The hacker collective Anonymous has not produced as many high-profile cyber attacks as it once did, a drop-off that can be directly attributed to the arrests of the group's core members, an FBI official told The Huffington Post this week.
Starting in late 2010, Anonymous captured worldwide attention through a series of attacks against U.S. companies and government agencies, stealing data and defacing or crashing websites.
But the arrests last year of five members of Lulz Security, an influential splinter group of hackers, had a "huge deterrent effect" on Anonymous by creating an "added layer of distrust" within the hacking group, according to Austin P. Berglas, assistant special agent in charge of the FBI's cyber division in New York.
“All of these guys [arrested] were major players in the Anonymous movement, and a lot of people looked to them just because of what they did,” Berglas said in an interview with HuffPost.
The 2012 arrests relied on the help of a key informant, Hector Monsegur, aka "Sabu," who was caught and then cooperated with the FBI. The fear that one of their own could turn them in has sowed distrust within the hacking collective, according to Berglas.
"The movement is still there, and they're still yacking on Twitter and posting things, but you don't hear about these guys coming forward with those large breaches," he said. "It's just not happening, and that's because of the dismantlement of the largest players."
Gabriella Coleman, a professor at McGill University who studies Anonymous, said there was "no doubt" the arrests dealt a major blow to "a central node of activity" within the group. But Anonymous is still very much alive, she said.
"They could easily emerge again as a force to contend with," she told HuffPost in an email.
The arrests of members of Anonymous last year were among several highlights to come out of the FBI's cyber division in New York. (The five core members of Lulz Security have pleaded guilty.) In another case, the FBI in New York led an investigation that resulted in the arrests earlier this year of three alleged operators of the Gozi virus, which infected at least 1 million computers and stole millions of dollars from banks around the world.
A former Army captain, 41-year-old Berglas leads the FBI's cyber division in New York, one of the busiest of the FBI's 56 field offices. His office overlooks the skyline of lower Manhattan, the center of the financial world and a frequent target of hackers. Last month, a Russian man was charged with breaking into the servers of the Nasdaq stock exchange and deleting, changing and stealing data.
The cyber division in New York is divided into five teams of investigators. One unit is tasked with getting digital evidence off cell phones, cameras, computers and tablets to support investigations into a wide range cases, from organized crime to computer hacking to child pornography. Berglas said the investigators for the Computer Analysis Response Team have become increasingly adept at breaking encryption methods used by suspects to conceal the contents of computer files.
The other four teams divide their attention to cybercrime based on the hackers' country of origin. Since most hackers attack U.S. computers from overseas, the FBI often works with law enforcement in other countries, Berglas said. Sometimes, investigators find evidence of hackers from several different countries inside the network of a single U.S. company.
"We call it the dirty pond environment," he said. "You think it might just be one actor responsible for the intrusion, and once you get in and start looking at the company there's remnants of a whole host of actors -- from week-old activity to multiple years they've been inside some companies and they just don’t know about it."
Cybercriminals have a variety of motives, but their methods are often the same. Most break into computer systems by tricking people to click on malicious links in emails that appear to come from trusted sources, a technique known as "spear phishing," Berglas said.
"It’s the number one most common intrusion vector we see in any type of attack,” Berglas said. "Major financial companies spend millions and millions of dollars on security, and all [hackers] have to do is get someone with credentials to click on a spear-phishing site and that’s how they get in.”
Cybercriminals have become adept at hiding their IP addresses -- the string of numbers assigned to individual computers -- to disguise their locations from law enforcement. But eventually, even the most skilled hackers get sloppy, Berglas said.
Hector Monsegur, aka "Sabu," the FBI informant whose cooperation led to the arrests of LulzSec last year, left his IP address exposed. The error allowed investigators to track his location to an apartment in Manhattan's Lower East Side and eventually led to his arrest.
It's that type of misstep that the FBI is looking for.
"It’s easy to sit behind a computer and think you're anonymous and do these illegal types of activity, whether it’s hacking into a company or trading child pornography or buying and selling stolen identities," he said. "But it’s just a matter of time before these criminals make mistakes and we capture them. All it takes is just one time."
Earlier on HuffPost:
Jeremy Hammond, known online as "Anarchaos," <a href="http://freejeremy.net/press-release/statement-from-jeremy-regarding-his-plea/" target="_blank">pleaded guilty on May 28 to violating the Computer Fraud and Abuse Act</a> for his part in breaking into the network of <a href="http://www.huffingtonpost.com/2013/05/28/jeremy-hammond-anonymous-hacker-guilty-stratfor_n_3347215.html" target="_blank">geopolitical analysis company Stratfor Global Intelligence Service</a>. Hammond said he participated in the hack on behalf of Anonymous and its subgroup LulzSec. "I did this because I believe people have a right to know what governments and corporations are doing behind closed doors," he said in <a href="http://freejeremy.net/press-release/statement-from-jeremy-regarding-his-plea/" target="_blank">a statement posted on his website</a>. "I did what I believe is right."
