Hacker arrests: Why Anonymous might not be so anonymous - CSMonitor.com

Hacker arrests: Why Anonymous might not be so anonymous - CSMonitor.com

Hacker arrests: Why Anonymous might not be so anonymous
This week's arrests of 21 members of Anonymous in the US and Europe show that, given time and resources, cybersleuths can track down hackers. But doubts remain over whether authorites caught any big fish.



Authorities remove packages from a house in Merrick, N.Y., that was searched by FBI investigators, July 19. The FBI agents raided three locations on Long Island and one in Brooklyn Tuesday morning during a probe into Anonymous, an amorphous, loosely organized group of hackers sympathetic to WikiLeaks.

Jim Staubitser/Newsday/AP

Enlarge

14 and 10

By Mark Clayton, Staff writer / July 21, 2011

The arrests of 21 individuals Tuesday connected with the Anonymous group and other computer hackers suggest that the suite of digital tools that hackers use to obscure their identities is not foolproof and can be cracked with significant sleuthing.

Skip to next paragraph
Related stories
LulzSec sting: UK nabs alleged hacker
LulzSec says it's stopped hacking, but criminal case against it gains steam
Hackers: Apple attack exposes usernames, passwords
Topics
Hacking Computer Technology Internet Technology Computer Security Web Security Science and Technology
Questions remain about whether the 14 are relatively novice hackers that were easy to track. But often the greater question in solving an Internet attack is not whether a breakthrough can be made, but rather whether it is worth the time and resources needed.

Often, perpetrators are caught bragging on online forums. Other are caught making elementary mistakes. But finding and nabbing the top hackers takes time and money.

Hackers rally to support WikiLeaks: Top 5 recent attacks

"If [hackers] use the right privacy measures to mask their Internet service provider, it would take international cooperation and a lot of hard work to get at them," says Ashera, the pseudonym for a cyber security investigator at Backtrace Security, who spoke on condition of anonymity. "These guys say, 'Ok, I've got my IRC, my chain proxies, I'm logged into a shell, and I'm logged onto another computer, too….’ But they're not as anonymous as they think they are."

The 21 people arrested Tuesday come from 10 states, the District of Columbia, Britain, and the Netherlands. Of those, at least 16 were linked by authorities to cyberattacks against PayPal last year, in which hackers claiming to be part of Anonymous clogged access to the PayPal website for customers.

Anonymous and an affiliated hacker group called LulzSec have been taunting law enforcement authorities for months, breaking into corporate websites like Monsanto, the Arizona Department of Public Safety, Sony, and PBS – and then bragging about it.

That bravado can sometimes be the undoing of hackers. A student at the University of Central Florida, for example, tweeted victory message from a Twitter account dubbed "voodooKobra" after he broke into a server belonging to Infragard, a site for companies and federal authorities involved in homeland security, and stole three files.

Authorities used the information in the tweet and other digital snippets to track down the culprit.

In cracking such a hacking case, much depends on how much time and effort law enforcement authorities are willing to devote to tracking down a perpetrator.

1 | 2
Next