Share

Related Stories

Top 5 Stories

News

Insecure email the culprit of hacked FBI-Scotland Yard call?

06 February 2012

The Anonymous hacktivist group was apparently able to listen in on a conference call between the FBI and Scotland Yard by hacking into a participant’s email account and obtaining the conference call number and access code, according to security analysts.

Anonymous has posted a recording of the conference call, which was set up by the FBI with Scotland Yard and other European law enforcement officials, to discus ongoing investigations and prosecution of alleged Anonymous, LulzSec, and Antisec members. The FBI and Scotland Yard have confirmed that the recording is authentic.

The hacktivist group also posted the email sent out by an FBI agent Timothy Lauster to an array of email addresses in the UK, Ireland, France, Germany, and other European countries announcing the Jan. 17 conference call along with the telephone number and access code.

Graham Cluley, senior technology consultant with Sophos, observed: “The assumption has to be that an Anonymous hacker had access to one of the recipients' email accounts, and thus had secret access to the confidential call.”

This is a view shared by Graeme Batsman, director of London-based Data Defender. “Upon analysing how the call was leaked it appears there was a possibility of two options – to get hold of the phone number, username and pin or get hold of the recording (MP3, WAV file). In order to get hold of the call security details you would need to intercept an email or a hack an email account. Getting hold of the recording file would be very similar, to hack into an email.”

The FBI and Scotland Yard said that they are investigating the breach.
 

This article is featured in:
Data Loss  •  Internet and Network Security  •  Public Sector

 

Comments

Plimtuna says:

08 February 2012
There are two other (less technical) explanaations:

1. Anonymous used social enginnering to get credentials. "hey, this is so and so from germany, I deleted the e-mail. Can you give the conference call number and code?"

2. One of the participants is sympathic to the Anonymous cause and simply gave the credentials away.

MikeLordi says:

06 February 2012
What a scary hack. Just think about the repercussions that could occur when a criminal is able to listen to police conference calls. It could provide a huge lift for the bad guys against authorities. But it also speaks to the level of protection every organization should prepare for, no matter the size.

At Radware, our Emergency Response Team’s most recent report highlights the importance of protecting against all attacks, regardless of size. The ERT found that more distributed denial of service attacks actually use less bandwidth rather than more. (You can read more from the report here: http://blog.radware.com/security/2012/02/ddos-attacks-myths/). And the attacks using less bandwidth could potentially cause greater harm than those using more, if the hacker accessed the network through the application layer. That means the organization, especially crime fighting ones, will need to be prepared for any type of attack in order to assure that information stays safe.

Mike Lordi, Radware
http://blog.radware.com/

Note: The majority of comments posted are created by members of the public. The views expressed are theirs and unless specifically stated are not those Elsevier Ltd. We are not responsible for any content posted by members of the public or content of any third party sites that are accessible through this site. Any links to third party websites from this website do not amount to any endorsement of that site by the Elsevier Ltd and any use of that site by you is at your own risk. For further information, please refer to our Terms & Conditions.

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×