7/29/2019 Anonymous and Lulzsec Briefing

1/4

CONFIDENTIAL

SUMMARY OF THE EU/USA EXPERIENCE WITH THE ANONYMOUS AND

LULZSEC HACKTIVIST GROUPS.

ANONYMOUS AND LULZSEC MEETING EUROPOL HQ 14/12/2011

ATTENDEES: Austria, FBI, Portugal, Spain, France, Europol, USA LEG

ATT, Belgium, Norway, Finland, UK, Italy, Ireland and Germany.

1. USA: main points:

a. LULZSEC AND ANONYMOUS have a very loose membership

b. Phenomenon called Hactivism

c. Not necessarily financially motivated. Rather politically or principlebased.

d. They use IRC chats and a web forum to communicate

e. The group were born out of the Anti-piracy movement, attacking the

likes of FACT and INFACT for example and then progressed to the

protection of the leaders of WIKILEAKS.

f. Moved to hacking and harvesting information from computer

system worldwide, exposing this information worldwide.

g. Approx 10 main attacks in the USA of which a number originated

from Ireland. (source - FBI).

h. Attacks are motivated to gain maximum media coverage for the

cause.

i. Global trends show the following:

i. The attacks are revenge motivated and target financial

services and government entities and now they are targeting

Law Enforcement agencies and individual police officers. .

j. USA 19 arrests and 105 searches, identifying additional suspects

every week

k. Attacks are ongoing. FBI Website compromised last week.

l. In Europe there were 13 arrests incl. 2 from Ireland. The two Irish

Subjects were ranked as members of the top hackers within the

Anonymous Movement (Source FBI).

m. There is a new breakaway group called AntiSec as a breakaway

group attacking Police Departments in USA and Europe, targetingindividual police officers.

7/29/2019 Anonymous and Lulzsec Briefing

2/4

n. TeaMpOison are another breakaway group and who are stealing

data and money and donating to charity and they call their war:

Operation Robin Hood.

2. UK gave a comprehensive update. The UK have got very advanced

investigations.

a. The UK highlighted a very frightening tool called LOIC Low Orbit

Ion Cannon; this is an idiot proof attack programme that allows a

low skilled person to attacks company and web server by putting in

an IP Address. This is being deployed by the hacktivists now as part

of OPERATION PAYBACK (name given by the hacktivists to their

work). The use of the LOIC tool with a Botnet is devastating. TheUK presentation revealed that attacks on the Church of Scientology

in Ireland was conducted by the group Anonymous.

b. The UK has informed us that the Group are now using the

functionality of a clean Operating System and the Dirty Operating

System. This means the suspect will disclose a password to police

and when Police log on they get a clean disk, the second password

that is NOT disclosed decrypts the full disk will all the evidence that

incriminates the suspect. This is on a URL posted as a security

method for LulzSec and Anonymous activists, once searched by

Police.

c. UK also said that Irish Suspects played a very major role in

Anonymous.

d. The UK highlighted the problem we are all having reading the

millions of logs of chat between the suspects once the computers

are seized. This is a major issue for CCIU too. There is no solution

as yet other than reading data.

3. UPDATE FROM IRELAND: Ireland have seen attacks against Irish Entities

and against foreign entities from Ireland. Gardai have seen ANONYMOUS

Activity in Ireland. Two arrests made to date.

4. Portugal: there was an update from the Portuguese who outlined that

their government is under heavy attack from the anonymous group and

that their citizens are attacking in the name of the ANONYMOUS grouping.

The Portuguese are not making much progress in the investigations and

only know the Internet NICS and not the real world names.

7/29/2019 Anonymous and Lulzsec Briefing

3/4

5. Austria: The Austrian delegate gave an update on the situation in Austria

with regard to Anonymous. Austria are experiencing similar problems and

similar types of attacks, the attackers are competent and are using Proxy

servers to hide their identity. The group are calling themselves

AnonAustria. The group use twitter to publish the information on attacks.

