Members of Anonymous have released an intercept of a conference call between investigators at the FBI and Scotland Yard during which operations against hacktivist group were discussed.
During the 17-minute call – which was released as an MP3 file and distributed on YouTube and elsewhere – investigators can be heard discussing various Anonymous and LulzSec-related cases. Information discussed in the call reportedly included details of evidence against suspects (sometimes referred to by their hacker handles), plans for legal action and court dates. The hacktivist group also published what it said was an FBI email detailing the addresses of invited call participants: 40 law enforcement officials in the UK, US, France, Ireland, The Netherlands and Sweden.
It is unconfirmed how the 17 January call was intercepted but the "leaked email" includes the time, dial-in number and access code, so it could be that members of the group simply dialled into the number and recorded the call directly.
The FBI confirmed the leak, saying the information "was intended for law enforcement officers only and was illegally obtained," AP reports. The agency has reportedly launched an investigation into the leak, the BBC adds.
Meanwhile, a Met spokesman said:
We are aware of the video which relates to an FBI conference call involving a PCeU [Police Central e-Crime Unit] representative.
The matter is being investigated by the FBI.
At this stage no operational risks to the MPS have been identified; however we continue to carry out a full assessment. We are not prepared to discuss (this) further.
The interception of the conference call is a serious operation security breach, especially because it affects an ongoing high-profile investigation, and is a major coup for the rag-tag hactivist collective.
A Twitter account linked to Anonymous – AnonymousIRC – boasted:
The #FBI might be curious how we're able to continuously read their internal comms for some time now. #OpInfiltration.
Hints that hackers may have had an inside track on police investigations into their activities came late last month when "Anonymous Sabu" (leader of the LulzSec group) correctly predicted the postponement of trial against Jake Davis, an alleged member of LulzSec, F-Secure notes.
The cases against Jake Davis (allegedly "Topiary", the public face of the Anonymous and LulzSec hacktivist groups) and Ryan Cleary (who is alleged to have run a DDoS attack on the Serious Organised Crime Agency's website) are discussed during the conference call.
Additional security commentary on the incident can be found in a blog post by Sophos here. ®