Evidence collected by the FBI about Anonymous, which attacked websites of four companies to punish them for blocking contributions to WikiLeaks, will be considered this week by a U.S. grand jury, according to court papers and an informal spokesman for the group of activist hackers.
The federal grand jury in San Jose, California, will begin reviewing evidence tomorrow that includes computers and mobile phones seized from suspected leaders as prosecutors probe the coordinated so-called denial-of-service attacks in December, according to a federal subpoena and the spokesman, Barrett Brown. Anonymous directed activists to target payment processors MasterCard Inc., Visa Inc., EBay Inc.’s PayPal, and U.K.-based Moneybookers.com in public chat rooms.
Among the evidence seized by the FBI during multistate raids on Jan. 27 was data taken from an individual who controls one of Anonymous’s primary servers, identified by the organization only by his cyber-handle ‘Owen,’ Brown said.
“The FBI is breaking down people’s doors with guns drawn,” said Mara Verheyden-Hilliard, a member of the board of the National Lawyers Guild, which has talked with Anonymous organizers about their legal defense. “A group of people are engaged in a modern day electronic sit-in, and the FBI wants to treat that like it’s terrorist activity.”
Anonymous responded on Feb. 6 by hacking a California-based security firm that it said was aiding the probe, hijacking 60,000 company e-mails and making them public on one of the organization’s servers. The e-mails included a proposal by the company to develop a malware tracking program for the U.S. government’s Defense Advanced Research Projects Agency (DARPA), among other confidential documents.
Jenny Shearer, a Federal Bureau of Investigation spokeswoman, said the agency couldn’t comment on the probe or its targets. She said “it’s not unusual” to have drawn guns during the execution of a search warrant until “the situation is secure.”
The subpoena shows federal investigators are trying to piece together the workings of an elusive group composed of hundreds of hackers and activists stretched across several countries. Brown said about a dozen members are able to influence the direction of Anonymous.
Agents served a grand jury subpoena on a California man who goes by the screen name ‘Trivette,’ ordering him to appear before the panel tomorrow. It demands all information he has on how the December attacks were organized, including instructions to activists on how to download software that can overwhelm websites by inundating them with thousands of service requests a second.
The subpoena requested information on the group’s hierarchy and structure, including “names, handles, e-mail accounts, or IP addresses,” according to a copy provided to Bloomberg News by the organization.
The FBI also raided the home of a 19-year-old Nevada woman, Brown said. Agents seized two computers, including one owned by her father, her iPhone, two flash drives and a router, Brown said.
Among other recent high-profile attacks, Anonymous has claimed in public statements responsibility for crashing government websites in Egypt and Tunisia to support political protests.
Brown said the group, whose activities have sparked an international investigation and five arrests in Britain, is dedicated to “the defense of liberty.” Its goal is “a perpetual revolution across the world that goes on until governments are basically overwhelmed and results in a freer system,” he said.
History of Retaliation
Several cyber-security experts declined to speak about the group or its activities on the record because of its history of retaliating against critics, such as the Feb. 6 attack on a cyber security firm HBGary Federal, which Anonymous accused of aiding the government’s investigation.
Shearer, the FBI spokeswoman, declined to comment on any cooperation between the agency and the security firm.
Aaron Barr, the head of security services for the Sacramento-based company, was quoted in the Financial Times on Feb. 4 saying that he had information on the identity of Anonymous leaders that he planned to release at a cyber conference this month.
The following day, the group hacked into the company’s network and took more than 60,000 internal e-mails and began releasing them last night, Brown said. It also hijacked the Twitter accounts of HBGary’s employees, using them to post personal information such as social security numbers and addresses, he said.
In one e-mail provided by Anonymous, HBGary Chief Executive Officer Greg Hoglund discussed a possible “60 Minutes” interview on Anonymous, as well as how the security firm could use it to their advantage.
“Position Aaron as a hero to the public,” Hoglund wrote to Barr and Karen Burke, the firm’s spokeswoman. “I think these guys are going to get arrested, it would be interesting to leave the soft impression that Aaron is the one that got them, and that without Aaron the Feds would have never been able to get out of their own way.”
Burke declined to comment on that communication or the other e-mails or whether the firm negotiated with Anonymous to retrieve the internal communications before they became public, as the group claimed.
“The investigation into our breach is still ongoing so it would be premature to comment further at this time,” HBGary Federal President Penny Leavy said in a statement.
The exposure has the potential to be extremely damaging to the security company and its reputation, said Susan Freiwald, an expert on cyber security and law at the University of San Francisco.
“It’s a security firm,” Freiwald said. “It’s especially sensitive for them to be portrayed as insecure.”
The search warrants issued by the FBI in some cases referred to possible violations of the Computer Fraud and Abuse Act, the main federal anti-hacking statute, Brown said.
The law can be used to prosecute denial-of-service attacks, according to a Justice Department manual relating to computer crime and intellectual property posted on the agency website. Prosecutors must prove an attack caused at least $5,000 in damage to a company or its operations, a threshold the December attacks probably meets, Freiwald said.
No One Arrested
No one has been arrested yet in the U.S. in connection with the probe, Brown said. The Lawyers Guild’s Verheyden-Hilliard said the attacks against PayPal or MasterCard should be viewed as a form of modern-day civil disobedience, the equivalent of blocking a company’s virtual storefront.
Those attacks may have slowed or disabled the companies’ websites temporarily without affecting their payment processing functions, the companies said.
“Civil disobedience is historically more effective when the state intervenes in a heavy-handed way,” said Ryan Calo, an expert in cyber crime at Stanford University in Stanford, California. “It is not just the act but also all the follow-up -- the subpoenas, arrests, a trial. That’s all part of the act of civil disobedience.”
To contact the editor responsible for this story: David E. Rovella at firstname.lastname@example.org.