UPDATE (March 6): The leader of the Anonymous gang known as LulzSec known as “Sabu” has been captured by the FBI and has been working with them for over nine months to gather names and identities of his former compatriots. This may be what has led to the arrests of recent days; it is safe to assume that anyone with connections to LulzSec directly is now in custody or shortly will be. “Sabu”, aka unemployed 28-year-old New Yorker Hector Xavier Monsegur, was the indisputed kingpin of Anonymous world-wide.
Those arrested on Tuesday include Ryan Ackroyd, aka “Kayla;, Darren Martyn, aka “pwnsauce,” and Donncha O’Cearrbhail, aka “palladium,” from Ireland; and Jeremy Hammond, aka “Anarchaos,” from Chicago. Jake Davis, aka “Topiary,” from London had been arrested last July.
Hammond, a member of Anonymous — a group loosely affiliated with LulzSec — is believed to be the main actor behind the hack of U.S. security company Stratfor in December, which resulted in the seizure of more than 5 million company e-mails, customer credit card numbers and other confidential information. The government said in a court filing that Hammond “used some of the stolen credit card data to make at least $700,000 worth of unauthorized charges.” (.pdf)
In the ongoing train wreck that is the loose international affiliation of black hat hackers known as Anonymous, another 25 suspected members were arrested in an Interpol sweep including countries in Europe and South America. The Interpol web site was knocked offline for a short period afterwards, in protest.
Arrests were made in Argentina, Chile, Colombia and Spain, and were carried out by national law-enforcement officers working under the support of Interpol’s Latin American Working Group of Experts on Information Technology Crime. They were apprehended while planning planning coordinated cyber-attacks against institutions including Colombia’s defense ministry and presidential Web sites, Chile’s Endesa electricity company and national library, and other targets. Suspected Anonymous hackers ranged in age from 17 to 40.
Among the 25 people arrested were four suspected Anonymous hackers seized in connection with attacks on Spanish political party Web sites, the Spanish police announced. A national police statement said two servers used by the group in Bulgaria and the Czech Republic have been blocked. It said the four arrested included the suspected manager of Anonymous’s computer operations in Spain and Latin America, who was identified only by his initials and the aliases “Thunder” and “Pacotron.” The arrests were made primarily through infiltration of the group by law enforcement officials. The nature of Anonymous is such that infiltration like this is relatively easy and difficult to detect.
The four are suspected of defacing websites, carrying out denial-of-service attacks and publishing data online about police assigned to the royal palace and the premier’s office.
Anonymous has no real membership structure. Hackers, activists, and supporters can claim allegiance to its freewheeling principles so it is not clear what impact the arrests will have. Attacks by Anonymous are, often as not, centered on law enforcement or government agencies bringing its members to justice. The claim of so-called “hacktivism”, or social activism through the commission of internet crime, is diluted by theft of databases full of credit card numbers and other private information as well as that related to law enforcement itself. Authorities in Europe, North America and elsewhere have made dozens of arrests, and in retaliation, Anonymous has increasingly attacked law enforcement, military and intelligence-linked targets. They have gone so far as to openly declare war on the United States government, in response to discussion of identifying Anonymous as an international terrorist organization. If the United States government takes this threat seriously, many of the legal and constitutional protections Anonymous now enjoys would be stripped away, and the rate at which its members are being apprehended will sharply increase once the rule of due process is stripped away. The Vatican has also been a target, and in Brazil, Anonymous hacktivists attacked nine banks last month.
Anonymous members (and those who identify themselves as working for or with Anonymous) have a right to be concerned. If Anonymous is declared a terrorist organization, due process of law in many countries is waived, and members can be detained indefinitely without trial or appeal in many cases. Despite the increasingly shrill tone of announcements purportedly by Anonymous, fewer and fewer people are publicly supporting the group for fear of being caught up in law enforcement actions against the group.
Throwing one’s support behind Anonymous is dangerous on other levels as well – recently the Slowloris distributed denial of service attack tool they created in the attempt to silence their critics was itself hacked and redistributed. Users saw their machines slaved to the Slowliris attack system involuntarily, as well as mined for email and other account passwords, bank and credit card account numbers.
The group turned the tables on the authorities last month by listening in on a conference call between the F.B.I., Scotland Yard and other foreign police agencies about their joint investigation into Anonymous and its allies.
One Twitter account purportedly associated with Anonymous’s Brazilian wing said the latest sweep would fail. “Interpol, you can’t take Anonymous,” the message read. “It’s an idea.”
Arrests of suspected Anonymous around the world are increasing, rather than decreasing, in frequency, with netizens taking increasingly large risks merely by associating with them. They may not be able to take “Anonymous”, but they can sure take its members. And they’re doing it.