Anons' FBI Phone Snooping Casts Long Shadow on Cybersecurity
Members of Anonymous managed to tap into an FBI conference call recently, after which they put a recording of the call on the open Web. The news has raised concern in many corners of the security industry. "The odds are that cybersecurity at the FBI and Scotland Yard is on par with, or superior to, security at most corporations," Abrams said.
Feb 3, 2012 11:51 AM PT
The hacker community Anonymous on Friday landed another blow in its war with the United States Federal Bureau of Investigation (FBI).
The attacks are part of a concerted hacker effort against the FBI.
"The information was intended for law enforcement officers only and was illegally obtained," the FBI said in a statement sent to TechNewsWorld by spokesperson Jenny Shearer. "A criminal investigation is underway to identify and hold accountable those responsible."
The Anonymous Harvest
The recorded call was a conversation between the FBI and Scotland Yard regarding tracking Anonymous members and other digital activists. It also involved other details about the efforts against such groups.
The email regarding the call, titled "Anon-Lulz International Coordination call," was sent on Jan. 13 to more than 40 law enforcement officers in the U.S., the UK, Ireland, the Netherlands, Sweden and France.
The note stated that a planned conference call to discuss ongoing investigations related to Anonymous, LulzSec, AntiSec and other associated splinter groups would be postponed a day to Jan. 17 because the original date would fall on a holiday in the U.S.
It's not clear how many of the recipients attended the call.
What the Hacks Indicate
The hacks "demonstrate weaknesses that IT has to address, but these would not likely be the same resources that go into criminal investigations," security consultant Randy Abrams told TechNewsWorld.
The hacks could make it more difficult to trace and arrest criminals because they indicate that it's possible to eavesdrop upon law enforcement agencies. Also, "information gleaned from intercepting emails and phone calls can [lead to] the proactive destruction of evidence by criminals," Abrams pointed out.
However, the larger implications of the hacks go "far beyond" terrorism and law enforcement, Abrams warned.
"The odds are that cybersecurity at the FBI and Scotland Yard is on par with, or superior to, security at most corporations," Abrams said. "This means it's extremely difficult to trust the supply chain for defense contractors, and also that corporations are probably pretty porous to industrial cyberespionage."
What's Cybermuscle Got to Do With It?
U.S. intelligence agencies are aware that hackers constitute an ongoing threat. Emerging technologies are being developed and implemented faster than governments can keep pace, U.S. Director of National Intelligence James R. Clapper told the Senate Select Committee on Intelligence on Jan. 31.
Innovation in functionality is outpacing innovation in security because of market incentives, Clapper said.
The latest Anonymous hacks "simply reaffirm that digital communications today are pretty much an open door invitation to snooping, and we don't yet have manageable systems that can widely and effectively be used to keep information confidential," Abrams said.
The hacks indicate the complexity of the task of keeping digital systems secure, Abrams stated.
Bragging Rights for Anonymous?
Anonymous has repeatedly hacked the websites of the FBI and various government organizations, while the FBI has retaliated by arresting suspected participants.
Perhaps bearing that in mind, the FBI's Shearer pointed out that the latest Anonymous hacks did not breach FBI computer systems.
It's not clear what Anonymous will gain from the latest hacks, apart from embarrassing law enforcement yet again.
"Considering that anyone with any agenda can claim to be part of Anonymous, it's impossible to say what its purpose was with this hack," Abrams opined.
Possible Prevention Measures Against Hacks
Law enforcement agencies should invest in education and technology to help arm themselves against hacks, Abrams remarked.
"Phone calls and emails should probably have been going through encrypted channels if any information was exchanged that law enforcement didn't want to be made public," Abrams elaborated.
The security of communications systems should be ranked, and law enforcement should communicate information based on a combination of the sensitivity of the information being exchanged and the relative security of the system that's being used, he suggested.