The attacks are geared towards political parties in Austria in 2011. The

attacks get access to secret information in the political party and publish it

on the Internet, politically embarrassing. The attackers are also targeting

the police systems and releasing the data on the internet. They then

began to publish where the police are living and showing the houses on

GOOGLE MAPS. This even shows a photo of the house of the Police

officers. The group started with attacking on grounds on piracy and

graduated to government.

6. Spain: The Spanish Delegate gave an update on the Spanish experience,

the hackers called it operation payback, the same as USA and othercountries. The attacks also started as attacks against copyright

organisations. The tool called LOIC mentioned above by the UK, was used

in Spain to devastating effect. The attacks were directed at: SGAE the

Spanish copyright people. The Spanish police are struggling to identify

suspects, only Internet NICS. The Spanish did not have a crime for DDoS.

The groups use IRC to communicate same as Ireland and they publish

their activities on Twitter and YouTube. The Spanish Police are now

working in the IRC chat channels and they are gaining access to the

channels. They are getting good intelligence. The Spanish police have

been discovered by the hackers and dumped out as well. the SpanishPolice have access to the public chat rooms and then there is very limited

access to the real PRIVATE channels where trusted members go. Spanish

police say monitoring the channels is very time consuming and they are

struggling to keep up. Spanish Police have now arrested 3 administrators

of the channels in Spain. Admissions made and charges to follow. The

Spanish, USA and UK are using a very interesting tactic where

after arresting the suspects, the Police use the Internet NIC of the

suspect in order to gain access to the secret private channels

where the real business is done. The Spanish speaking world in STH

AMERICA are also attacking Spain.

7. Belgium: Belgium are not seeing so many attacks.

8. Norway: They are experiencing similar attacks all started the same way

as in other countries, starting with Anti-piracy organisations, working their

way to government sites. The Norwegians also have break away groups in

Norway. They are working on identifying targets in Norway. Anonymous

group are even holding questions and answers sessions in the media and

the media is supporting them in this question and answer session.

9. Italy: The Italians are experiencing the same as everyone else, the

Italians have arrested 30 people, the attacks in Italy are geared towards

7/29/2019 Anonymous and Lulzsec Briefing

4/4

the police and Political targets. Some very sensitive files were stolen from

the Italian police and published in full on the internet. Very embarrassing

for the Italian National police. The Police in Italy are seeing the LOIC tool

used by Italian Anonymous and seen it used with a BOTNET. The Italians

are very advanced in the technical investigations on the chat channels

and against the suspects including full time undercover police in channels,

using fake IDs and IDs from suspects who have been arrested etc. They

use these IDs in the private areas of the Chat Channels. This is very

effective and the Italian police also use Trojan software to target suspects.

Record their encryption keys before searching their homes, they know

when they are online and they also have loads of useful intelligence from

the use of these Trojans. The Italians have similar break away groups

such as GREEN RIGHTS, this group have committed web attacks against

sites such as the TURIN to LYON railway project. The M.O. is the same

LOIC M.O. used by other Anonymous attackers.

10.Finland: the Finnish experience is less formal. The group has hacked

servers and published names and details of 16,000 citizens. The result

was the Finnish police were inundated with requests for information

causing the Police IT systems to collapse under the weight of enquiries.

Finland experiencing similar problems to the rest, IP rights and

Government targets and publishing the data in the media.

11.Germany: the German police are experiencing the exact same thing, they

are working at targeting the German gang members. They have no

arrests but they have located equipment being used by Anonymous gang

within Germany.

OPEN WRAP-UP SESSION:

The day was informative and showed the extent of the problem within Europe

and the World. We ran out of time and had to resort to having a quick wrap-up.

The issue of the EU Cybercrime Centre may be able to resolve the coordination

of the EU investigations.

There is an issue with undercover cops are investigating other undercover cops

in the channels.

All member states to deliver intelligence to AWF CYBORG and EUROPOL will

develop an EU position report for distribution to the MS Cybercrime Units.

Each MS to deliver a list of all NIC names discovered in their investigations. They

will be coordinated in a Europol database and will be analysed.