A routine update call on hacking arrests between US and UK police officials was secretly recorded by the hacking group they were talking about
The UK Police Central e-Crime Unit (PCeU) is investigating a recording of a private call between the Metropolitan Police and the FBI which has been published by hacktivist group Anonymous.
The recording is accompanied by an email from an FBI agent listing invitees to the call with dial-in details. It adds that the call, on 7 January, would be a discussion of the on-going investigation into“Anonymous, Lulzsec, Antisec, and other associated splinter groups”.
The interception of the call is being investigated by police on both sides of the Atlantic in what must be one of the most embarrassing exploits so far perpetrated by the hacking collective. Peter Donald, a spokesman for the FBI, said, “The information obtained on the call was intended for law enforcement only. It was illegally obtained and a FBI criminal investigation is under way.”
On the 16-minute call the FBI and PCeU agents seemed to be the only active attendees, despite the original invite going to Europol officials and the Swedish, German, French, and Irish police. The purpose of the call was as an update on how investigations into the affiliated hacking groups were progressing.
Other suspects are mentioned in the call, though names of most have been bleeped out by Anonymous. Unbleeped names include Jake Davis and Ryan Cleary, who have been arrested and charged with hacking offences, and “Kayla” and “Tflow”. The Los Angeles branch of the FBI also revealed that they are linking Tflow with the alternative operations name Chronos. If they care to check Team Poison’s Dox (identity information) they might also check “TimeFlow” and “Chronom”.
Cleary, described by his mother as “reclusive”, has been diagnosed with Asperger’s Syndrome and is currently on bail wearing an electronic tag to ensure he obeys the court’s directions to observe a curfew. He is accused of taking part in the Lulzsec distributed denial of service (DDoS) attack on the Serious and Organised Crime Agency (SOCA), the International Federation of the Phonographic Industry (IFPI), and the British Phonographic Industry (BPI).
The call mentions a dossierreporting a forensic search of Cleary’s hard drive by the US Air Force (USAF), describing the search as “quite a thorough piece of work” running to 325 pages. The London police also disclosed that they have found “indecent images” on Cleary’s PC and he will be tried for this before the hacking offences are heard. Presumably, this is because a successful prosecution is more likely with such strong evidence.
Davis, from the Shetland Isles in Scotland, is also accused of taking part in the SOPA exploit along with DDoS attacks on Sony, and News Corporation Web sites. He is also suspected of being an executive member of LulzSec, operating under the pseudonym “Topiary”, and will appear in court on 11 May.
The London Metropolitan Police Service (MPS) PCeU officer also mentions that “operational matters” in the US had delayed the further arrests of Kayla and Tflow plus two other suspected hackers (names bleeped out) while the UK police bought time to give the FBI a chance to complete its own investigations.
The call’s host, FBI agent Timothy Lauster Jr, then thanks the PCeU for its assistance in this matter. In response, the PCeU officer admits “we cocked up in the past, we know that” – ironically, as it turns out.
The UK detective moves on to discuss Tehwongz, a 15-year-old CSLsec hacker who he described as being “a bit of an idiot” and an attention seeker. The hacker was arrested just before Christmas for DDoS-ing his school and spent the Christmas holidays assisting the Anonymous Operation Mayhem exploits attacking supporters of the US Stop Online Piracy Act (SOPA).
He claimed to have defaced the Manchester Credit Union site in Jamaica and wrote a “statement” for his school about his life as a hacker. One of the exploits he claims to be responsible for is the November hack of gaming site Steam in which, he says, 32,000 user logins,passwords and encrypted credit card details were stolen. The PCeU has passed on his details to the FBI for their investigation into the breach.
Tehwongz is currently lapping up his new-found notoriety and mocking the inability of the FBI to extradite a minor. He also claims that they have now “dropped the investigation”.
The leak of the email shows two procedural problems with the way the security services are handling cyber-security issues. First is the evident lack of a ban on storing sensitive emails on personal systems or external public Cloud-based email systems. Second is the use of individual passwords for conference calls.
“The matter is being investigated by the FBI. At this stage no operational risks to the MPS have been identified; however, we continue to carry out a full assessment,” the MPS said.