LulzSec and were identified as 23-year-old Ryan Ackroyd (“kayla”) and 29-year-old Jake Davis (“topiary”) of the United Kingdom and 25-year-old Darren Martyn (“pwnsauce”), and 19-year-old Donncha O’Cearrbhail (“palladium”) of Ireland. An American, 27-year-old Jeremy Hammond (“Anarchaos”) of Chicago, was arrested for his work with another hacking group, Antisec.
In the indictment filed against the LulzSec hackers, the four are accused of performing cyber attacks on the websites and computer systems of multiple business and government entities worldwide, including the Irish political party Fine Gael, computer security firm HBGary, Fox Broadcasting Company, Sony, the Public Broadcasting System, the CIA and video game developer Bethesda Softworks.
The fallout from the release of several HBGary documents detailing attempts to identify members of Anonymous and other hackers eventually led to the resignation of the company’s CEO.
According to court documents, LulzSec was formed in May 2011 as an offshoot of Internet Feds, a group of elite hackers affiliated with Anonymous that engaged in criminal activity. Following Internet Feds’ hacking of Fine Gael and HBGary, the four recently arrested hackers, along with Monsegur and two others, became the primary members of “Lulz Security,” later shortened to LulzSec. The group publicized its attacks through a website and Twitter account, through which it solicited donations and disclosed stolen information, including 62,000 random email addresses and passwords in June 2011.
In a July 21, 2011 tweet, the group taunted those attempting to stop its actions.
“Arresting people won’t stop us, FBI,” the tweet read. “We will only cease fire when you all wear shoes on your heads. That’s the only way this is ending.”
In January, O’Cearrbhail hacked into an e-mail account of a member of Ireland’s national police and was able to access a Jan. 17 conference call between the FBI and international law enforcement agencies. O’Cearrbhail then recorded the meeting and released it to the public.
The fifth hacker, Hammond, was charged separately from the other four and is accused of hacking into the computer systems of Stratfor, a firm providing geopolitical analysis for governments and private entities. Hammond and his co-conspirators then acquired the personal information of 860,000 Stratfor clients and 60,000 credit card numbers, on which they charged a total of $700,000.
In addition to his work with Lulzsec and Anonymous, Monsegur admitted to using stolen credit card numbers to pay his bills and hacking the computer system of an auto supply company in order to ship $3,456 worth of car motors to himself. Monsegur faces a maximum of 124 and one half years in prison, with a mandatory minimum sentence of 2 years. According to authorities, Monsegur plead guilty on Aug. 15.
Other operations by Anonymous have included attacks on the websites of Visa, MasterCard and PayPal after those companies refused to process donations to Wikileaks last year. Websites belonging to the governments of Algeria, Tunisia and Yemen were also targeted following the crackdowns that occurred in those countries during the Arab Spring.
According to Marquette computer science professor Dennis Brylow, a common method hackers use to bring down a website is the denial of service attack, in which hackers break into multiple computers and use them to overwhelm a website’s server.
“They basically get a large group of computers, often computers that belong to other people but have been poorly maintained,” Brylow said. “There are groups that work on getting together a big pool of these boxes and then at a specified time they trigger all of those machines, basically going to the same web server and making a whole bunch of requests at the same time.”
Marquette Department of Public Safety Captain Russell Shaw said his department has an officer on staff knowledgeable of computers who works with technology-related cases. Such incidents, however, have been incredibly infrequent.
“It’s very rare that we deal with computer-type crimes,” Shaw said. “If it gets serious enough an outside agency is going to get involved — that’s the bottom line. If it’s anything serious there could be arrests made.”
However, attempts to break into university computers are rather common, Brylow said. Although he was unaware of any breaches into Marquette’s main network, Brylow said computers belonging to the computer science department have been broken into before. A year ago, a computer in a research lab was remotely accessed after the student maintaining it graduated.
A central problem in hacking lies in the tendency for people to use the same user name and password combination for multiple accounts at different universities. After discovering a combination used at a certain university, hackers automatically run the same combination across multiple systems, hoping to find a match.
“I would say every day each one of the Linux boxes in our department has, on average, several dozen attempts to break into it,” Brylow said. “Once they break into one machine, they learn a new group of user names and passwords and they try to apply those to a bunch of other machines. If you have a user who has been a student at several universities, and they use the same user name and the same password everywhere, they’re highly successful.”