One in four hackers in the U.S. is an FBI informant, the UK Guardian reported today. They must be doing a pretty bad job, because cybercrime seems to be spiking like crazy, and the Federal Bureau of Investigation itself has even been targeted. Today, the new hacking collective Lulz Security released what it said was the source code for the Sony Computer Entertainment Development Network (its fifth hack of Sony). Late on Friday the group, which gained fame by defacing PBS and exposing Sony user data last week, successfully broke into the Web site of InfraGard, a private group affiliated with the FBI. Then there was the massive Google hack from China last week that exposed government workers' e-mail addresses.
But the so-called LulzSec is one of the most vocal hacking organizations right now. After announcing #fuckFBIFriday on their Twitter feed, the hackers reportedly exposed about 180 sets of InfraGard log-ins, pointing out that "all of them are affiliated with the FBI in some way," and posted a Youtube video of a Russian hacker to the site, which is still down. In its own announcement that it had hacked InfraGard, LulzSec accused one FBI affiliate, Karim Hijazi, of trying to hire its members to launch botnet attacks against other "whitehat" hackers (hackers that work on the side of law enforcement).
we contacted Karim and told him what we did. After a few discussions, he offered to pay us to eliminate his competitors through illegal hacking means in return for our silence. Karim, a member of an FBI-related website, was willing to give us money and inside info in order to destroy his opponents in the whitehat world. We even discussed plans for him to give us insider botnet information.
Update: For his part, Hijazi has accused LulzSec of trying to extort him. In a post on his site Unveillance, Hijazi wrote, "I was personally contacted by several members of this group who made threats against me and my company to try to obtain money as well as to force me into revealing sensitive data about my botnet intelligence that would have put many other businesses, government agencies and individuals at risk of massive Distributed Denial of Service (DDoS) attacks."
But as the Guardian pointed out today, LulzSec is the kind of group that is ripe for infiltration by the FBI itself. "Owing to the harsh penalties involved and the relative inexperience with the law that many hackers have, they are rather susceptible to intimidation," says Eric Corley, the publisher of 2600: The Hacker Quarterly. The paper pointed out LulzSec's similarity to Anonymous. "We have already begun to see Anonymous members attack each other and out each other's IP addresses," Wired senior editor Kevin Poulson told the paper.
Among the usernames in that discussion are several connected to previous Anonymous hacks from earlier this year, including attacks on Westboro Baptist Church and the high-profile dump of emails from security firm HBGary.
“Topiary,” “Kayla,” and “Sabu” are among the pseudonyms included in that log; Topiary refers to sending money to Kayla “for bots” and to Sabu “for servers.” Topiary appeared as a spokesperson for Anonymous in a widely-watched video interview with a representative from the controversial Westboro Baptist Church in February, a clip in which Anonymous knocks the Church’s website offline in the midst of the appearance.
LulzSec has denied that any of the hackers exposed by that leak were members of its core operators, however. In a post on its Pastebin today, the group wrote:
Those logs are primarily from a channel called #pure-elite, which is /not/ the LulzSec core chatting channel. #pure-elite is where we gather potential backup/subcrew research and development battle fleet members, i.e. we were using that channel only to recruit talent for side-operations.
Note that people such as joepie91/Neuron/Storm/trollpoll/voodoo are not involved with LulzSec, they just hang out with us in that channel.
But the specter of FBI infiltration remains large with such groups, just as the threat of hacking attacks is ever-present with law enforcement. The Guardian closes with a quote from Barrett Brown, who has acted previously as a spokesman for Anonymous: "The FBI are always there. They are always watching, always in the chatrooms. You don't know who is an informant and who isn't, and to that extent you are vulnerable."