Hector Xavier Monsegur
Hector Monsegur, also known as "Sabu," may be the most hated member of Anonymous. In 2011, after being fingered by the FBI, <a href="http://online.wsj.com/article/SB10001424052970204603004577269844134620160.html" target="_blank">he betrayed fellow members of the Anonymous subgroup LulzSec</a> by helping the FBI gather evidence to arrest them. Monsegur is now facing up to 124 years in prison, though <a href="http://rt.com/usa/sabu-informant-anonymous-sentence-491/" target="_blank">his sentencing has been delayed</a> while he continues cooperating with federal agents.
Mercedes Renee Haefer
Mercedes Haefer, also known by "No," is part of 'Paypal 14,' a group of hackers arrested by the FBI in 2011 for <a href="http://www.unlvrebelyell.com/2011/07/25/unlv-student-arrested-by-fbi-for-hacking-in-support-of-wikileaks/" target="_blank">allegedly participating in a cyberattack against PayPal</a>. Haefer and the other members of Paypal 14 have remained in legal limbo for two years now. In May, they began negotiations for <a href="http://www.huffingtonpost.com/2013/05/18/paypal-14-hackers_n_3281768.html" target="_blank">a settlement that could keep them out of prison</a>.
Known in Anonymous circles as "Commander X," <a href="http://news.nationalpost.com/2012/05/12/insider-tells-why-anonymous-might-well-be-the-most-powerful-organization-on-earth/" target="_blank">Christopher Doyan participated in attacks</a> on Sony, PayPal, the Tunisian government and the county website of Santa Cruz, Calif. He was <a href="http://idealab.talkingpointsmemo.com/2011/10/homeless-hacker-christopher-doyon-aka-commander-x-joins-up-with-occupy-movement.php" target="_blank">arrested by federal authorities and threatened with 15 years in prison in September 2011</a> for the attack on the Santa Cruz website. But now he is on the run. Shortly after his arrest, Doyan jumped bail and fled to Canada through <a href="http://news.nationalpost.com/2012/05/12/insider-tells-why-anonymous-might-well-be-the-most-powerful-organization-on-earth/" target="_blank">what he calls</a> an "underground railroad."
Unlike most members of Anonymous, journalist Barrett Brown has never tried to remain...anonymous. This self-proclaimed "spokesman" for the hacktivist collective was <a href="http://thescoopblog.dallasnews.com/2012/09/anonymous-spokesperson-barrett-brown-raided-arrested-in-dallas.html/" target="_blank">arrested in September 2012</a> and indicted on <a href="http://crimeblog.dallasnews.com/2012/10/feds-indict-self-proclaimed-anonymous-spokesman-on-retaliation-conspiracy-charges.html/" target="_blank">charges of</a> "making an online threat, retaliating against a federal officer and conspiring to release the personal information of a U.S. government employee," The Dallas Morning News reported. Brown was later <a href="http://crimeblog.dallasnews.com/2012/12/new-federal-indictment-lists-12-more-charges-against-barrett-brown-once-the-self-proclaimed-spokesman-for-anonymous.html/" target="_blank">additionally indicted</a> on charges related to the Stratfor Global Intelligence Service hack.
In January 2011, Anonymous began "<a href="http://anonnews.org/?p=press&a=item&i=118" target="_blank">Operation: Tunisia</a>," a hacktivist effort to assist Tunisian revolutionaries. <a href="http://www.wired.com/threatlevel/2012/01/anonymous-dicators-existential-dread/" target="_blank">Slim Amamou, an outspoken Tunisian blogger known as "slim404,"</a> was arrested by Tunisian police working for the failing government. Amamou was held in jail for seven days, but when the Tunisian regime was overthrown, he was hailed as a hero and <a href="http://www.wired.com/threatlevel/2012/01/anonymous-dicators-existential-dread/" target="_blank">made secretary of state for sport and youth</a> in the Tunisian transitional government.
Dmitriy Guzner, known by the alias "Aendy," was fingered by the FBI in 2008 for <a href="http://www.wired.com/threatlevel/2009/05/teen-pleads-guilty-to-scientology-web-attacks/" target="_blank">attacking Church of Scientology computers</a>. He <a href="http://news.softpedia.com/news/Scientology-Attacker-Gets-Prison-Time-127761.shtml" target="_blank">was sentenced to a year in prison and two years of probation,</a> making him the first hacker to ever be arrested in connection with Anonymous.