Cybercrime threat

As six suspected members of ‘hacktivist’ groups are named and face charges, the spotlight again shines on the shady world of internet hacking, writes Conall Ó Fátharta

THE news that two Irish teenagers have been accused of being central to one of the world’s foremost internet hacking groups has again shone a light into the fascinating and shady world of hacking.

Donncha O’Cearrbhail, 19, from Birr in Offaly, faces up to 15 years in prison, while Darren Martyn from Galway is facing 20 years. They have been named among six suspected members of “hacktivist” group Anonymous and splinter groups including LulzSec, Internet Fed, and AntiSec. They are accused, among other things, of hacking the Fine Gael website, the Fox broadcasting network and a Garda/FBI conference call.

So just what are these groups, and who do they involve?

The two most high profile groups are Anonymous and its offshoot group LulzSec.

However, it is important to point out that, although linked, the two groups are not one and the same. In fact, Anonymous is a very different grouping to that of LulzSec and other linked groups.

Anonymous is essentially a loose-knit collective of hackers, whose power lies in the very fact that activities are carried out anonymously seemingly without any personal or financial motivation.

The group describes itself as an “internet gathering”, a term used to describe a leaderless group of people who come together online, in most cases to stage some form of protest.

One member told a US newspaper: “Anyone who wants to can be Anonymous and work toward a set of goals...We have this agenda that we all agree on and we all co-ordinate and act, but all act independently toward it, without any want for recognition. We just want to get something that we feel is important done.”

The groups vary in size and make-up depending on the cause they are publicising. Members identify themselves in web videos by wearing the Guy Fawkes masks popularised by the comic book and film V for Vendetta.

The group’s protests have primarily taken the form of highly publicised and controversial efforts to disrupt websites and related services.

The latest charges seem to have stemmed from the apparent turning of LulzSec figurehead Hector Xavier Monsegur, aka Sabu, who appears to have been co-operating with US law enforcement.

Director of security research and communication with global security firm Trend Micro Rik Ferguson said the uncovering of a figurehead and the lack of anonymity associated with LulzSec was a key weakness, in comparison to Anonymous.

“Anyone can and does act in the name of Anonymous and their activities do not require individual hacker publicity or disclosure of personally identifiable details. The very fact that Sabu became the “celebrity” he was, illustrates the real difference between LulzSec and Anonymous. LulzSec may be finished, but it would be premature to say the same about Anonymous,” he said.

So what exactly is LulzSec? The group takes its name from LOLS (online slang for ‘laugh out loud’) and Sec, short for security, and first came to prominence after it co-ordinated a series of high profile attacks last year.

The group has used the motto “Laughing at your security since 2011” and their attacks have been described more as internet pranks than malicious cybercrime, with the primary aim being to embarrass major corporations and expose their security flaws.

However, US authorities have taken a somewhat different view in light of some attacks in the past year, and following a long investigation, made this week’s announcement of charges against six hackers associated with Anonymous and its splinter groups LulzSec, Internet Fed and AntiSec.

The charges are a sign of just how serious cybercrime is being taken across the world. The threat of cyber attacks is increasingly on the agenda of government. Australia has said it is to develop a cyber defence strategy, while the US has been even stronger saying it will treat hostile acts in cyberspace just like any other threat to the country.

For the two Irish teenagers at the centre of the hacking charges, such statements won’t make easy reading.

Attack timeline

Hector Xavier Monsegur, the hacker known as Sabu.

* The arrests of six suspected leaders of the loose-knit international hacking group Anonymous comes after a long string of cyber vandalism against major companies and government agencies around the world.

* Dec 2010: Anonymous’ early attacks took aim at the websites of Mastercard, Visa and eBay’s PayPal in retaliation for the companies’ refusal to accept donations for Wikileaks, whose founder was in legal hot water for publishing confidential diplomatic cables.

* Early 2011: Anonymous, along with its affiliates such as Lulz Security or LulzSec, hacked the websites of the governments of Tunisia, Algeria and Zimbabwe. Tunisia was then part of the Arab Spring while Algeria has been largely untouched by the unrest. Zimbabwe has been governed by Robert Mugabe since independence in 1980.

* Feb 2011: Anonymous hackers broke into the network of HBGary after an executive said he had learned the identities of the group’s leaders.

* May 2011: LulzSec, angered by a PBS documentary about WikiLeaks, posted a fake news story on the PBS website claiming that dead rapper Tupac Shakur is alive and well. It also claimed credit for breaking into Fox.com and publishing data about contestants of Fox show X Factor. Fox is a unit of News Corp.

* Jun 2011: LulzSec hackers broke into Sony Corp’s systems to show that the company had shoddy security. They also hacked into Nintendo but this does not appear to have had serious consequences.

They also breached one of the US Senate’s computer network but did not appear to get access to sensitive data. It also took down the public website of the US Central Intelligence Agency with what appeared to be a denial of service attack, where hackers inundate a website to crash it.

LulzSec knocked offline a website run by the British police Serious Organised Crime Agency, which targets organised crime. Lulz also struck an Arizona police website to show opposition to a tough anti-immigration law.

* Jun 21: British police arrest a 19-year-old man, Jake Davis, in eastern England. Suspects were also picked up in the US, Spain, Turkey and the Netherlands. Davis was known on Twitter as topiary, and described himself as a “simple prankster turned swank garden hedge.”

* Jun 22: Hackers briefly disabled three websites belonging to Brazil’s government. The sites for Brazil’s federal government, presidency, and tax collection agency were inaccessible to the public for two and a half hours overnight but their operation was quickly restored.

* Jun 25: LulzSec announced that it is disbanding, but the original group, Anonymous, will press on.

Hector Xavier Monsegur, the hacker known as Sabu, was arrested at his small Manhattan apartment. He secretly pleaded guilty to 12 charges in August, and began cooperating with authorities.

* Jul 4: Anonymous said it broke into an Apple Inc server and published a small number of usernames and passwords for one of the company’s websites.

* Jul 11: Anonymous hackers said on Twitter that they broke into the computer systems of major government contractor Booz Allen Hamilton. The hackers said that they wiped out 4 gigabytes of source code and stole 90,000 email addresses.

* Dec 2011: AntiSec hackers, who are also tied to Anonymous, broke into Stratfor Global Intelligence Service, stealing data such as client list details on 90,000 credit card accounts.

* Jan 2012: Hackers broke into the personal email of a garda, and use information learned there to listen into a law enforcement conference call, then post it online.

* Mar 2012: Police announce charges against six hackers associated with the Anonymous groups, including Monsegur.

— Diane Bartz


Lifestyle

IF you are the parent of a child who is about to venture forth into the hallowed halls of Primary education, or ‘Big School’ as every Irish mammy refers to it since the dawn of time; well, chances are you’ve probably been very active in your Google searches looking for tips and advice on how to ease your child, and yourself, into this next chapter.Out of curiosity, I searched online for ‘Back to school advice’

More From The Irish Examiner