Monday, March 19, 2012

AntiSec and the FBI: Did the Bureau shut down the Vatican's website?

You may recall our previous post on "Sabu," a.k.a. Hector Xavier Monsegur, leader of a group of cyber anarchists called AntiSec. (AntiSec's symbol is a picture of Guy Fawkes wearing a top hat and monocle.) Sabu was turned by the FBI early on and tasked to snitch on his fellow hackers.

Someone recently posted this timeline to Scribd. The writer's purport is to show that AntiSec was an FBI sting operation all along. Here are the first few entries in the timeline...
4 June 2011 - First passing mention of ANTISEC in relation to Anonymous is made on LulzSec twitter (http://goo.gl/cwO2G)

7 June 2011 - SABU visited by FBI and arrested quietly

8 June 2011 - By 10AM this day, SABU was fully cooperating with feds

19 June 2011 - AFTER arrest, SABU resumes tweeting after a prolonged break (last recorded tweets being random in March and May of 2011 -- http://goo.gl/frJpR).

His first tweet is to announce the formation of ANTISEC (http://goo.gl/725mr). He announces ANTISEC as "The biggest, unified operation amongst hackers in history." <-- Does "unified" = conspiracy? Original ANTISEC Release Statement - http://pastebin.com/9KyA0E5v
So there was all of ONE reference to AntiSec before Sabu's arrest. The formal announcement did not come until Sabu was working for Uncle.

As I mentioned earlier, the Stratfor documents liberated by Antisec were stored on FBI servers. Those documents show that Stratfor made no secret of their low opinion of the FBI. Someone at the Bureau has shown genuine wit.

If the FBI really was running AntiSec -- if the group was nothing but an entrapment operation -- then what are we to make of some of the group's activities during its brief career? AntiSec briefly shut down the Vatican's website a short while ago.
"It's not a personal attack on Christians, just on the Vatican itself," said the source, who asked to remain anonymous to protect their identity from the group.
What did the website attack accomplish? Not one thing -- except to make Catholics hate hackers. And to make other religious folk worry about whether they were next on the hit list.

Also see here:
This time around, AntiSec went after the email systems for New York State police chiefs and the website for the California Statewide Law Enforcement Association (CSLEA).
News of an AntiSec hack of law enforcement associations on both coasts earlier this week showed that while it might be a new year, we can pretty much expect lots of the same with respect to database security in 2012. The same insecure configurations. The same cleartext storage of passwords and sensitive information in unprotected databases. The same abysmal access control and password management practices.
So maybe AntiSec is just the Bureau's way of telling the cops to improve their system.

Here's another nugget from the timeline...
6 August 2011 - Syrian MOD hacker solicited by SABU to join ANTISEC to "disrupt govt communication systems" (direct quote).
The FBI wouldn't be behind something like that. The CIA, on the other hand...

Here's a bit that will be of interest to Occupy Wall Street supporters:
21 September 2011 - SABU uses influence to kill Anonymous attempts to DDoS Wall Street firms (http://goo.gl/kDRxS | http://goo.gl/oU9ur).
Here's the one that I find particularly noteworthy...
22 August 2011 - ANTISEC releases 1GB of personal data from Vanguard Defense Industries, a Texas-based aerospace and defense firm (http://pastebin.com/PjiXmwNk).
We mentioned that leak in a previous Cannonfire post. Vanguard makes UAV killer drones. That particular leak included the revelation that a VP at Vanguard named Richard Garcia had known about the Standard & Poors downgrade of the U.S. four months before it happened.

All in all, I would posit that the real purpose of AntiSec was not to release information but to help various DoD contractors and police departments harden their security. Since the feds were in control the whole time, they could make sure nothing really earth-shattering ever emerged.

3 comments:

arbusto205 said...

Good catch, please keep writing about this subject. Also I still secretly hope for 'Cindy the Zombie' at a comic store near you/me.

Impertinent thought: Does Bella role her eyes in sync with the other lady in the house when you write such stuff? Either way I still miss J Orlin Grabbe and his NSFWness. Of course if you want to return from hackerspace to polispace you can write about Newt meeting JOG...please don't. Besides the Republican candidate in 2016 will give you so much good material from that era, we'll see.

Hoarseface said...

I tend to agree with your hypothesis that AntiSec's purpose was "to help various DoD contractors and police departments harden their security" but it also seems incomplete.

In terms of the post title, I would make the argument that 1) "anonymous" and all offshoots are fairly de-centralized and subject to rogue elements taking action and claiming responsibility on behalf of a larger group, and 2) undercover agents may be have to be commit criminal offenses to maintain credibility. So somebody associated with AntiSec messing with the Vatican does not immediately translate to "FBI Hacked Vatican."

Part of the appeal of having a mole (or moles) in the hacking underground would also be insights into their operations, organizational dynamics, ideology, hierarchies, etc. I'd assume Sabu was logging all his communications and feeding it to his handlers, so they probably got a pretty good look into the whole Anonymous/hacking culture. That's return on investment even apart from any quasi-controlled security testing that occurred (that part makes me think of the movie "Sneakers").

What really interests me is... why did the FBI out Sabu as a confidential informant? It sounds like they caught him last summer/fall, ran him for 6-9 months, then decided to throw the book at him. Unless the recent arrests had blown his cover and rendered him entirely useless, I would think they'd keep him operative until the last drop of usefulness had been squeezed out of him.

Also, it sounds like he got a pretty raw deal: work for the Feds (or whoever) and when you're done, you get 12 charges carrying up to 124 years in prison? What was the threat for non-compliance - Gitmo?

So, unless I'm missing something there, why now?

Maybe he was no longer useful, not because his reputation was shattered, but because his handlers had become more sophisticated, to the level where he was irrelevant.

Maybe he was semi-froze out of the community, while other, perhaps fresher moles were providing all the good intel. Maybe it's a case of, one high-level mole is good, but a dozen mid-level moles are even better.

On another note, the "Syrian MOD hacker solicited by Sabu to disrupt govt communications" does not, for the reasons I gave above, necessarily sound like CIA involvement. It sounds rather like a certain amount of autonomy on the part of AntiSec 'members'.

I would think that, if something like this involved the CIA and/or NSA, and they operated with full capacity domestically... they'd have a bead on everyone Sabu had communicated with in the last 9 months, and then the same for any of those people - out to whatever degree of separation seemed appropriate. And they'd be building dossiers and monitoring them, internet-wise, constantly.

Which, if it's the case, wouldn't really surprise me.

Joseph Cannon said...

arbusto: That's not Cindy the Zombie. It's Chalice, the Reluctant Demon-Girl.

Although "Cindy the Zombie" is a title that would probably sell really, really well.

And I did not know about Newt and JOG!

Bella doesn't have an opinion on my work, although I think she thinks that I should spend more time giving her walks and feeding her chicken.

Hoarseface: I suspect you're right about everything, or mostly everything. Although the Syria thing sounds awfully damned spooky to me.

Very likely they threw the book at Sabu because he rebelled. Either he did something sneaky (and was caught) or at some point he told his handler to go eff himself.