First came the tease — well-known Anonymous hacker @AnonymousSabu started threatened a California Department of Justice (DOJ) cybercop with a tweet promising imminent attack. The attack occurred shortly after.
Anonymous — a loosely-knit band of hackers infamous for attacking high-profile sites and media outlets — let loose on the DOJ investigator. The group posted 38,000 Gmail emails from his account and a myriad of other personal info.
Ed: For journalistic ethic reasons, aANewDomain.net is choosing not to publish the officer’s name, link to the site pointing to the data, or directly link to any personal or public information Anonymous posted.
Anonymous also, via the emails, included private list posts from the International Association of Computer Investigative Specialists (IACIS). Those posts appear to contain details on methods federal and state police use to reveal suspects’ email. It is, according to the hacker post excerpt below, the so-called white hat hacking that brought this particular attack on. Hackers turned cops are anathema to the group’s self described ethos as hacking as a revolutionary tool for social change. In one tweet, @AnonymousSabu asked followers if they found the group’s attacks “inspiring.” At this writing, the IACIS site is still down.
The group posted this online to explain its attack on the DOJ law enforcement officer and its hatred of white hat hacking in general. The poster wrote:
As part of our ongoing effort to expose and humiliate our white hat enemies, we targeted a Special Agent Supervisor of the CA Department of Justice in charge of computer crime investigations. We are leaking over 38,000 private emails which contain detailed computer forensics techniques, investigation protocols as well as highly embarrassing personal information. We are confident these gifts will bring smiles to the faces of our black hat brothers and sisters (especially those who have been targeted by these scurvy dogs) while also making a mockery of “security professionals” who whore their “skills” to law enforcement to protect tyrannical corporativism and the status quo we aim to destroy.
We hijacked two gmail accounts belonging to NAME DELETED BY EDITOR, who has been a cop for 20 years, dumping his private email correspondence as well as several dozen voicemails and SMS text message logs. While just yesterday NAME DELETED BY EDITOR was having a private BBQ with his CATCHTEAM high computer crime task force friends, we were reviewing their detailed internal operation plans and procedure documents. We also couldn’t overlook the boatloads of embarrassing personal information about our cop friend NAME DELETED BY EDITOR. We lulzed as we listened to angry voicemails from his (significant other: ed) estranged wives and ex-girlfriends while also reading his conversation …
We turned on his Google web history and watched him look up linux command line basics, golfing tutorials, and terrible youtube music videos. We also abused his google voice account, making sure NAME DELETED BY EDITOR friends and family knew how hard he was owned. Possibly the most interesting content in his emails are the IACIS.com internal email list archives (2005-2011) which detail the methods and tactics cybercrime units use to gather electronic evidence, conduct investigations and make arrests.
The information in these emails will prove essential to those who want to protect themselves from the techniques and procedures cyber crime investigators use to build cases. If you have ever been busted for computer crimes, you should check to see if your case is being discussed here. There are discussions about using EnCase forensic software, attempts to crack TrueCrypt encrypted drives, sniffing wireless traffic in mobile surveillance vehicles, how to best prepare search warrants and subpoenas, and a whole lot of clueless people asking questions on how to use basic software like FTP.
In the end, we rickrolled the entire IACIS list, causing the administrators to panic and shut their list and websites down. These cybercrime investigators are supposed to be the cream of the crop, but we reveal the totality of their ignorance of all matters related to computer security. For months, we have owned several dozen white hat and law enforcement targets– getting in and out of whichever high profile government and corporate system we please and despite all the active FBI investigations and several billion dollars of funding, they have not been able to stop us or get anywhere near us. Even worse, they bust a few dozen people who are allegedly part of an “anonymous computer hacking conspiracy” but who have only used kindergarten-level DDOS tools– this isn’t even hacking, but a form of electronic civil disobedience. We often hear these “professionals” preach about “full-disclosure,” but we are sure these people are angrily sending out DMCA takedown notices and serving subpoenas as we speak.
They call us criminals, script kiddies, and terrorists, but their entire livelihood depends on us, trying desperately to study our techniques and failing miserably at preventing future attacks. See we’re cut from an entirely different kind of cloth. Corporate security professionals like Thomas Ryan and Aaron Barr think they’re doing something noble by “leaking” the public email discussion lists of Occupy Wall Street and profiling the “leaders” of Anonymous. Wannabe player haters drop shitty dox and leak partial chat logsabout other hackers, doing free work for law enforcement. Then you got people like Peiter “Mudge” Zatko who back in the day used to be old school l0pht/cDconly now to sell out to DARPA going around to hacker conventions encouraging others to work for the feds.
Let this be a warning to aspiring white hat “hacker” sellouts and police collaborators: stay out the game or get owned and exposed. You want to keep mass arresting and brutalizing the 99%? We’ll have to keep owning your boxes and torrenting your mail spools, plastering your personal information all over teh (sic) internets.