Download - Anonymous and Lulzsec Briefing
-
7/29/2019 Anonymous and Lulzsec Briefing
1/4
CONFIDENTIAL
SUMMARY OF THE EU/USA EXPERIENCE WITH THE ANONYMOUS AND
LULZSEC HACKTIVIST GROUPS.
ANONYMOUS AND LULZSEC MEETING EUROPOL HQ 14/12/2011
ATTENDEES: Austria, FBI, Portugal, Spain, France, Europol, USA LEG
ATT, Belgium, Norway, Finland, UK, Italy, Ireland and Germany.
1. USA: main points:
a. LULZSEC AND ANONYMOUS have a very loose membership
b. Phenomenon called Hactivism
c. Not necessarily financially motivated. Rather politically or principlebased.
d. They use IRC chats and a web forum to communicate
e. The group were born out of the Anti-piracy movement, attacking the
likes of FACT and INFACT for example and then progressed to the
protection of the leaders of WIKILEAKS.
f. Moved to hacking and harvesting information from computer
system worldwide, exposing this information worldwide.
g. Approx 10 main attacks in the USA of which a number originated
from Ireland. (source - FBI).
h. Attacks are motivated to gain maximum media coverage for the
cause.
i. Global trends show the following:
i. The attacks are revenge motivated and target financial
services and government entities and now they are targeting
Law Enforcement agencies and individual police officers. .
j. USA 19 arrests and 105 searches, identifying additional suspects
every week
k. Attacks are ongoing. FBI Website compromised last week.
l. In Europe there were 13 arrests incl. 2 from Ireland. The two Irish
Subjects were ranked as members of the top hackers within the
Anonymous Movement (Source FBI).
m. There is a new breakaway group called AntiSec as a breakaway
group attacking Police Departments in USA and Europe, targetingindividual police officers.
-
7/29/2019 Anonymous and Lulzsec Briefing
2/4
n. TeaMpOison are another breakaway group and who are stealing
data and money and donating to charity and they call their war:
Operation Robin Hood.
2. UK gave a comprehensive update. The UK have got very advanced
investigations.
a. The UK highlighted a very frightening tool called LOIC Low Orbit
Ion Cannon; this is an idiot proof attack programme that allows a
low skilled person to attacks company and web server by putting in
an IP Address. This is being deployed by the hacktivists now as part
of OPERATION PAYBACK (name given by the hacktivists to their
work). The use of the LOIC tool with a Botnet is devastating. TheUK presentation revealed that attacks on the Church of Scientology
in Ireland was conducted by the group Anonymous.
b. The UK has informed us that the Group are now using the
functionality of a clean Operating System and the Dirty Operating
System. This means the suspect will disclose a password to police
and when Police log on they get a clean disk, the second password
that is NOT disclosed decrypts the full disk will all the evidence that
incriminates the suspect. This is on a URL posted as a security
method for LulzSec and Anonymous activists, once searched by
Police.
c. UK also said that Irish Suspects played a very major role in
Anonymous.
d. The UK highlighted the problem we are all having reading the
millions of logs of chat between the suspects once the computers
are seized. This is a major issue for CCIU too. There is no solution
as yet other than reading data.
3. UPDATE FROM IRELAND: Ireland have seen attacks against Irish Entities
and against foreign entities from Ireland. Gardai have seen ANONYMOUS
Activity in Ireland. Two arrests made to date.
4. Portugal: there was an update from the Portuguese who outlined that
their government is under heavy attack from the anonymous group and
that their citizens are attacking in the name of the ANONYMOUS grouping.
The Portuguese are not making much progress in the investigations and
only know the Internet NICS and not the real world names.
-
7/29/2019 Anonymous and Lulzsec Briefing
3/4
5. Austria: The Austrian delegate gave an update on the situation in Austria
with regard to Anonymous. Austria are experiencing similar problems and
similar types of attacks, the attackers are competent and are using Proxy
servers to hide their identity. The group are calling themselves
AnonAustria. The group use twitter to publish the information on attacks.
