LONDON -Trading jokes and swapping leads, investigators from the FBI and Scotland Yard spent the conference call strategizing about how to bring down the hacking collective known as Anonymous, responsible for a string of embarrassing attacks across the Internet.
Unfortunately for the cyber sleuths, the hackers were in on the call too _ and now so is the rest of the world.
Anonymous published the roughly 15-minute-long recording of the call on the Internet on Friday, gloating in a Twitter message that “the FBI might be curious how we’re able to continuously read their internal comms for some time now.”
The humiliating coup exposed a vulnerability that might have had more serious consequences had someone else been listening in on the line.
“A law enforcement agency using unencrypted, unsecure communications is a major fumble,” said Marcus Carey, who spent years securing communications for the U.S. National Security Agency before joining security-risk assessment firm Rapid7.
“What if this event was talking about some terrorist plot to blow up something and ‘they’ were listening in? It could’ve been much worse if it was related to an al-Qaida plot or something … So this is a lesson learned.”
The leak was one of a slew of Anonymous hacks that hit websites across the United States Friday, including in Boston, where the police site was defaced, and in Salt Lake City, where officials said that personal information of confidential informants and tipsters had been compromised.
Anonymous also claimed credit for defacing the Greek Justice Ministry’s website and stealing a mountain of data from the Virginia-based law firm that defended a U.S. Marine recently convicted for his role in the bloody 2005 raid in Iraq that became known as the Haditha massacre.
The hackers’ successful attempt to spy on the very people charged with tracking them down remained the most dramatic coup of the day, with sensitive police conversations broadcast across the world.
The FBI said the communication “was intended for law enforcement officers only and was illegally obtained,” but added that no FBI systems were breached. It said that “a criminal investigation is under way to identify and hold accountable those responsible.”
A law enforcement official, speaking on condition of anonymity because the matter is under investigation, told The Associated Press that authorities were looking at the possibility the message was intercepted from the private email account of one of the dozens of invited participants _ who hailed from the U.K., Ireland, Germany, France, the Netherlands and Sweden.
Anonymous published just such an email Friday, complete with the date, time and password needed to access the call.
Graham Cluley, an expert with data security company Sophos, said that anyone with that information could have “rung in and silently listened to the call just like Anonymous did.”
In Paris, a French police official who was briefed on the interception said it could prompt international law enforcement bodies to be more circumspect about sharing information in conference calls. He spoke on condition of anonymity because he wasn’t authorized to speak on the record.
Scotland Yard said there was no immediate evidence their operations were compromised.
Amid jokes about a teenage hacking suspect (who one officer describes as “a bit of an idiot”) and lighthearted banter about McDonald’s, the investigators on the call discussed whether to delay the arrest of two hacking suspects to give the FBI more time to pursue its side of the investigation.
Updates were given on the status of inquiries stretching from Los Angeles and Baltimore to England and Ireland, with one member of Scotland Yard’s central e-crime unit telling the FBI that British police had identified a 15-year-old with possible connections to a recent breach at U.S. videogame company Valve Corp.