Anonymous has posted a recording of the conference call, which was set up by the FBI with Scotland Yard and other European law enforcement officials, to discus ongoing investigations and prosecution of alleged Anonymous, LulzSec, and Antisec members. The FBI and Scotland Yard have confirmed that the recording is authentic.
The hacktivist group also posted the email sent out by an FBI agent Timothy Lauster to an array of email addresses in the UK, Ireland, France, Germany, and other European countries announcing the Jan. 17 conference call along with the telephone number and access code.
Graham Cluley, senior technology consultant with Sophos, observed: “The assumption has to be that an Anonymous hacker had access to one of the recipients' email accounts, and thus had secret access to the confidential call.”
This is a view shared by Graeme Batsman, director of London-based Data Defender. “Upon analysing how the call was leaked it appears there was a possibility of two options – to get hold of the phone number, username and pin or get hold of the recording (MP3, WAV file). In order to get hold of the call security details you would need to intercept an email or a hack an email account. Getting hold of the recording file would be very similar, to hack into an email.”
The FBI and Scotland Yard said that they are investigating the breach.
08 February 2012
There are two other (less technical) explanaations:
1. Anonymous used social enginnering to get credentials. "hey, this is so and so from germany, I deleted the e-mail. Can you give the conference call number and code?"
2. One of the participants is sympathic to the Anonymous cause and simply gave the credentials away.
06 February 2012
What a scary hack. Just think about the repercussions that could occur when a criminal is able to listen to police conference calls. It could provide a huge lift for the bad guys against authorities. But it also speaks to the level of protection every organization should prepare for, no matter the size.
At Radware, our Emergency Response Team’s most recent report highlights the importance of protecting against all attacks, regardless of size. The ERT found that more distributed denial of service attacks actually use less bandwidth rather than more. (You can read more from the report here: http://blog.radware.com/security/2012/02/ddos-attacks-myths/). And the attacks using less bandwidth could potentially cause greater harm than those using more, if the hacker accessed the network through the application layer. That means the organization, especially crime fighting ones, will need to be prepared for any type of attack in order to assure that information stays safe.
Mike Lordi, Radware
Note: The majority of comments posted are created by members of the
public. The views expressed are theirs and unless specifically stated are not those
Elsevier Ltd. We are not responsible for any content posted by members of the public
or content of any third party sites that are accessible through this site. Any links
to third party websites from this website do not amount to any endorsement of that
site by the Elsevier Ltd and any use of that site by you is at your own risk. For
further information, please refer to our Terms & Conditions.
Comment on this article
You must be registered and logged in to leave a comment
about this article.