The attacks are geared towards political parties in Austria in 2011. The
attacks get access to secret information in the political party and publish it
on the Internet, politically embarrassing. The attackers are also targeting
the police systems and releasing the data on the internet. They then
began to publish where the police are living and showing the houses on
GOOGLE MAPS. This even shows a photo of the house of the Police
officers. The group started with attacking on grounds on piracy and
graduated to government.
6. Spain: The Spanish Delegate gave an update on the Spanish experience,
the hackers called it operation payback, the same as USA and othercountries. The attacks also started as attacks against copyright
organisations. The tool called LOIC mentioned above by the UK, was used
in Spain to devastating effect. The attacks were directed at: SGAE the
Spanish copyright people. The Spanish police are struggling to identify
suspects, only Internet NICS. The Spanish did not have a crime for DDoS.
The groups use IRC to communicate same as Ireland and they publish
their activities on Twitter and YouTube. The Spanish Police are now
working in the IRC chat channels and they are gaining access to the
channels. They are getting good intelligence. The Spanish police have
been discovered by the hackers and dumped out as well. the SpanishPolice have access to the public chat rooms and then there is very limited
access to the real PRIVATE channels where trusted members go. Spanish
police say monitoring the channels is very time consuming and they are
struggling to keep up. Spanish Police have now arrested 3 administrators
of the channels in Spain. Admissions made and charges to follow. The
Spanish, USA and UK are using a very interesting tactic where
after arresting the suspects, the Police use the Internet NIC of the
suspect in order to gain access to the secret private channels
where the real business is done. The Spanish speaking world in STH
AMERICA are also attacking Spain.
7. Belgium: Belgium are not seeing so many attacks.
8. Norway: They are experiencing similar attacks all started the same way
as in other countries, starting with Anti-piracy organisations, working their
way to government sites. The Norwegians also have break away groups in
Norway. They are working on identifying targets in Norway. Anonymous
group are even holding questions and answers sessions in the media and
the media is supporting them in this question and answer session.
9. Italy: The Italians are experiencing the same as everyone else, the
Italians have arrested 30 people, the attacks in Italy are geared towards
-
7/29/2019 Anonymous and Lulzsec Briefing
4/4
the police and Political targets. Some very sensitive files were stolen from
the Italian police and published in full on the internet. Very embarrassing
for the Italian National police. The Police in Italy are seeing the LOIC tool
used by Italian Anonymous and seen it used with a BOTNET. The Italians
are very advanced in the technical investigations on the chat channels
and against the suspects including full time undercover police in channels,
using fake IDs and IDs from suspects who have been arrested etc. They
use these IDs in the private areas of the Chat Channels. This is very
effective and the Italian police also use Trojan software to target suspects.
Record their encryption keys before searching their homes, they know
when they are online and they also have loads of useful intelligence from
the use of these Trojans. The Italians have similar break away groups
such as GREEN RIGHTS, this group have committed web attacks against
sites such as the TURIN to LYON railway project. The M.O. is the same
LOIC M.O. used by other Anonymous attackers.
10.Finland: the Finnish experience is less formal. The group has hacked
servers and published names and details of 16,000 citizens. The result
was the Finnish police were inundated with requests for information
causing the Police IT systems to collapse under the weight of enquiries.
Finland experiencing similar problems to the rest, IP rights and
Government targets and publishing the data in the media.
11.Germany: the German police are experiencing the exact same thing, they
are working at targeting the German gang members. They have no
arrests but they have located equipment being used by Anonymous gang
within Germany.
OPEN WRAP-UP SESSION:
The day was informative and showed the extent of the problem within Europe
and the World. We ran out of time and had to resort to having a quick wrap-up.
The issue of the EU Cybercrime Centre may be able to resolve the coordination
of the EU investigations.
There is an issue with undercover cops are investigating other undercover cops
in the channels.
All member states to deliver intelligence to AWF CYBORG and EUROPOL will
develop an EU position report for distribution to the MS Cybercrime Units.
Each MS to deliver a list of all NIC names discovered in their investigations. They
will be coordinated in a Europol database and will be analysed.