It’s impossible to predict where loosely organized, pseudo-movement hacktivism goes from here, following the arrests of five people associated with LulzSec and Anonymous and a sixth person charged in the hack of intelligence services company Stratfor. These actions follow the arrests of 25 people associated with Anonymous in an Interpol sweep last week. Last July, 16 Anonymous members were arrested across the U.S.
The latest arrests are apparently largely the result of Hector Xavier Monsegur, aka Sabu, a prominent member of LulzSec who turned informant following his arrest last year. Turning an insider in return for leniency or reward is a time-honored law enforcement and intelligence technique. In this case, it is perhaps even more effective because the informant doesn’t have to sell himself in person — just as a disembodied hacker pseudonym. So, none of this “You seem a little nervous, Hector, everything OK?” or “Who was that you were talking into the café last night?” kind of thing. Monsegur, giant among LulzSec hackers, reportedly operated from his grandmother’s apartment in a New York public housing project Shades of Kevin Smith’s “Warlock” character in Live Free or Die Hard (Die Hard 4.)
If Anonymous is as loosely knit and headless as it purports, the arrests would have little direct effect on participants’ activities. Law enforcement understandably looks for “leaders” to arrest and prosecute — cut off the head, etc. That’s a lot easier to define and execute if you’re talking about a drug cartel or a cyber crime gang. The more likely impact, if any, of the arrests on Anonymous and affiliated “movements” would be more ambiguous.
The use of a trusted member turned informant may discourage cooperative efforts, especially in a digital environment in which the players may well never see or even know each other. The arrests may also have a chilling effect on other participants: if not the most active players, perhaps at least those who hop on board for DDoS attacks.
The immediate response by Anonymous may be an indication. The group lashed out, somewhat weakly, at Panda Labs, a security company that cooperated with law enforcement on the investigation that resulted in the 25 arrests last month, defacing externally hosted websites used for marketing and to host several blogs. Compare this reaction to the very rapid response following the Megaupload arrests and takedown, in which Anonymous launched a wave of effective DDoS attacks against a number of prominent entertainment industry and company sites, as well the FBI and U.S. Department of Justice. The attack is prompting Panda to extend its security controls, although history shows us that there is no guarantee of security, and determined, skilled attackers are almost certain to have some success against a chosen target. The attack on Panda has more of the feel of an angry child throwing food than avenging angels.
Another very interesting aspect of the arrests are the criminal charges leveled against Monsegur (the indictments against the others are due out later today) that have nothing to do with Anonymous or LulzSec or anything hacktivist, but everything to do with stealing. Check out Chester Wisniewski’s post on Sophos’ Naked Security blog. The charges include bank fraud, credit card fraud and stealing engines via fraud from an auto parts company. Cyber criminal with a hobby or activist committing crimes for the cause? I’d bet on the former.